diff --git a/ChangeLog b/ChangeLog
index 16895dff3da8faf6671fd546f890dcb81cae4af3..8fa99a4740b7879efd7b4714fb1e559dc249d51d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,12 +1,18 @@
2018-08-09 Niels Möller <nisse@lysator.liu.se>
- * nettle-types.h (_NETTLE_ATTRIBUTE_PURE): Define
- _NETTLE_ATTRIBUTE_PURE for gcc and lookalikes.
+ * nettle-types.h (_NETTLE_ATTRIBUTE_PURE)
+ (_NETTLE_ATTRIBUTE_DEPRECATED): New macros, for gcc and
+ lookalikes.
* ecc-curve.h: Include nettle-types.h, and use
_NETTLE_ATTRIBUTE_PURE instead of local definition.
* nettle-meta.h: Use _NETTLE_ATTRIBUTE_PURE, instead of explicit
#ifdefs.
+ * aes.h: Mark functions using struct aes_ctx interface as
+ deprecated. Add #undef _NETTLE_ATTRIBUTE_DEPRECATED in files where
+ the functions are implemented or tested.
+ * gcm.h: Similarly mark functions using gcm_aes_ctx as deprecated.
+
* nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper)
(blowfish128_set_key_wrapper): Wrapper functions, to avoid cast
between incompatible function types (which gcc-8 warns about).
diff --git a/aes-set-decrypt-key.c b/aes-set-decrypt-key.c
index ffbb1898d29202eaba938deb7004eb5a871f1355..20214eaba701773e38dd9ed535e8e43d0da24f64 100644
--- a/aes-set-decrypt-key.c
+++ b/aes-set-decrypt-key.c
@@ -36,6 +36,9 @@
# include "config.h"
#endif
+/* This file implements and uses deprecated functions */
+#define _NETTLE_ATTRIBUTE_DEPRECATED
+
#include "aes-internal.h"
void
diff --git a/aes.h b/aes.h
index 5a0545c81d1113c21c9ce5908d84bc3f1eda405e..333ec52fc8591f930b2f5cb2d7d75965d225db52 100644
--- a/aes.h
+++ b/aes.h
@@ -76,7 +76,8 @@ extern "C" {
#define AES_MIN_KEY_SIZE AES128_KEY_SIZE
#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
-/* Older nettle-2.7 interface */
+/* The older nettle-2.7 AES interface is deprecated, please migrate to
+ the newer interface where each algorithm has a fixed key size. */
#define AES_KEY_SIZE 32
@@ -88,24 +89,27 @@ struct aes_ctx
void
aes_set_encrypt_key(struct aes_ctx *ctx,
- size_t length, const uint8_t *key);
+ size_t length, const uint8_t *key)
+ _NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_set_decrypt_key(struct aes_ctx *ctx,
- size_t length, const uint8_t *key);
+ size_t length, const uint8_t *key)
+ _NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_invert_key(struct aes_ctx *dst,
- const struct aes_ctx *src);
+ const struct aes_ctx *src)
+ _NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_encrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
- const uint8_t *src);
+ const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_decrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
- const uint8_t *src);
+ const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
struct aes128_ctx
{
diff --git a/gcm-aes.c b/gcm-aes.c
index 9c67355a0b7fe824f492dbcb5402d4fe34a1157c..477eeb6e3e413ff32174d9ae8db03fb96581a561 100644
--- a/gcm-aes.c
+++ b/gcm-aes.c
@@ -35,6 +35,9 @@
# include "config.h"
#endif
+/* This file implements and uses deprecated functions */
+#define _NETTLE_ATTRIBUTE_DEPRECATED
+
#include "gcm.h"
void
diff --git a/gcm.h b/gcm.h
index 766019ae1d74b1736756639226159db704cf98dd..96578530619c98f86ca99b2d058c3b66f78e69a9 100644
--- a/gcm.h
+++ b/gcm.h
@@ -261,31 +261,34 @@ void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *digest);
-/* Old aes interface, for backwards compatibility */
+/* Old deprecated aes interface, for backwards compatibility */
struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
void
gcm_aes_set_key(struct gcm_aes_ctx *ctx,
- size_t length, const uint8_t *key);
+ size_t length, const uint8_t *key) _NETTLE_ATTRIBUTE_DEPRECATED;
void
gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
- size_t length, const uint8_t *iv);
+ size_t length, const uint8_t *iv) _NETTLE_ATTRIBUTE_DEPRECATED;
void
gcm_aes_update(struct gcm_aes_ctx *ctx,
- size_t length, const uint8_t *data);
+ size_t length, const uint8_t *data) _NETTLE_ATTRIBUTE_DEPRECATED;
void
gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
- size_t length, uint8_t *dst, const uint8_t *src);
+ size_t length, uint8_t *dst, const uint8_t *src)
+ _NETTLE_ATTRIBUTE_DEPRECATED;
void
gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
- size_t length, uint8_t *dst, const uint8_t *src);
+ size_t length, uint8_t *dst, const uint8_t *src)
+ _NETTLE_ATTRIBUTE_DEPRECATED;
void
-gcm_aes_digest(struct gcm_aes_ctx *ctx, size_t length, uint8_t *digest);
+gcm_aes_digest(struct gcm_aes_ctx *ctx, size_t length, uint8_t *digest)
+ _NETTLE_ATTRIBUTE_DEPRECATED;
struct gcm_camellia128_ctx GCM_CTX(struct camellia128_ctx);
diff --git a/nettle-types.h b/nettle-types.h
index 63eae4218bc8608cb92c30e642ef7db0c8aa3f9a..4576b7c7b5b305ddb2f78461c39563dc712d5600 100644
--- a/nettle-types.h
+++ b/nettle-types.h
@@ -42,10 +42,20 @@
/* Attributes we want to use in installed header files, and hence
can't rely on config.h. */
#ifdef __GNUC__
+
#define _NETTLE_ATTRIBUTE_PURE __attribute__((pure))
+#ifndef _NETTLE_ATTRIBUTE_DEPRECATED
+/* Variant without message is supported since gcc-3.1 or so. */
+#define _NETTLE_ATTRIBUTE_DEPRECATED __attribute__((deprecated))
+#endif
+
#else /* !__GNUC__ */
+
#define _NETTLE_ATTRIBUTE_PURE
+#define _NETTLE_ATTRIBUTE_DEPRECATED
+
#endif /* !__GNUC__ */
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/testsuite/aes-test.c b/testsuite/aes-test.c
index 57e1eff42505101391c8bf6cbbbd327307fd0069..078bd678ea3fb658edcaf394ec70835362c1210c 100644
--- a/testsuite/aes-test.c
+++ b/testsuite/aes-test.c
@@ -1,3 +1,6 @@
+/* This file tests deprecated functions */
+#define _NETTLE_ATTRIBUTE_DEPRECATED
+
#include "testutils.h"
#include "aes.h"
#include "nettle-internal.h"
diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c
index 9595766a46fd09c2d5e9914348a5e8b8210c4d13..c81740196c6dedfc6e7ada9ccbd3289ced59efff 100644
--- a/testsuite/gcm-test.c
+++ b/testsuite/gcm-test.c
@@ -1,3 +1,6 @@
+/* This file tests deprecated functions */
+#define _NETTLE_ATTRIBUTE_DEPRECATED
+
#include "testutils.h"
#include "nettle-internal.h"
#include "gcm.h"