libcanlock ========== A library for creating and verifying RFC 8315 Netnews Cancel-Locks. This implementation uses the recommended algorithm from Section 4 with HMAC based on the same hash function as <scheme>. The subdirectory "examples" contains programs with demonstration code. 1) General libcanlock is a standalone implementation without external dependencies. 2) System requirements - POSIX.1-2001 compliant operating system - C99 compiler with 'int' data type of at least 32 bit width Note: A POSIX style operating system is required only for the build system, the test suite and the header parsers (see "canlock-hp" section below). The code of the library and canlock utility is intended to be portable C99 (with the exception that 16 bit platforms are not supported). For reliable overwriting of secret data in memory, libcanlock needs explicit memory access. The following functions are currently supported (automatically detected by configure script, if available): - memset_s() [available as option in C11 Annex K] - explicit_memset() [available e.g. since NetBSD 7] - explicit_bzero() [available e.g. since GNU libc 2.25] If none of them can be used, memset() is used as fallback. But a "too smart" compiler may optimize this call to NOP. 3) API Since version 3 there is a new API available (hash algorithm independent). Man pages for this API are installed together with the library. Anything that is not documented should be considered as internal and not part of the API. There is no portable way to hide all the internal stuff completely, but expect that a future version may no longer export it without notice. 4) Backward compatibility The version 2 legacy API is still present by default, but it is now deprecated and undocumented. Including the header file from the new location, recompile and relink should be sufficient to port an existing application to version 3 of the library. The version 2 legacy API can be removed from the library with the configure option "--disable-legacy-api". Note: It is possible to install both, version 2 and version 3 of the library in parallel. 5) Versioning scheme With version 3 the release version scheme has changed. Now the release version contains 3 numbers "x.y.z": - Major (x) The major number is incremented for every API/ABI change that is not backward compatible. - Minor (y) The minor number is incremented for API/ABI extensions that are backward compatible. - Patch (z) The patch number is incremented for changes that don't change the API/ABI. In other words: Releases with the same major and minor numbers are drop-in replacements. Up- and downgrades between such versions are possible without touching programs that use the library. Releases with the same major, but different minor numbers are backward, but not forward compatible. Upgrades are possible, downgrades can break programs that use the library. Releases with different major numbers require changes in all programs that use the library. Note: Compatibility is not guaranteed if different configure options are used! 6) pkg-config Since version 3.2.0 pkg-config is supported with the configure option "--enable-pc-files". With this option the data file "libcanlock-3.pc" is installed. The configure option "--with-pkgconfigdir" can be used to install this file into a nonstandard location. canlock ======= Since version 3 the command line utility "canlock" is available as frontend. The utility and a man page for it are installed together with the library. canlock-hp ========== The header parsers from the formerly separate package canlock-hp were merged into version 3.1.0 (see the README file in the "hp" subdirectory). Since version 3.3.0 the library libcanlock-hp provides a C-API to the header parsers for POSIX operating systems. canlock-hp can be disabled with the configure option "--disable-hp". EOF