From 1413ad98788fadeb684ada521f818c3a3b2f6fa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sat, 31 Mar 2012 21:55:04 +0200
Subject: [PATCH] New macro ROTL64, analogous to ROTL32.

---
 ChangeLog         |  5 +++++
 sha512-compress.c | 11 +++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bc06c471..155fe11e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,11 @@
 	with complemented shift count.
 	(SHR): Deleted macro, use plain shift operator instead.
 
+	* sha512-compress.c (ROTR): Deleted macro, replaced by...
+	(ROTL64): ...new macro, with complemented shift count
+	(SHR): Deleted macro, use plain shift operator instead.
+	(S0, S1, s0, s1): Updated accordingly.
+
 2012-03-30  Niels Möller  <nisse@lysator.liu.se>
 
 	* nettle-internal.c (nettle_salsa20): Cipher struct for
diff --git a/sha512-compress.c b/sha512-compress.c
index f0f9bf32..10fca33e 100644
--- a/sha512-compress.c
+++ b/sha512-compress.c
@@ -38,8 +38,7 @@
 /* A block, treated as a sequence of 64-bit words. */
 #define SHA512_DATA_LENGTH 16
 
-#define ROTR(n,x) ((x)>>(n) | ((x)<<(64-(n))))
-#define SHR(n,x) ((x)>>(n))
+#define ROTL64(n,x) ((x)<<(n) | ((x)>>(64-(n))))
 
 /* The SHA512 functions. The Choice function is the same as the SHA1
    function f1, and the majority function is the same as the SHA1 f3
@@ -48,11 +47,11 @@
 #define Choice(x,y,z)   ( (z) ^ ( (x) & ( (y) ^ (z) ) ) ) 
 #define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )
 
-#define S0(x) (ROTR(28,(x)) ^ ROTR(34,(x)) ^ ROTR(39,(x))) 
-#define S1(x) (ROTR(14,(x)) ^ ROTR(18,(x)) ^ ROTR(41,(x)))
+#define S0(x) (ROTL64(36,(x)) ^ ROTL64(30,(x)) ^ ROTL64(25,(x))) 
+#define S1(x) (ROTL64(50,(x)) ^ ROTL64(46,(x)) ^ ROTL64(23,(x)))
 
-#define s0(x) (ROTR(1,(x)) ^ ROTR(8,(x)) ^ SHR(7,(x)))
-#define s1(x) (ROTR(19,(x)) ^ ROTR(61,(x)) ^ SHR(6,(x)))
+#define s0(x) (ROTL64(63,(x)) ^ ROTL64(56,(x)) ^ ((x) >> 7))
+#define s1(x) (ROTL64(45,(x)) ^ ROTL64(3,(x)) ^ ((x) >> 6))
 
 /* The initial expanding function. The hash function is defined over
    an 64-word expanded input array W, where the first 16 are copies of
-- 
GitLab