crypto/bn/bn_nist.c: bring original failing code back for reference.

RT: 3541
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

crypto/bn/bn_nist.c

@@ -1108,9 +1108,20 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/* ... and right shift */
 	for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
 		{
+#if 0
+		/*
+		 * MSC ARM compiler [version 2013, presumably even earlier,
+		 * much earlier] miscompiles this code, but not one in
+		 * #else section. See RT#3541.
+		 */
+		tmp = val>>BN_NIST_521_RSHIFT;
+		val = t_d[i+1];
+		t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
 		t_d[i] = ( val>>BN_NIST_521_RSHIFT |
 			  (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
 		val=tmp;
+#endif
 		}
 	t_d[i] = val>>BN_NIST_521_RSHIFT;
 	/* lower 521 bits */