[4633] Merged trac3908 and trac4631

configure.ac

@@ -814,7 +814,7 @@ then
 else
    CRYPTO_NAME="OpenSSL"
    DISABLED_CRYPTO="Botan"
-   CRYPTO_PACKAGE="openssl-1.0.0"
+   CRYPTO_PACKAGE="openssl-1.0.2"
    AC_DEFINE_UNQUOTED([WITH_OPENSSL], [], [Compile with OpenSSL crypto])
    AC_MSG_CHECKING(for OpenSSL library)
    # from bind9
@@ -837,18 +837,10 @@ else
    fi
    AC_MSG_RESULT(yes)
    if test "${use_openssl}" = "/usr" ; then
+      CRYPTO_CFLAGS=""
       CRYPTO_INCLUDES=""
       CRYPTO_LIBS="-lcrypto"
       DISTCHECK_CRYPTO_CONFIGURE_FLAG="--with-openssl"
-      case "$host" in
-          *-apple-darwin*)
-              # Starting with OSX 10.7 (Lion) OpenSSL is deprecated
-              CRYPTO_CFLAGS="-Wno-deprecated-declarations"
-              ;;
-          *)
-              CRYPTO_CFLAGS=""
-              ;;
-      esac
    else
       CRYPTO_CFLAGS=""
       CRYPTO_INCLUDES="-I${use_openssl}/include"
@@ -873,6 +865,8 @@ else
       esac
     fi
     dnl Determine the OpenSSL version
+    # Officially we support >= 1.0.1, 0.9.8 should fail the HMAC API,
+    # 1.0.0 could work but is not recommended.
     AC_MSG_CHECKING([OpenSSL version])
     cat > conftest.cpp << EOF
 #include <openssl/opensslv.h>
@@ -903,6 +897,18 @@ EOF
                           ])],
         [AC_MSG_RESULT([yes])],
         [AC_MSG_ERROR([missing EVP entry for SHA-2])])
+    dnl Check HMAC API
+    AC_MSG_CHECKING([HMAC functions returning ints])
+    AC_LINK_IFELSE(
+         [AC_LANG_PROGRAM([#include <openssl/hmac.h>],
+                          [HMAC_CTX ctx, tmp;
+                           int n = HMAC_Init(&ctx, NULL, 0, NULL);
+                           n += HMAC_Update(&ctx, NULL, 0);
+                           n += HMAC_CTX_copy(&tmp, &ctx);
+                           n += HMAC_Final(&tmp, NULL, NULL);
+                           ])],
+         [AC_MSG_RESULT([yes])],
+         [AC_MSG_ERROR([HMAC functions return void: the OpenSSL version should be too old, please change for >= 1.0.1])])
     LIBS=${LIBS_SAVED}
     CPPFLAGS=${CPPFLAGS_SAVED}
 fi
@@ -1262,6 +1268,27 @@ AC_SUBST(GTEST_LDADD)
 AC_SUBST(GTEST_SOURCE)
 
 #
+# Some Googletest versions bug with C++11 compilers
+#
+if test $enable_gtest != "no"; then
+   AC_MSG_CHECKING([if Google Test is compatible with the compiler])
+   CPPFLAGS_SAVED=$CPPFLAGS
+   CPPFLAGS="$CPPFLAGS $GTEST_INCLUDES"
+   AC_COMPILE_IFELSE(
+       [AC_LANG_PROGRAM(
+           [#include <boost/shared_ptr.hpp>
+	    #include <gtest/gtest.h>
+	    void foo() {
+	        boost::shared_ptr<int> bar;
+		ASSERT_TRUE(bar);
+            }],
+	    [return 0;])],
+	[AC_MSG_RESULT(yes)],
+    	[AC_MSG_ERROR([XXX_TRUE() Gtest macros won't compile: please use a different version of Gtest, e.g., git one])])
+    CPPFLAGS=$CPPFLAGS_SAVED
+fi
+	    
+#
 # ASIO: we extensively use it as the C++ event management module.
 #
 # Use our 'coroutine' header from ext

doc/guide/install.xml

@@ -114,9 +114,10 @@
         </para>
         </listitem>
 
-            <listitem>
+          <listitem>
         <para>
-          Botan (at least version 1.8) or OpenSSL.</para>
+          Botan (at least version 1.8) or OpenSSL (at least version 1.0.1).
+        </para>
           </listitem>
 
           <listitem>

doc/guide/intro.xml

@@ -60,8 +60,8 @@
         is required to be installed during compilation. Kea uses the Botan
         crypto library for C++ (<ulink url="http://botan.randombit.net/"/>),
         version 1.8 or later. As an alternative to Botan, Kea can use the
-        OpenSSL crypto library (<ulink url="http://www.openssl.org/"/>).
-        It requires a version with SHA-2 support.
+        OpenSSL crypto library (<ulink url="http://www.openssl.org/"/>),
+        version 1.0.1 or later.
             </simpara>
         </listitem>
 

src/lib/cryptolink/botan_hash.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -56,7 +56,8 @@ public:
     /// @brief Constructor for specific hash algorithm
     ///
     /// @param hash_algorithm The hash algorithm
-    explicit HashImpl(const HashAlgorithm hash_algorithm) {
+    explicit HashImpl(const HashAlgorithm hash_algorithm)
+    : hash_algorithm_(hash_algorithm), hash_() {
         Botan::HashFunction* hash;
         try {
             hash = Botan::get_hash(btn::getHashAlgorithmName(hash_algorithm));
@@ -74,6 +75,11 @@ public:
     /// @brief Destructor
     ~HashImpl() { }
 
+    /// @brief Returns the HashAlgorithm of the object
+    HashAlgorithm getHashAlgorithm() const {
+        return (hash_algorithm_);
+    }
+
     /// @brief Returns the output size of the digest
     ///
     /// @return output size of the digest
@@ -149,7 +155,10 @@ public:
     }
 
 private:
-    /// \brief The protected pointer to the Botan HashFunction object
+    /// @brief The hash algorithm
+    HashAlgorithm hash_algorithm_;
+
+    /// @brief The protected pointer to the Botan HashFunction object
     boost::scoped_ptr<Botan::HashFunction> hash_;
 };
 
@@ -162,6 +171,11 @@ Hash::~Hash() {
     delete impl_;
 }
 
+HashAlgorithm
+Hash::getHashAlgorithm() const {
+    return (impl_->getHashAlgorithm());
+}
+
 size_t
 Hash::getOutputLength() const {
     return (impl_->getOutputLength());

src/lib/cryptolink/botan_hmac.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -34,16 +34,17 @@ public:
     /// @param secret_len The length of the secret
     /// @param hash_algorithm The hash algorithm
     explicit HMACImpl(const void* secret, size_t secret_len,
-                      const HashAlgorithm hash_algorithm) {
+                      const HashAlgorithm hash_algorithm)
+    : hash_algorithm_(hash_algorithm), hmac_() {
         Botan::HashFunction* hash;
         try {
             hash = Botan::get_hash(btn::getHashAlgorithmName(hash_algorithm));
         } catch (const Botan::Algorithm_Not_Found&) {
-            isc_throw(isc::cryptolink::UnsupportedAlgorithm,
+            isc_throw(UnsupportedAlgorithm,
                       "Unknown hash algorithm: " <<
                       static_cast<int>(hash_algorithm));
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
 
         hmac_.reset(new Botan::HMAC(hash));
@@ -79,7 +80,7 @@ public:
         } catch (const Botan::Invalid_Key_Length& ikl) {
             isc_throw(BadKey, ikl.what());
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
     }
 
@@ -87,6 +88,11 @@ public:
     ~HMACImpl() {
     }
 
+    /// @brief Returns the HashAlgorithm of the object
+    HashAlgorithm getHashAlgorithm() const {
+        return (hash_algorithm_);
+    }
+
     /// @brief Returns the output size of the digest
     ///
     /// @return output size of the digest
@@ -109,7 +115,7 @@ public:
         try {
             hmac_->update(static_cast<const Botan::byte*>(data), len);
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
     }
 
@@ -125,7 +131,7 @@ public:
             }
             result.writeData(b_result.begin(), len);
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
     }
 
@@ -141,7 +147,7 @@ public:
             }
             std::memcpy(result, b_result.begin(), output_size);
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
     }
 
@@ -157,7 +163,7 @@ public:
                 return (std::vector<uint8_t>(b_result.begin(), &b_result[len]));
             }
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
     }
 
@@ -170,7 +176,6 @@ public:
         /// which causes it to fail for truncated signatures, so we do
         /// the check ourselves
         try {
-            Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
             size_t size = getOutputLength();
             if (len < 10 || len < size / 2) {
                 return (false);
@@ -178,17 +183,26 @@ public:
             if (len > size) {
                 len = size;
             }
-            return (Botan::same_mem(&our_mac[0],
+            if (digest_.empty()) {
+                digest_ = hmac_->final();
+            }
+            return (Botan::same_mem(&digest_[0],
                                     static_cast<const unsigned char*>(sig),
                                     len));
         } catch (const Botan::Exception& exc) {
-            isc_throw(isc::cryptolink::LibraryError, exc.what());
+            isc_throw(LibraryError, exc.what());
         }
     }
 
 private:
-    /// \brief The protected pointer to the Botan HMAC object
+    /// @brief The hash algorithm
+    HashAlgorithm hash_algorithm_;
+
+    /// @brief The protected pointer to the Botan HMAC object
     boost::scoped_ptr<Botan::HMAC> hmac_;
+
+    /// @brief The digest cache for multiple verify
+    Botan::SecureVector<Botan::byte> digest_;
 };
 
 HMAC::HMAC(const void* secret, size_t secret_length,
@@ -201,6 +215,11 @@ HMAC::~HMAC() {
     delete impl_;
 }
 
+HashAlgorithm
+HMAC::getHashAlgorithm() const {
+    return (impl_->getHashAlgorithm());
+}
+
 size_t
 HMAC::getOutputLength() const {
     return (impl_->getOutputLength());

src/lib/cryptolink/crypto_hash.h

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -42,6 +42,9 @@ public:
     /// \brief Destructor
     ~Hash();
 
+    /// \brief Returns the HashAlgorithm of the object
+    HashAlgorithm getHashAlgorithm() const;
+
     /// \brief Returns the output size of the digest
     ///
     /// \return output size of the digest

src/lib/cryptolink/crypto_hmac.h

@@ -1,4 +1,4 @@
-// Copyright (C) 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -52,6 +52,9 @@ public:
     /// \brief Destructor
     ~HMAC();
 
+    /// \brief Returns the HashAlgorithm of the object
+    HashAlgorithm getHashAlgorithm() const;
+
     /// \brief Returns the output size of the digest
     ///
     /// \return output size of the digest
@@ -93,7 +96,7 @@ public:
     /// result
     void sign(void* result, size_t len);
 
-    /// \brief Calculate the final signatre
+    /// \brief Calculate the final signature
     ///
     /// The result will be returned as a std::vector<uint8_t>
     ///

src/lib/cryptolink/openssl_common.h

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -70,6 +70,11 @@ public:
         vec_.resize(sz);
     };
 
+    void clear() {
+        std::memset(&vec_[0], 0, vec_.capacity() * sizeof(T));
+        vec_.clear();
+    }
+
     SecBuf& operator=(const SecBuf& x) {
         if (&x != *this) {
             vec_ = x.vec_;

src/lib/cryptolink/openssl_hash.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -54,7 +54,8 @@ public:
     /// @brief Constructor for specific hash algorithm
     ///
     /// @param hash_algorithm The hash algorithm
-    explicit HashImpl(const HashAlgorithm hash_algorithm) {
+    explicit HashImpl(const HashAlgorithm hash_algorithm)
+    : hash_algorithm_(hash_algorithm), md_() {
         const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm);
         if (algo == 0) {
             isc_throw(isc::cryptolink::UnsupportedAlgorithm,
@@ -76,6 +77,11 @@ public:
         }
     }
 
+    /// @brief Returns the HashAlgorithm of the object
+    HashAlgorithm getHashAlgorithm() const {
+        return (hash_algorithm_);
+    }
+
     /// @brief Returns the output size of the digest
     ///
     /// @return output size of the digest
@@ -130,6 +136,9 @@ public:
     }
 
 private:
+    /// @brief The hash algorithm
+    HashAlgorithm hash_algorithm_;
+
     /// @brief The protected pointer to the OpenSSL EVP_MD_CTX structure
     boost::scoped_ptr<EVP_MD_CTX> md_;
 };
@@ -143,6 +152,11 @@ Hash::~Hash() {
     delete impl_;
 }
 
+HashAlgorithm
+Hash::getHashAlgorithm() const {
+    return (impl_->getHashAlgorithm());
+}
+
 size_t
 Hash::getOutputLength() const {
     return (impl_->getOutputLength());

src/lib/cryptolink/openssl_hmac.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -30,7 +30,8 @@ public:
     /// @param secret_len The length of the secret
     /// @param hash_algorithm The hash algorithm
     explicit HMACImpl(const void* secret, size_t secret_len,
-                      const HashAlgorithm hash_algorithm) {
+                      const HashAlgorithm hash_algorithm)
+    : hash_algorithm_(hash_algorithm), md_() {
         const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm);
         if (algo == 0) {
             isc_throw(UnsupportedAlgorithm,
@@ -44,9 +45,11 @@ public:
         md_.reset(new HMAC_CTX);
         HMAC_CTX_init(md_.get());
 
-        HMAC_Init_ex(md_.get(), secret,
-                     static_cast<int>(secret_len),
-                     algo, NULL);
+        if (!HMAC_Init_ex(md_.get(), secret,
+                          static_cast<int>(secret_len),
+                          algo, NULL)) {
+            isc_throw(LibraryError, "HMAC_Init_ex");
+        }
     }
 
     /// @brief Destructor
@@ -56,13 +59,18 @@ public:
         }
     }
 
+    /// @brief Returns the HashAlgorithm of the object
+    HashAlgorithm getHashAlgorithm() const {
+        return (hash_algorithm_);
+    }
+
     /// @brief Returns the output size of the digest
     ///
     /// @return output size of the digest
     size_t getOutputLength() const {
         int size = HMAC_size(md_.get());
         if (size < 0) {
-            isc_throw(isc::cryptolink::LibraryError, "EVP_MD_CTX_size");
+            isc_throw(LibraryError, "HMAC_size");
         }
         return (static_cast<size_t>(size));
     }
@@ -71,7 +79,11 @@ public:
     ///
     /// See @ref isc::cryptolink::HMAC::update() for details.
     void update(const void* data, const size_t len) {
-        HMAC_Update(md_.get(), static_cast<const unsigned char*>(data), len);
+        if (!HMAC_Update(md_.get(),
+                         static_cast<const unsigned char*>(data),
+                         len)) {
+            isc_throw(LibraryError, "HMAC_Update");
+        }
     }
 
     /// @brief Calculate the final signature
@@ -80,7 +92,9 @@ public:
     void sign(isc::util::OutputBuffer& result, size_t len) {
         size_t size = getOutputLength();
         ossl::SecBuf<unsigned char> digest(size);
-        HMAC_Final(md_.get(), &digest[0], NULL);
+        if (!HMAC_Final(md_.get(), &digest[0], NULL)) {
+            isc_throw(LibraryError, "HMAC_Final");
+        }
         if (len > size) {
             len = size;
         }
@@ -93,7 +107,9 @@ public:
     void sign(void* result, size_t len) {
         size_t size = getOutputLength();
         ossl::SecBuf<unsigned char> digest(size);
-        HMAC_Final(md_.get(), &digest[0], NULL);
+        if (!HMAC_Final(md_.get(), &digest[0], NULL)) {
+            isc_throw(LibraryError, "HMAC_Final");
+        }
         if (len > size) {
             len = size;
         }
@@ -106,7 +122,9 @@ public:
     std::vector<uint8_t> sign(size_t len) {
         size_t size = getOutputLength();
         ossl::SecBuf<unsigned char> digest(size);
-        HMAC_Final(md_.get(), &digest[0], NULL);
+        if (!HMAC_Final(md_.get(), &digest[0], NULL)) {
+            isc_throw(LibraryError, "HMAC_Final");
+        }
         if (len < size) {
             digest.resize(len);
         }
@@ -117,12 +135,23 @@ public:
     ///
     /// See @ref isc::cryptolink::HMAC::verify() for details.
     bool verify(const void* sig, size_t len) {
+        // Check the length
         size_t size = getOutputLength();
         if (len < 10 || len < size / 2) {
             return (false);
         }
+        // Get the digest from a copy of the context
+        HMAC_CTX tmp;
+        HMAC_CTX_init(&tmp);
+        if (!HMAC_CTX_copy(&tmp, md_.get())) {
+            isc_throw(LibraryError, "HMAC_CTX_copy");
+        }
         ossl::SecBuf<unsigned char> digest(size);
-        HMAC_Final(md_.get(), &digest[0], NULL);
+        if (!HMAC_Final(&tmp, &digest[0], NULL)) {
+            HMAC_CTX_cleanup(&tmp);
+            isc_throw(LibraryError, "HMAC_Final");
+        }
+        HMAC_CTX_cleanup(&tmp);
         if (len > size) {
             len = size;
         }
@@ -130,6 +159,8 @@ public:
     }
 
 private:
+    /// @brief The hash algorithm
+    HashAlgorithm hash_algorithm_;
 
     /// @brief The protected pointer to the OpenSSL HMAC_CTX structure
     boost::scoped_ptr<HMAC_CTX> md_;
@@ -145,6 +176,11 @@ HMAC::~HMAC() {
     delete impl_;
 }
 
+HashAlgorithm
+HMAC::getHashAlgorithm() const {
+    return (impl_->getHashAlgorithm());
+}
+
 size_t
 HMAC::getOutputLength() const {
     return (impl_->getOutputLength());

src/lib/cryptolink/tests/Makefile.am

@@ -23,6 +23,7 @@ run_unittests_SOURCES += hmac_unittests.cc
 run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
 run_unittests_LDFLAGS =  $(AM_LDFLAGS) $(CRYPTO_LDFLAGS) $(GTEST_LDFLAGS)
 run_unittests_LDADD  = $(top_builddir)/src/lib/cryptolink/libkea-cryptolink.la
+run_unittests_LDADD += $(top_builddir)/src/lib/log/libkea-log.la
 run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la
 run_unittests_LDADD += $(top_builddir)/src/lib/util/libkea-util.la
 run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/libkea-exceptions.la

src/lib/cryptolink/tests/hash_unittests.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -519,6 +519,28 @@ TEST(HashTest, SHA512_RFC6234) {
 }
 
 namespace {
+    /// @brief Get the hash algorithm
+    /// @param alg Hash algorithm enum
+    /// @return Hash algorithm enum
+    HashAlgorithm
+    digestHashAlgorithm(HashAlgorithm alg) {
+        boost::shared_ptr<Hash> hash_digest(
+            CryptoLink::getCryptoLink().createHash(alg),
+            deleteHash);
+        return (hash_digest->getHashAlgorithm());
+    }
+}
+
+TEST(HashTest, HashAlgorithm) {
+    EXPECT_EQ(MD5, digestHashAlgorithm(MD5));
+    EXPECT_EQ(SHA1, digestHashAlgorithm(SHA1));
+    EXPECT_EQ(SHA256, digestHashAlgorithm(SHA256));
+    EXPECT_EQ(SHA224, digestHashAlgorithm(SHA224));
+    EXPECT_EQ(SHA384, digestHashAlgorithm(SHA384));
+    EXPECT_EQ(SHA512, digestHashAlgorithm(SHA512));
+}
+
+namespace {
     /// @brief Compute the vector digest length
     /// @param alg Hash algorithm enum
     /// @param len Wanted length

src/lib/cryptolink/tests/hmac_unittests.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -136,6 +136,12 @@ namespace {
         hmac_sig.writeUint8At(~hmac_sig[0], 0);
         EXPECT_FALSE(hmac_verify->verify(hmac_sig.getData(),
                                          hmac_sig.getLength()));
+
+        // Restore the sig by flipping the first octet, and check
+        // whether verification succeeds then
+        hmac_sig.writeUint8At(~hmac_sig[0], 0);
+        EXPECT_TRUE(hmac_verify->verify(hmac_sig.getData(),
+                                        hmac_sig.getLength()));
     }
 
     /// @brief Sign and verify with vector representation of signature
@@ -200,6 +206,9 @@ namespace {
         sig[0] = ~sig[0];
         EXPECT_FALSE(hmac_verify->verify(sig, hmac_len));
 
+        sig[0] = ~sig[0];
+        EXPECT_TRUE(hmac_verify->verify(sig, hmac_len));
+
         delete[] sig;
     }
 
@@ -596,6 +605,28 @@ TEST(HMACTest, HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
 }
 
 namespace {
+    /// @brief Get the hash algorithm
+    /// @param alg Hash algorithm enum
+    /// @return Hash algorithm enum
+    HashAlgorithm
+    signHashAlgorithm(HashAlgorithm alg) {
+        boost::shared_ptr<HMAC> hmac_sign(
+            CryptoLink::getCryptoLink().createHMAC("asdf", 4, alg),
+            deleteHMAC);
+        return (hmac_sign->getHashAlgorithm());
+    }
+}
+
+TEST(HMACTest, HashAlgorithm) {
+    EXPECT_EQ(MD5, signHashAlgorithm(MD5));
+    EXPECT_EQ(SHA1, signHashAlgorithm(SHA1));
+    EXPECT_EQ(SHA256, signHashAlgorithm(SHA256));
+    EXPECT_EQ(SHA224, signHashAlgorithm(SHA224));
+    EXPECT_EQ(SHA384, signHashAlgorithm(SHA384));
+    EXPECT_EQ(SHA512, signHashAlgorithm(SHA512));
+}
+
+namespace {
     /// @brief Compute the vector signature length
     /// @param alg Hash algorithm enum
     /// @param len Wanted length

src/lib/cryptolink/tests/run_unittests.cc

@@ -1,15 +1,17 @@
-// Copyright (C) 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-#include <gtest/gtest.h>
+#include <log/logger_support.h>
 #include <util/unittests/run_all.h>
 
+#include <gtest/gtest.h>
+
 int
 main(int argc, char* argv[]) {
     ::testing::InitGoogleTest(&argc, argv);
-
+    isc::log::initLogger();
     return (isc::util::unittests::run_all());
 }

src/lib/dhcp/tests/duid_unittest.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -31,7 +31,7 @@ namespace {
 
 // This is a workaround for strange linking problems with gtest:
 // libdhcp___unittests-duid_unittest.o: In function `Compare<long unsigned int, long unsigned int>':
-// ~/gtest-1.6.0/include/gtest/gtest.h:1353: undefined reference to `isc::dhcp::ClientId::MAX_CLIENT_ID_LE'N
+// ~/gtest-1.6.0/include/gtest/gtest.h:1353: undefined reference to `isc::dhcp::ClientId::MAX_CLIENT_ID_LEN'
 // collect2: ld returned 1 exit status
 
 const size_t MAX_DUID_LEN = DUID::MAX_DUID_LEN;

src/lib/dhcpsrv/dhcp4o6_ipc.cc

@@ -71,7 +71,7 @@ int Dhcp4o6IpcBase::open(uint16_t port, EndpointType endpoint_type) {
     }
     // We'll connect to the loopback address so bind to it too.
     local6.sin6_addr.s6_addr[15] = 1;
-    if (bind(sock, (struct sockaddr *)&local6, sizeof(local6)) < 0) {
+    if (::bind(sock, (struct sockaddr *)&local6, sizeof(local6)) < 0) {
         ::close(sock);
         isc_throw(Dhcp4o6IpcError, "Failed to bind DHCP4o6 socket.");
     }

src/lib/dns/master_loader.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -25,7 +25,7 @@
 #include <cstdio> // for sscanf()
 
 using std::string;
-using std::auto_ptr;
+using std::unique_ptr;
 using std::vector;
 using std::pair;
 using boost::algorithm::iequals;
@@ -1034,10 +1034,11 @@ MasterLoader::MasterLoader(std::istream& stream,
     if (add_callback.empty()) {
         isc_throw(isc::InvalidParameter, "Empty add RR callback");
     }
-    auto_ptr<MasterLoaderImpl> impl(new MasterLoaderImpl("", zone_origin,
-                                                         zone_class, callbacks,
-                                                         add_callback,
-                                                         options));
+    unique_ptr<MasterLoaderImpl> impl(new MasterLoaderImpl("", zone_origin,
+                                                           zone_class,
+                                                           callbacks,
+                                                           add_callback,
+                                                           options));
     impl->pushStreamSource(stream);
     impl_ = impl.release();
 }

src/lib/dns/rdata.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -278,10 +278,10 @@ Generic::constructFromLexer(MasterLexer& lexer) {
 Generic::Generic(const std::string& rdata_string) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the GenericImpl that constructFromLexer() returns.
-    std::auto_ptr<GenericImpl> impl_ptr(NULL);
+    std::unique_ptr<GenericImpl> impl_ptr;
 
     try {
         std::istringstream ss(rdata_string);

src/lib/dns/rdata/any_255/tsig_250.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -208,10 +208,10 @@ TSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
 ///
 /// \param tsig_str A string containing the RDATA to be created
 TSIG::TSIG(const std::string& tsig_str) : impl_(NULL) {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the TSIGImpl that constructFromLexer() returns.
-    std::auto_ptr<TSIGImpl> impl_ptr(NULL);
+    std::unique_ptr<TSIGImpl> impl_ptr;
 
     try {
         std::istringstream ss(tsig_str);

src/lib/dns/rdata/generic/caa_257.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -95,10 +95,10 @@ CAA::constructFromLexer(MasterLexer& lexer) {
 CAA::CAA(const string& caa_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the CAAImpl that constructFromLexer() returns.
-    std::auto_ptr<CAAImpl> impl_ptr(NULL);
+    std::unique_ptr<CAAImpl> impl_ptr;
 
     try {
         std::istringstream ss(caa_str);

src/lib/dns/rdata/generic/dnskey_48.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -70,10 +70,10 @@ struct DNSKEYImpl {
 DNSKEY::DNSKEY(const std::string& dnskey_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the DNSKEYImpl that constructFromLexer() returns.
-    std::auto_ptr<DNSKEYImpl> impl_ptr(NULL);
+    std::unique_ptr<DNSKEYImpl> impl_ptr;
 
     try {
         std::istringstream ss(dnskey_str);

src/lib/dns/rdata/generic/nsec3_50.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -79,10 +79,10 @@ struct NSEC3Impl {
 NSEC3::NSEC3(const std::string& nsec3_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the NSEC3Impl that constructFromLexer() returns.
-    std::auto_ptr<NSEC3Impl> impl_ptr(NULL);
+    std::unique_ptr<NSEC3Impl> impl_ptr;
 
     try {
         std::istringstream ss(nsec3_str);

src/lib/dns/rdata/generic/nsec3param_51.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -57,10 +57,10 @@ struct NSEC3PARAMImpl {
 NSEC3PARAM::NSEC3PARAM(const std::string& nsec3param_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the NSEC3PARAMImpl that constructFromLexer() returns.
-    std::auto_ptr<NSEC3PARAMImpl> impl_ptr(NULL);
+    std::unique_ptr<NSEC3PARAMImpl> impl_ptr;
 
     try {
         std::istringstream ss(nsec3param_str);

src/lib/dns/rdata/generic/opt_41.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -86,7 +86,7 @@ OPT::OPT(MasterLexer&, const Name*,
 OPT::OPT(InputBuffer& buffer, size_t rdata_len) :
     impl_(NULL)
 {
-    std::auto_ptr<OPTImpl> impl_ptr(new OPTImpl);
+    std::unique_ptr<OPTImpl> impl_ptr(new OPTImpl);
 
     while (true) {
         if (rdata_len == 0) {

src/lib/dns/rdata/generic/rrsig_46.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -137,10 +137,10 @@ RRSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
 RRSIG::RRSIG(const std::string& rrsig_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the RRSIGImpl that constructFromLexer() returns.
-    std::auto_ptr<RRSIGImpl> impl_ptr(NULL);
+    std::unique_ptr<RRSIGImpl> impl_ptr;
 
     try {
         std::istringstream iss(rrsig_str);

src/lib/dns/rdata/generic/sshfp_44.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -104,10 +104,10 @@ SSHFP::constructFromLexer(MasterLexer& lexer) {
 SSHFP::SSHFP(const string& sshfp_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the SSHFPImpl that constructFromLexer() returns.
-    std::auto_ptr<SSHFPImpl> impl_ptr(NULL);
+    std::unique_ptr<SSHFPImpl> impl_ptr;
 
     try {
         std::istringstream ss(sshfp_str);

src/lib/dns/rdataclass.cc

@@ -5,7 +5,7 @@
 ///////////////
 ///////////////
 
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -217,10 +217,10 @@ TSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
 ///
 /// \param tsig_str A string containing the RDATA to be created
 TSIG::TSIG(const std::string& tsig_str) : impl_(NULL) {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the TSIGImpl that constructFromLexer() returns.
-    std::auto_ptr<TSIGImpl> impl_ptr(NULL);
+    std::unique_ptr<TSIGImpl> impl_ptr;
 
     try {
         std::istringstream ss(tsig_str);
@@ -843,7 +843,7 @@ AFSDB::getSubtype() const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -942,10 +942,10 @@ CAA::constructFromLexer(MasterLexer& lexer) {
 CAA::CAA(const string& caa_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the CAAImpl that constructFromLexer() returns.
-    std::auto_ptr<CAAImpl> impl_ptr(NULL);
+    std::unique_ptr<CAAImpl> impl_ptr;
 
     try {
         std::istringstream ss(caa_str);
@@ -1527,7 +1527,7 @@ DNAME::getDname() const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -1601,10 +1601,10 @@ struct DNSKEYImpl {
 DNSKEY::DNSKEY(const std::string& dnskey_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the DNSKEYImpl that constructFromLexer() returns.
-    std::auto_ptr<DNSKEYImpl> impl_ptr(NULL);
+    std::unique_ptr<DNSKEYImpl> impl_ptr;
 
     try {
         std::istringstream ss(dnskey_str);
@@ -2816,7 +2816,7 @@ NS::getNSName() const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -2899,10 +2899,10 @@ struct NSEC3Impl {
 NSEC3::NSEC3(const std::string& nsec3_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the NSEC3Impl that constructFromLexer() returns.
-    std::auto_ptr<NSEC3Impl> impl_ptr(NULL);
+    std::unique_ptr<NSEC3Impl> impl_ptr;
 
     try {
         std::istringstream ss(nsec3_str);
@@ -3161,7 +3161,7 @@ NSEC3::getNext() const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -3222,10 +3222,10 @@ struct NSEC3PARAMImpl {
 NSEC3PARAM::NSEC3PARAM(const std::string& nsec3param_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the NSEC3PARAMImpl that constructFromLexer() returns.
-    std::auto_ptr<NSEC3PARAMImpl> impl_ptr(NULL);
+    std::unique_ptr<NSEC3PARAMImpl> impl_ptr;
 
     try {
         std::istringstream ss(nsec3param_str);
@@ -3613,7 +3613,7 @@ NSEC::compare(const Rdata& other) const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -3703,7 +3703,7 @@ OPT::OPT(MasterLexer&, const Name*,
 OPT::OPT(InputBuffer& buffer, size_t rdata_len) :
     impl_(NULL)
 {
-    std::auto_ptr<OPTImpl> impl_ptr(new OPTImpl);
+    std::unique_ptr<OPTImpl> impl_ptr(new OPTImpl);
 
     while (true) {
         if (rdata_len == 0) {
@@ -4125,7 +4125,7 @@ RP::compare(const Rdata& other) const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2010-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2010-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -4266,10 +4266,10 @@ RRSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
 RRSIG::RRSIG(const std::string& rrsig_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the RRSIGImpl that constructFromLexer() returns.
-    std::auto_ptr<RRSIGImpl> impl_ptr(NULL);
+    std::unique_ptr<RRSIGImpl> impl_ptr;
 
     try {
         std::istringstream iss(rrsig_str);
@@ -4816,7 +4816,7 @@ SPF::compare(const Rdata& other) const {
 } // end of namespace "rdata"
 } // end of namespace "dns"
 } // end of namespace "isc"
-// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -4924,10 +4924,10 @@ SSHFP::constructFromLexer(MasterLexer& lexer) {
 SSHFP::SSHFP(const string& sshfp_str) :
     impl_(NULL)
 {
-    // We use auto_ptr here because if there is an exception in this
+    // We use unique_ptr here because if there is an exception in this
     // constructor, the destructor is not called and there could be a
     // leak of the SSHFPImpl that constructFromLexer() returns.
-    std::auto_ptr<SSHFPImpl> impl_ptr(NULL);
+    std::unique_ptr<SSHFPImpl> impl_ptr;
 
     try {
         std::istringstream ss(sshfp_str);

src/lib/util/tests/memory_segment_local_unittest.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -9,6 +9,7 @@
 #include <util/memory_segment_local.h>
 #include <exceptions/exceptions.h>
 #include <gtest/gtest.h>
+#include <boost/scoped_ptr.hpp>
 #include <memory>
 #include <limits.h>
 
@@ -18,7 +19,7 @@ using namespace isc::util;
 namespace {
 
 TEST(MemorySegmentLocal, TestLocal) {
-    auto_ptr<MemorySegment> segment(new MemorySegmentLocal());
+    boost::scoped_ptr<MemorySegment> segment(new MemorySegmentLocal());
 
     // By default, nothing is allocated.
     EXPECT_TRUE(segment->allMemoryDeallocated());
@@ -50,7 +51,7 @@ TEST(MemorySegmentLocal, TestLocal) {
 
 /// @todo: disabled, see ticket #3510
 TEST(MemorySegmentLocal, DISABLED_TestTooMuchMemory) {
-    auto_ptr<MemorySegment> segment(new MemorySegmentLocal());
+    boost::scoped_ptr<MemorySegment> segment(new MemorySegmentLocal());
 
     // Although it should be perfectly fine to use the ULONG_MAX
     // instead of LONG_MAX as the size_t value should be unsigned,
@@ -61,7 +62,7 @@ TEST(MemorySegmentLocal, DISABLED_TestTooMuchMemory) {
 }
 
 TEST(MemorySegmentLocal, TestBadDeallocate) {
-    auto_ptr<MemorySegment> segment(new MemorySegmentLocal());
+    boost::scoped_ptr<MemorySegment> segment(new MemorySegmentLocal());
 
     // By default, nothing is allocated.
     EXPECT_TRUE(segment->allMemoryDeallocated());
@@ -94,7 +95,7 @@ TEST(MemorySegmentLocal, TestBadDeallocate) {
 }
 
 TEST(MemorySegmentLocal, TestNullDeallocate) {
-    auto_ptr<MemorySegment> segment(new MemorySegmentLocal());
+    boost::scoped_ptr<MemorySegment> segment(new MemorySegmentLocal());
 
     // By default, nothing is allocated.
     EXPECT_TRUE(segment->allMemoryDeallocated());

src/lib/util/threads/sync.cc

@@ -1,4 +1,4 @@
-// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -17,7 +17,7 @@
 
 #include <pthread.h>
 
-using std::auto_ptr;
+using std::unique_ptr;
 
 namespace isc {
 namespace util {
@@ -82,7 +82,7 @@ Mutex::Mutex() :
         isc_throw(isc::InvalidOperation, std::strerror(result));
     }
 
-    auto_ptr<Impl> impl(new Impl);
+    unique_ptr<Impl> impl(new Impl);
     result = pthread_mutex_init(&impl->mutex, &attributes);
     switch (result) {
         case 0: // All 0K

src/lib/util/threads/sync.h

@@ -1,4 +1,4 @@
-// Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2012-2016 Internet Systems Consortium, Inc. ("ISC")
 //
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -66,7 +66,7 @@ public:
     /// is destroyed.
     ///
     /// If you create the locker on the stack or using some other "garbage
-    /// collecting" mechanism (auto_ptr, for example), it ensures exception
+    /// collecting" mechanism (unique_ptr, for example), it ensures exception
     /// safety with regards to the mutex - it'll get released on the exit
     /// of function no matter by what means.
     class Locker : boost::noncopyable {

src/lib/util/threads/thread.cc

@@ -20,7 +20,7 @@
 
 using std::string;
 using std::exception;
-using std::auto_ptr;
+using std::unique_ptr;
 using boost::scoped_ptr;
 
 namespace isc {
@@ -123,7 +123,7 @@ public:
 Thread::Thread(const boost::function<void ()>& main) :
     impl_(NULL)
 {
-    auto_ptr<Impl> impl(new Impl(main));
+    unique_ptr<Impl> impl(new Impl(main));
     Blocker blocker;
     const int result = pthread_create(&impl->tid_, NULL, &Impl::run,
                                       impl.get());