change __attribute__((nonnull(list of pointers))) to __attribute__((nonnull))

src/per_curve/crypto.tmpl.h

@@ -49,14 +49,14 @@ typedef struct {
 void $(c_ns)_derive_private_key (
     $(c_ns)_private_key_t priv,
     const $(c_ns)_symmetric_key_t proto
-) NONNULL2 API_VIS;
+) NONNULL API_VIS;
 
 /**
  * Destroy a private key.
  */
 void $(c_ns)_destroy_private_key (
     $(c_ns)_private_key_t priv
-) NONNULL1 API_VIS;
+) NONNULL API_VIS;
 
 /**
  * Convert a private key to a public one.
@@ -66,7 +66,7 @@ void $(c_ns)_destroy_private_key (
 void $(c_ns)_private_to_public (
     $(c_ns)_public_key_t pub,
     const $(c_ns)_private_key_t priv
-) NONNULL2 API_VIS;
+) NONNULL API_VIS;
     
 /**
  * Compute a Diffie-Hellman shared secret.
@@ -90,7 +90,7 @@ $(c_ns)_shared_secret (
     const $(c_ns)_private_key_t my_privkey,
     const $(c_ns)_public_key_t your_pubkey,
     int me_first
-) NONNULL134 WARN_UNUSED API_VIS;
+) NONNULL WARN_UNUSED API_VIS;
    
 /**
  * Sign a message from a STROBE context.
@@ -104,7 +104,7 @@ $(c_ns)_sign_strobe (
     keccak_strobe_t strobe,
     $(c_ns)_signature_t sig,
     const $(c_ns)_private_key_t priv
-) NONNULL3 API_VIS;
+) NONNULL API_VIS;
 
 /**
  * Sign a message.
@@ -120,7 +120,7 @@ $(c_ns)_sign (
     const $(c_ns)_private_key_t priv,
     const unsigned char *message,
     size_t message_len
-) NONNULL3 API_VIS;
+) NONNULL API_VIS;
 
 /**
  * Verify a signed message from its STROBE context.
@@ -137,7 +137,7 @@ $(c_ns)_verify_strobe (
     keccak_strobe_t strobe,
     const $(c_ns)_signature_t sig,
     const $(c_ns)_public_key_t pub
-) NONNULL3 API_VIS WARN_UNUSED;
+) NONNULL API_VIS WARN_UNUSED;
 
 /**
  * Verify a signed message.
@@ -156,7 +156,7 @@ $(c_ns)_verify (
     const $(c_ns)_public_key_t pub,
     const unsigned char *message,
     size_t message_len
-) NONNULL3 API_VIS WARN_UNUSED;
+) NONNULL API_VIS WARN_UNUSED;
 
 #ifdef __cplusplus
 } /* extern "C" */

src/per_curve/decaf.tmpl.h

@@ -93,7 +93,7 @@ extern const struct $(c_ns)_precomputed_s *$(c_ns)_precomputed_base API_VIS;
 decaf_error_t $(c_ns)_scalar_decode (
     $(c_ns)_scalar_t out,
     const unsigned char ser[$(C_NS)_SCALAR_BYTES]
-) API_VIS WARN_UNUSED NONNULL2 NOINLINE;
+) API_VIS WARN_UNUSED NONNULL NOINLINE;
 
 /**
  * @brief Read a scalar from wire format or from bytes.  Reduces mod
@@ -107,7 +107,7 @@ void $(c_ns)_scalar_decode_long (
     $(c_ns)_scalar_t out,
     const unsigned char *ser,
     size_t ser_len
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
     
 /**
  * @brief Serialize a scalar to wire format.
@@ -118,7 +118,7 @@ void $(c_ns)_scalar_decode_long (
 void $(c_ns)_scalar_encode (
     unsigned char ser[$(C_NS)_SCALAR_BYTES],
     const $(c_ns)_scalar_t s
-) API_VIS NONNULL2 NOINLINE NOINLINE;
+) API_VIS NONNULL NOINLINE NOINLINE;
         
 /**
  * @brief Add two scalars.  The scalars may use the same memory.
@@ -130,7 +130,7 @@ void $(c_ns)_scalar_add (
     $(c_ns)_scalar_t out,
     const $(c_ns)_scalar_t a,
     const $(c_ns)_scalar_t b
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Compare two scalars.
@@ -142,7 +142,7 @@ void $(c_ns)_scalar_add (
 decaf_bool_t $(c_ns)_scalar_eq (
     const $(c_ns)_scalar_t a,
     const $(c_ns)_scalar_t b
-) API_VIS WARN_UNUSED NONNULL2 NOINLINE;
+) API_VIS WARN_UNUSED NONNULL NOINLINE;
 
 /**
  * @brief Subtract two scalars.  The scalars may use the same memory.
@@ -154,7 +154,7 @@ void $(c_ns)_scalar_sub (
     $(c_ns)_scalar_t out,
     const $(c_ns)_scalar_t a,
     const $(c_ns)_scalar_t b
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Multiply two scalars.  The scalars may use the same memory.
@@ -166,7 +166,7 @@ void $(c_ns)_scalar_mul (
     $(c_ns)_scalar_t out,
     const $(c_ns)_scalar_t a,
     const $(c_ns)_scalar_t b
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
         
 /**
 * @brief Halve a scalar.  The scalars may use the same memory.
@@ -176,7 +176,7 @@ void $(c_ns)_scalar_mul (
 void $(c_ns)_scalar_halve (
    $(c_ns)_scalar_t out,
    const $(c_ns)_scalar_t a
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Invert a scalar.  When passed zero, return 0.  The input and output may alias.
@@ -187,7 +187,7 @@ void $(c_ns)_scalar_halve (
 decaf_error_t $(c_ns)_scalar_invert (
     $(c_ns)_scalar_t out,
     const $(c_ns)_scalar_t a
-) API_VIS WARN_UNUSED NONNULL2 NOINLINE;
+) API_VIS WARN_UNUSED NONNULL NOINLINE;
 
 /**
  * @brief Copy a scalar.  The scalars may use the same memory, in which
@@ -195,7 +195,7 @@ decaf_error_t $(c_ns)_scalar_invert (
  * @param [in] a A scalar.
  * @param [out] out Will become a copy of a.
  */
-static inline void NONNULL2 $(c_ns)_scalar_copy (
+static inline void NONNULL $(c_ns)_scalar_copy (
     $(c_ns)_scalar_t out,
     const $(c_ns)_scalar_t a
 ) {
@@ -210,7 +210,7 @@ static inline void NONNULL2 $(c_ns)_scalar_copy (
 void $(c_ns)_scalar_set_unsigned (
     $(c_ns)_scalar_t out,
     uint64_t a
-) API_VIS NONNULL1;
+) API_VIS NONNULL;
 
 /**
  * @brief Encode a point as a sequence of bytes.
@@ -221,7 +221,7 @@ void $(c_ns)_scalar_set_unsigned (
 void $(c_ns)_point_encode (
     uint8_t ser[$(C_NS)_SER_BYTES],
     const $(c_ns)_point_t pt
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Decode a point from a sequence of bytes.
@@ -241,7 +241,7 @@ decaf_error_t $(c_ns)_point_decode (
     $(c_ns)_point_t pt,
     const uint8_t ser[$(C_NS)_SER_BYTES],
     decaf_bool_t allow_identity
-) API_VIS WARN_UNUSED NONNULL2 NOINLINE;
+) API_VIS WARN_UNUSED NONNULL NOINLINE;
 
 /**
  * @brief Copy a point.  The input and output may alias,
@@ -250,7 +250,7 @@ decaf_error_t $(c_ns)_point_decode (
  * @param [out] a A copy of the point.
  * @param [in] b Any point.
  */
-static inline void NONNULL2 $(c_ns)_point_copy (
+static inline void NONNULL $(c_ns)_point_copy (
     $(c_ns)_point_t a,
     const $(c_ns)_point_t b
 ) {
@@ -269,7 +269,7 @@ static inline void NONNULL2 $(c_ns)_point_copy (
 decaf_bool_t $(c_ns)_point_eq (
     const $(c_ns)_point_t a,
     const $(c_ns)_point_t b
-) API_VIS WARN_UNUSED NONNULL2 NOINLINE;
+) API_VIS WARN_UNUSED NONNULL NOINLINE;
 
 /**
  * @brief Add two points to produce a third point.  The
@@ -284,7 +284,7 @@ void $(c_ns)_point_add (
     $(c_ns)_point_t sum,
     const $(c_ns)_point_t a,
     const $(c_ns)_point_t b
-) API_VIS NONNULL3;
+) API_VIS NONNULL;
 
 /**
  * @brief Double a point.  Equivalent to
@@ -296,7 +296,7 @@ void $(c_ns)_point_add (
 void $(c_ns)_point_double (
     $(c_ns)_point_t two_a,
     const $(c_ns)_point_t a
-) API_VIS NONNULL2;
+) API_VIS NONNULL;
 
 /**
  * @brief Subtract two points to produce a third point.  The
@@ -311,7 +311,7 @@ void $(c_ns)_point_sub (
     $(c_ns)_point_t diff,
     const $(c_ns)_point_t a,
     const $(c_ns)_point_t b
-) API_VIS NONNULL3;
+) API_VIS NONNULL;
     
 /**
  * @brief Negate a point to produce another point.  The input
@@ -323,7 +323,7 @@ void $(c_ns)_point_sub (
 void $(c_ns)_point_negate (
    $(c_ns)_point_t nega,
    const $(c_ns)_point_t a
-) API_VIS NONNULL2;
+) API_VIS NONNULL;
 
 /**
  * @brief Multiply a base point by a scalar: scaled = scalar*base.
@@ -336,7 +336,7 @@ void $(c_ns)_point_scalarmul (
     $(c_ns)_point_t scaled,
     const $(c_ns)_point_t base,
     const $(c_ns)_scalar_t scalar
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Multiply a base point by a scalar: scaled = scalar*base.
@@ -361,7 +361,7 @@ decaf_error_t $(c_ns)_direct_scalarmul (
     const $(c_ns)_scalar_t scalar,
     decaf_bool_t allow_identity,
     decaf_bool_t short_circuit
-) API_VIS NONNULL3 WARN_UNUSED NOINLINE;
+) API_VIS NONNULL WARN_UNUSED NOINLINE;
 
 /**
  * @brief RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
@@ -379,7 +379,7 @@ decaf_error_t $(c_ns)_x_direct_scalarmul ( /* TODO: rename? */
     uint8_t out[X$(gf_shortname)_PUBLIC_BYTES],
     const uint8_t base[X$(gf_shortname)_PUBLIC_BYTES],
     const uint8_t scalar[X$(gf_shortname)_PRIVATE_BYTES]
-) API_VIS NONNULL3 WARN_UNUSED NOINLINE;
+) API_VIS NONNULL WARN_UNUSED NOINLINE;
 
 /** The base point for X$(gf_shortname) Diffie-Hellman */
 extern const uint8_t $(c_ns)_x_base_point[X$(gf_shortname)_PUBLIC_BYTES] API_VIS;
@@ -394,7 +394,7 @@ extern const uint8_t $(c_ns)_x_base_point[X$(gf_shortname)_PUBLIC_BYTES] API_VIS
 void $(c_ns)_x_base_scalarmul (
     uint8_t out[X$(gf_shortname)_PUBLIC_BYTES],
     const uint8_t scalar[X$(gf_shortname)_PRIVATE_BYTES]
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Precompute a table for fast scalar multiplication.
@@ -408,7 +408,7 @@ void $(c_ns)_x_base_scalarmul (
 void $(c_ns)_precompute (
     $(c_ns)_precomputed_s *a,
     const $(c_ns)_point_t b
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Multiply a precomputed base point by a scalar:
@@ -425,7 +425,7 @@ void $(c_ns)_precomputed_scalarmul (
     $(c_ns)_point_t scaled,
     const $(c_ns)_precomputed_s *base,
     const $(c_ns)_scalar_t scalar
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Multiply two base points by two scalars:
@@ -446,7 +446,7 @@ void $(c_ns)_point_double_scalarmul (
     const $(c_ns)_scalar_t scalar1,
     const $(c_ns)_point_t base2,
     const $(c_ns)_scalar_t scalar2
-) API_VIS NONNULL5 NOINLINE;
+) API_VIS NONNULL NOINLINE;
     
 /**
  * Multiply one base point by two scalars:
@@ -469,7 +469,7 @@ void $(c_ns)_point_dual_scalarmul (
     const $(c_ns)_point_t base1,
     const $(c_ns)_scalar_t scalar1,
     const $(c_ns)_scalar_t scalar2
-) API_VIS NONNULL5 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Multiply two base points by two scalars:
@@ -491,7 +491,7 @@ void $(c_ns)_base_double_scalarmul_non_secret (
     const $(c_ns)_scalar_t scalar1,
     const $(c_ns)_point_t base2,
     const $(c_ns)_scalar_t scalar2
-) API_VIS NONNULL4 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Constant-time decision between two points.  If pick_b
@@ -507,7 +507,7 @@ void $(c_ns)_point_cond_sel (
     const $(c_ns)_point_t a,
     const $(c_ns)_point_t b,
     decaf_word_t pick_b
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Constant-time decision between two scalars.  If pick_b
@@ -523,7 +523,7 @@ void $(c_ns)_scalar_cond_sel (
     const $(c_ns)_scalar_t a,
     const $(c_ns)_scalar_t b,
     decaf_word_t pick_b
-) API_VIS NONNULL3 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Test that a point is valid, for debugging purposes.
@@ -534,7 +534,7 @@ void $(c_ns)_scalar_cond_sel (
  */
 decaf_bool_t $(c_ns)_point_valid (
     const $(c_ns)_point_t toTest
-) API_VIS WARN_UNUSED NONNULL1 NOINLINE;
+) API_VIS WARN_UNUSED NONNULL NOINLINE;
 
 /**
  * @brief Torque a point, for debugging purposes.  The output
@@ -546,7 +546,7 @@ decaf_bool_t $(c_ns)_point_valid (
 void $(c_ns)_point_debugging_torque (
     $(c_ns)_point_t q,
     const $(c_ns)_point_t p
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Projectively scale a point, for debugging purposes.
@@ -561,7 +561,7 @@ void $(c_ns)_point_debugging_pscale (
     $(c_ns)_point_t q,
     const $(c_ns)_point_t p,
     const unsigned char factor[$(C_NS)_SER_BYTES]
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Almost-Elligator-like hash to curve.
@@ -595,7 +595,7 @@ void
 $(c_ns)_point_from_hash_nonuniform (
     $(c_ns)_point_t pt,
     const unsigned char hashed_data[$(C_NS)_SER_BYTES]
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Indifferentiable hash function encoding to curve.
@@ -608,7 +608,7 @@ $(c_ns)_point_from_hash_nonuniform (
 void $(c_ns)_point_from_hash_uniform (
     $(c_ns)_point_t pt,
     const unsigned char hashed_data[2*$(C_NS)_SER_BYTES]
-) API_VIS NONNULL2 NOINLINE;
+) API_VIS NONNULL NOINLINE;
 
 /**
  * @brief Inverse of elligator-like hash to curve.
@@ -633,7 +633,7 @@ $(c_ns)_invert_elligator_nonuniform (
     unsigned char recovered_hash[$(C_NS)_SER_BYTES],
     const $(c_ns)_point_t pt,
     uint16_t which
-) API_VIS NONNULL2 NOINLINE WARN_UNUSED;
+) API_VIS NONNULL NOINLINE WARN_UNUSED;
 
 /**
  * @brief Inverse of elligator-like hash to curve.
@@ -658,14 +658,14 @@ $(c_ns)_invert_elligator_uniform (
     unsigned char recovered_hash[2*$(C_NS)_SER_BYTES],
     const $(c_ns)_point_t pt,
     uint16_t which
-) API_VIS NONNULL2 NOINLINE WARN_UNUSED;
+) API_VIS NONNULL NOINLINE WARN_UNUSED;
 
 /**
  * @brief Overwrite scalar with zeros.
  */
 void $(c_ns)_scalar_destroy (
     $(c_ns)_scalar_t scalar
-) NONNULL1 API_VIS;
+) NONNULL API_VIS;
 
 /**
  * @brief Overwrite point with zeros.
@@ -673,14 +673,14 @@ void $(c_ns)_scalar_destroy (
  */
 void $(c_ns)_point_destroy (
     $(c_ns)_point_t point
-) NONNULL1 API_VIS;
+) NONNULL API_VIS;
 
 /**
  * @brief Overwrite precomputed table with zeros.
  */
 void $(c_ns)_precomputed_destroy (
     $(c_ns)_precomputed_s *pre
-) NONNULL1 API_VIS;
+) NONNULL API_VIS;
 
 #ifdef __cplusplus
 } /* extern "C" */

src/public_include/decaf/common.h

@@ -27,13 +27,7 @@ extern "C" {
 #define API_VIS __attribute__((visibility("default")))
 #define NOINLINE  __attribute__((noinline))
 #define WARN_UNUSED __attribute__((warn_unused_result))
-#define NONNULL1 __attribute__((nonnull(1)))
-#define NONNULL2 __attribute__((nonnull(1,2)))
-#define NONNULL3 __attribute__((nonnull(1,2,3)))
-#define NONNULL13 __attribute__((nonnull(1,3)))
-#define NONNULL134 __attribute__((nonnull(1,3,4)))
-#define NONNULL4 __attribute__((nonnull(1,2,3,4)))
-#define NONNULL5 __attribute__((nonnull(1,2,3,4,5)))
+#define NONNULL __attribute__((nonnull))
 #define INLINE inline __attribute__((always_inline))
 #define UNUSED __attribute__((unused))
 /** @endcond */
@@ -101,14 +95,14 @@ decaf_successful(decaf_error_t e) {
 void decaf_bzero (
     void *data,
     size_t size
-) NONNULL1 API_VIS;
+) NONNULL API_VIS;
 
 /** Compare two buffers, returning DECAF_TRUE if they are equal. */
 decaf_bool_t decaf_memeq (
     const void *data1,
     const void *data2,
     size_t size
-) NONNULL2 WARN_UNUSED API_VIS;
+) NONNULL WARN_UNUSED API_VIS;
     
 #ifdef __cplusplus
 } /* extern "C" */

src/public_include/decaf/shake.h

@@ -116,46 +116,46 @@ void sponge_hash (
 #define DECSHAKE(n) \
     extern const struct kparams_s SHAKE##n##_params_s API_VIS; \
     typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \
-    static inline void NONNULL1 shake##n##_init(shake##n##_ctx_t sponge) { \
+    static inline void NONNULL shake##n##_init(shake##n##_ctx_t sponge) { \
         sponge_init(sponge->s, &SHAKE##n##_params_s); \
     } \
-    static inline void NONNULL1 shake##n##_gen_init(keccak_sponge_t sponge) { \
+    static inline void NONNULL shake##n##_gen_init(keccak_sponge_t sponge) { \
         sponge_init(sponge, &SHAKE##n##_params_s); \
     } \
-    static inline void NONNULL2 shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
+    static inline void NONNULL shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
         sha3_update(sponge->s, in, inlen); \
     } \
-    static inline void  NONNULL2 shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
+    static inline void  NONNULL shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
         sha3_output(sponge->s, out, outlen); \
         sponge_init(sponge->s, &SHAKE##n##_params_s); \
     } \
-    static inline void  NONNULL13 shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
+    static inline void  NONNULL shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
         sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \
     } \
-    static inline void  NONNULL1 shake##n##_destroy( shake##n##_ctx_t sponge ) { \
+    static inline void  NONNULL shake##n##_destroy( shake##n##_ctx_t sponge ) { \
         sponge_destroy(sponge->s); \
     }
 
 #define DECSHA3(n) \
     extern const struct kparams_s SHA3_##n##_params_s API_VIS; \
     typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \
-    static inline void NONNULL1 sha3_##n##_init(sha3_##n##_ctx_t sponge) { \
+    static inline void NONNULL sha3_##n##_init(sha3_##n##_ctx_t sponge) { \
         sponge_init(sponge->s, &SHA3_##n##_params_s); \
     } \
-    static inline void NONNULL1 sha3_##n##_gen_init(keccak_sponge_t sponge) { \
+    static inline void NONNULL sha3_##n##_gen_init(keccak_sponge_t sponge) { \
         sponge_init(sponge, &SHA3_##n##_params_s); \
     } \
-    static inline void NONNULL2 sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
+    static inline void NONNULL sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \
         sha3_update(sponge->s, in, inlen); \
     } \
-    static inline void NONNULL2 sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
+    static inline void NONNULL sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \
         sha3_output(sponge->s, out, outlen); \
         sponge_init(sponge->s, &SHA3_##n##_params_s); \
     } \
-    static inline void NONNULL13 sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
+    static inline void NONNULL sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \
         sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \
     } \
-    static inline void NONNULL1 sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \
+    static inline void NONNULL sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \
         sponge_destroy(sponge->s); \
     }
 /** @endcond */

src/public_include/decaf/spongerng.h

@@ -32,7 +32,7 @@ void spongerng_init_from_buffer (
     const uint8_t *__restrict__ in, /**< [in]  The initialization data. */
     size_t len,                     /**< [in]  The length of the initialization data. */
     int deterministic               /**< [in]  If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC.*/
-) NONNULL2 API_VIS;
+) NONNULL API_VIS;
     
 /**
  * @brief Initialize a sponge-based CSPRNG from a file.
@@ -45,7 +45,7 @@ decaf_error_t spongerng_init_from_file (
     const char *file,   /**< [in]  A name of a file containing initial data. */
     size_t len,         /**< [in]  The length of the initial data.  Must be positive. */
     int deterministic   /**< [in]  If zero, allow RNG to stir in nondeterministic data from RDRAND or RDTSC. */
-) NONNULL2 API_VIS WARN_UNUSED;
+) NONNULL API_VIS WARN_UNUSED;
 
 /**
  * @brief Initialize a nondeterministic sponge-based CSPRNG from /dev/urandom.
@@ -69,7 +69,7 @@ void spongerng_stir (
     keccak_prng_t prng,              /**< [out] The PRNG object. */
     const uint8_t * __restrict__ in, /**< [in]  The entropy data. */
     size_t len                       /**< [in]  The length of the initial data. */
-) NONNULL2 API_VIS;
+) NONNULL API_VIS;
     
 /** Securely destroy a sponge RNG object by overwriting it. */
 static INLINE UNUSED void

src/public_include/decaf/strobe.h

@@ -44,7 +44,7 @@ void strobe_init (
     const struct kparams_s *params, /**< [in] Parameter set descriptor. */
     const char *proto,              /**< [in] Unique identifier for the protocol.  TODO: define namespaces for this */
     uint8_t am_client               /**< [in] Nonzero if this party. */
-) NONNULL2 API_VIS;
+) NONNULL API_VIS;
 
 /** Run a transaction against a STROBE state. */
 void strobe_transact (
@@ -53,10 +53,10 @@ void strobe_transact (
     const unsigned char *in, /**< [in] The input. */
     size_t len,              /**< [in] The length of the input/output. */
     uint32_t cw_flags        /**< [in] The control word with flags. */
-) NONNULL1 API_VIS;
+) __attribute__((nonnull(1))) API_VIS;
 
 /** Record a message sent in plaintext */
-static INLINE UNUSED void strobe_plaintext (
+static INLINE UNUSED NONNULL void strobe_plaintext (
     keccak_strobe_t strobe,  /**< [inout] The STROBE object */
     const unsigned char *in, /**< [in] The message. */
     uint16_t len,            /**< [in] The length of the message. */
@@ -64,7 +64,7 @@ static INLINE UNUSED void strobe_plaintext (
 );
 
 /** Report authenticated data in strobe context. */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_ad (
     keccak_strobe_t strobe,  /**< [inout] The strobe object. */
     const unsigned char *in, /**< [in] The plaintext. */
@@ -72,7 +72,7 @@ strobe_ad (
 );
 
 /** Set nonce in strobe context. */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_nonce (
    keccak_strobe_t strobe,  /**< [inout] The initialized strobe object. */
    const unsigned char *in, /**< [in] The nonce. */
@@ -80,7 +80,7 @@ strobe_nonce (
 );
 
 /** Set fixed key in strobe context. */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_fixed_key (
    keccak_strobe_t strobe,  /**< [inout] The initialized strobe object. */
    const unsigned char *in, /**< [in] The key. */
@@ -88,7 +88,7 @@ strobe_fixed_key (
 );
 
 /** Set Diffie-Hellman key in strobe context. */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_dh_key (
    keccak_strobe_t strobe,  /**< [inout] The initialized strobe object. */
    const unsigned char *in, /**< [in] The key. */
@@ -99,7 +99,7 @@ strobe_dh_key (
 #define STROBE_MAX_AUTH_BYTES 32
  
 /** Produce an authenticator. */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_produce_auth (
    keccak_strobe_t strobe, /**< [inout] The Strobe protocol context. */
    unsigned char *out,     /**< [out] The authenticator. */
@@ -116,13 +116,13 @@ decaf_error_t strobe_verify_auth (
    keccak_strobe_t strobe,  /**< [inout] The Strobe protocol context */
    const unsigned char *in, /**< [in] The authenticator */
    uint16_t len             /**< [in] The length, at most STROBE_MAX_AUTH_BYTES. */
-) WARN_UNUSED NONNULL2 API_VIS;
+) WARN_UNUSED NONNULL API_VIS;
 
 /**
  * @brief Encrypt bytes from in to out.
  * @warning Doesn't produce an auth tag.
  */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_encrypt (
   keccak_strobe_t strobe,  /**< [inout] strobe The Strobe protocol context. */
   unsigned char *out,      /**< [out] The ciphertext. */
@@ -134,7 +134,7 @@ strobe_encrypt (
  * Decrypt bytes from in to out.
  * @warning Doesn't check an auth tag.
  */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_decrypt (
   keccak_strobe_t strobe,  /**< [inout] The Strobe protocol context. */
   unsigned char *out,      /**< [out] The plaintext. */
@@ -149,7 +149,7 @@ strobe_decrypt (
  * refreshing forward secrecy!  It's to replace things
  * like TCP session hash.
  */
-static inline void strobe_prng (
+static inline void NONNULL strobe_prng (
    keccak_strobe_t strobe, /**< [inout] The Strobe protocol context */
    unsigned char *out,     /**< [out] The output random data. */
    uint16_t len            /**< The length. */
@@ -159,10 +159,10 @@ static inline void strobe_prng (
 void strobe_respec (
    keccak_strobe_t strobe,        /**< [inout] The initialized strobe context. */
    const struct kparams_s *params /**< [in] Strobe parameter descriptor. */
-) NONNULL2 API_VIS;
+) NONNULL API_VIS;
 
 /** Securely destroy a STROBE object by overwriting it. */
-static INLINE UNUSED void
+static INLINE UNUSED NONNULL void
 strobe_destroy (
     keccak_strobe_t doomed /**< [in] The object to destroy. */
 );