prepare for RC3

crypto/ec/ec_key.c

@@ -511,10 +511,12 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y)
 								tx, ty, ctx))
 			goto err;
 		}
-	/* Check if retrieved coordinates match originals: if not values
-	 * are out of range.
+	/* Check if retrieved coordinates match originals and are less than
+	 * field order: if not values are out of range.
 	 */
-	if (BN_cmp(x, tx) || BN_cmp(y, ty))
+	if (BN_cmp(x, tx) || BN_cmp(y, ty)
+		|| (BN_cmp(x, &key->group->field) >= 0)
+		|| (BN_cmp(y, &key->group->field) >= 0))
 		{
 		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
 			EC_R_COORDINATES_OUT_OF_RANGE);

fips/fips_locl.h

@@ -68,7 +68,7 @@ int fips_post_corrupt(int id, int subid, void *ex);
 int fips_post_status(void);
 
 #define FIPS_MODULE_VERSION_NUMBER	0x20000003L
-#define FIPS_MODULE_VERSION_TEXT	"FIPS 2.0-rc3-dev unvalidated test module xx XXX xxxx"
+#define FIPS_MODULE_VERSION_TEXT	"FIPS 2.0-rc3 unvalidated test module xx XXX xxxx"
 
 #ifdef  __cplusplus
 }

fips/fipsalgtest.pl

@@ -513,29 +513,29 @@ my $mkcmd = "mkdir";
 my $cmpall = 0;
 
 my %fips_enabled = (
-    dsa         => 1,
-    dsa2        => 2,
+    "dsa"        => 1,
+    "dsa2"       => 2,
     "dsa-pqgver"  => 2,
-    ecdsa       => 2,
-    rsa         => 1,
+    "ecdsa"      => 2,
+    "rsa"        => 1,
     "rsa-pss0"  => 2,
     "rsa-pss62" => 1,
-    sha         => 1,
-    hmac        => 1,
-    cmac        => 2,
+    "sha"        => 1,
+    "hmac"       => 1,
+    "cmac"       => 2,
     "rand-aes"  => 1,
     "rand-des2" => 0,
-    aes         => 1,
+    "aes"        => 1,
     "aes-cfb1"  => 2,
-    des3        => 1,
+    "des3"       => 1,
     "des3-cfb1" => 2,
-    drbg	=> 2,
+    "drbg"	=> 2,
     "aes-ccm"	=> 2,
     "aes-xts"	=> 2,
     "aes-gcm"	=> 2,
-    dh		=> 0,
-    ecdh	=> 2,
-    v2		=> 1,
+    "dh"	=> 0,
+    "ecdh"	=> 2,
+    "v2"	=> 1,
 );
 
 foreach (@ARGV) {