John Regehr regehr@cs.utah.edu writes:
#define ROTL32(n,x) (((x)<<(n)) | ((x)>>((-(n)&31))))
The problem is n==0, not n==32.
Exactly. The old rotation macro (still in nettle-2.7.1, it seems) used the subexpression x >> (32 - n), which gives undefined behavior for n == 0. And with cast, this rotation macro is used with key-dependent n in the range 0 <= n < 32.
But doesn't the above version of the rotation macro work fine for all n in the needed range? The intention is that for n == 0, it should boil down to (x << 0) | (x >> 0), which is perfectly well defined C. I really want to avoid conditionals here.
About gcc optimizations, see my corresponding bug report, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157. As far as I understand, recognition of rotates has been considerably improved since.
Regards, /Niels