A library for creating and verifying RFC 8315 Netnews Cancel-Locks.
This implementation uses the recommended algorithm from Section 4 with HMAC
based on the same hash function as <scheme>.

The subdirectory "examples" contains programs with demonstration code.

1) General
libcanlock is a standalone implementation without external dependencies.

2) System requirements
- POSIX.1-2001 compliant operating system
- C99 compiler with 'int' data type of at least 32 bit width

A POSIX style operating system is required only for the build system, the test
suite and the header parsers (see "canlock-hp" section below).
The code of the library and canlock utility is intended to be portable C99 (with
the exception that 16 bit platforms are not supported).

For reliable overwriting of secret data in memory, libcanlock needs explicit
memory access. The following functions are currently supported (automatically
detected by configure script, if available):
- memset_s() [available as option in C11 Annex K]
- explicit_memset() [available e.g. since NetBSD 7]
- explicit_bzero() [available e.g. since GNU libc 2.25]
If none of them can be used, memset() is used as fallback. But a "too smart"
compiler may optimize this call to NOP.

3) API
Since version 3 there is a new API available (hash algorithm independent).
Man pages for this API are installed together with the library.

Anything that is not documented should be considered as internal and not
part of the API. There is no portable way to hide all the internal stuff
completely, but expect that a future version may no longer export it without

4) Backward compatibility
The version 2 legacy API is still present by default, but it is now deprecated
and undocumented.
Including the header file from the new location, recompile and relink should
be sufficient to port an existing application to version 3 of the library.

The version 2 legacy API can be removed from the library with the configure
option "--disable-legacy-api".

Note: It is possible to install both, version 2 and version 3 of the library in

5) Versioning scheme
With version 3 the release version scheme has changed.
Now the release version contains 3 numbers "x.y.z":

- Major (x)
  The major number is incremented for every API/ABI change that is not backward
- Minor (y)
  The minor number is incremented for API/ABI extensions that are backward
- Patch (z)
  The patch number is incremented for changes that don't change the API/ABI.

In other words:
Releases with the same major and minor numbers are drop-in replacements.
Up- and downgrades between such versions are possible without touching
programs that use the library.
Releases with the same major, but different minor numbers are backward,
but not forward compatible. Upgrades are possible, downgrades can break
programs that use the library.
Releases with different major numbers require changes in all programs that
use the library.

Note: Compatibility is not guaranteed if different configure options are used!

6) pkg-config
Since version 3.2.0 pkg-config is supported with the configure option
"--enable-pc-files". With this option the data file "libcanlock-3.pc" is

The configure option "--with-pkgconfigdir" can be used to install this file
into a nonstandard location.

Since version 3 the command line utility "canlock" is available as frontend.
The utility and a man page for it are installed together with the library.

The header parsers from the formerly separate package canlock-hp were merged
into version 3.1.0 (see the README file in the "hp" subdirectory).

Since version 3.3.0 the library libcanlock-hp provides a C-API to the header
parsers for POSIX operating systems.

canlock-hp can be disabled with the configure option "--disable-hp".