Anything's possible (well almost...) If the source for /dev/urandom is
compliant I think you'd just need to configure:
securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN
this will mean that any DRBG created by the FIPS module will use
/dev/urandom for seeding.
Regards,
David
On 23/2/21 8:52 am, Sudha Duraiswamy wrote:
> Hi David,
>
> Is it possible to not use PRNG from Bouncy Castle and directly read
> from /dev/urandom in FIPS mode? Please assume that the system has a
> good entropy source and has a CMVP certification.
>
> In other words, is it possible to use the PRNG/DRNG of the kernel in
> Bouncy Castle?
>
> Please let me know!
>
> Thanks,
> Sudha