Hello, We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in conjunction with the FIPS validation process. One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't find anything on the OpenSSL wiki so I thought I'd ask here. Also, another questions is whether the AES CTR counter source is internal or external? Any information would be appreciated. Thanks, Phil MRV Communications is a global supplier of packet and optical solutions that power the world's largest networks. Our products combine innovative hardware with intelligent software to make networks smarter, faster and more efficient. The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150526/edfc9cd5/attachment-0001.html>