The original OpenSSL, 2004. Being certified by IBM Domus lab Ottawa. US navy paid for the certification and the US army for the coding (or vice versa). It needed FIPS-140 certification which technically didn’t cover the random number generator. They passed all the tests, but when asked about the random number generator algorithm since the comments didn’t match the code, “everything went to shit”
Asked for the details - here they are:
The original OpenSSL, 2004. Being certified by IBM Domus lab Ottawa. US navy paid for the certification and the US army for the coding (or vice versa). It needed FIPS-140 certification which technically didn’t cover the random number generator. They passed all the tests, but when asked about the random number generator algorithm since the comments didn’t match the code, “everything went to shit”