[f2f]

anything that is FIPS compliant will use one of the mandated DRBGs, there are two others besides CTR_DRBG.

BoringSSL implements CTR_DRBG with AES for example: https://boringssl.googlesource.com/boringssl/+/fed35d32245ee...

[baby]

What I don’t understand about this is, if you’re FIPS compliant you can’t just use the PRNG of /dev/urandom? You must use a FIPS as well?

[f2f]

yes. fips compliance says "use what we tell you to use. want government contracts? be fips compliant."

it's a source of a lot of online discussion as the compliant algorithms aren't the best available. here's to bureaucracy!