fast reduction for NIST curves

 Changes between 0.9.7 and 0.9.8  [xx XXX 2002]

  *) Implement fast modular reduction for pseudo-Mersenne primes

     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).

     EC_GROUP_new_curve_GFp() will now automatically use this

     if applicable.

     [Nils Larsch <nla@trustcenter.de>]

  *) Change the ENGINE framework to automatically load engines

     dynamically from specific directories unless they could be

     found to already be built in or loaded.  Move all the

#define RSA_NUM		4

#define DSA_NUM		3

#define EC_NUM       15

#define EC_NUM       16

#define MAX_ECDH_SIZE 256

static const char *names[ALGOR_NUM]={

#define	R_RSA_4096	3

#define R_EC_P160    0

#define R_EC_P224    1

#define R_EC_P256    2

#define R_EC_P384    3

#define R_EC_P521    4

#define R_EC_K163    5

#define R_EC_K233    6

#define R_EC_K283    7

#define R_EC_K409    8

#define R_EC_K571    9

#define R_EC_B163    10

#define R_EC_B233    11

#define R_EC_B283    12

#define R_EC_B409    13

#define R_EC_B571    14

#define R_EC_P192    1	

#define R_EC_P224    2

#define R_EC_P256    3

#define R_EC_P384    4

#define R_EC_P521    5

#define R_EC_K163    6

#define R_EC_K233    7

#define R_EC_K283    8

#define R_EC_K409    9

#define R_EC_K571    10

#define R_EC_B163    11

#define R_EC_B233    12

#define R_EC_B283    13

#define R_EC_B409    14

#define R_EC_B571    15

#ifndef OPENSSL_NO_RSA

	RSA *rsa_key[RSA_NUM];

	{	

	/* Prime Curves */

	NID_secp160r1,

	NID_X9_62_prime192v1,

	NID_secp224r1,

	NID_X9_62_prime256v1,

	NID_secp384r1,

	{

	/* Prime Curves */

	"secp160r1",

	"nistp192",

	"nistp224",

	"nistp256",

	"nistp384",

	};

	static int test_curves_bits[EC_NUM] =

        {

        160, 224, 256, 384, 521,

        160, 192, 224, 256, 384, 521,

        163, 233, 283, 409, 571,

        163, 233, 283, 409, 571

        };

LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \

	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \

	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \

	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c

	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c

LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \

	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \

	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \

	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o

	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o

SRC= $(LIBSRC)

bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h

bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c

bn_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h

bn_nist.o: ../../include/openssl/opensslconf.h bn_lcl.h bn_nist.c

bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h

bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

void	BN_init(BIGNUM *);

void	BN_clear_free(BIGNUM *a);

BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);

/* BN_ncopy(): like BN_copy() but copies at most the first n BN_ULONGs */

BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n);

void	BN_swap(BIGNUM *a, BIGNUM *b);

BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);

int	BN_bn2bin(const BIGNUM *a, unsigned char *to);

int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);

int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);

/* faster mod functions for the 'NIST primes' 

 * 0 <= a < p^2 */

int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

const BIGNUM *BN_get0_nist_prime_192(void);

const BIGNUM *BN_get0_nist_prime_224(void);

const BIGNUM *BN_get0_nist_prime_256(void);

const BIGNUM *BN_get0_nist_prime_384(void);

const BIGNUM *BN_get0_nist_prime_521(void);

/* library internal functions */

#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\

		} \

	}

#define bn_clear_top2max(a) \

	{ \

	int      index = (a)->dmax - (a)->top; \

	BN_ULONG *ftl = &(a)->d[(a)->top-1]; \

	for (; index != 0; index--) \

		*(++ftl) = 0x0; \

	}

BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);

BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);

void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);

	return(a);

	}

BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n)

	{

	int i, min;

	BN_ULONG *A;

	const BN_ULONG *B;

	bn_check_top(b);

	if (a == b)

		return a;

	min = (b->top < (int)n)? b->top: (int)n;

	if (!min)

		{

		BN_zero(a);

		return a;

		}

	if (bn_wexpand(a, min) == NULL)

		return NULL;

	A=a->d;

	B=b->d;

	for (i=min>>2; i>0; i--, A+=4, B+=4)

		{

		BN_ULONG a0,a1,a2,a3;

		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];

		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;

		}

	switch (min&3)

		{

		case 3: A[2]=B[2];

		case 2: A[1]=B[1];

		case 1: A[0]=B[0];

		case 0: ;

		}

	a->top = min;

	a->neg = b->neg;

	bn_fix_top(a);

	return(a);

	}

void BN_swap(BIGNUM *a, BIGNUM *b)

	{

	int flags_old_a, flags_old_b;