Bug 1345368 - land NSS 6fafb8fd9ff4, r=me

--HG--
extra : rebase_source : 947524eb4e61414a5809df3453946b32882fdf17

security/nss/TAG-INFO

@@ -1 +1 @@
-dec8c06d7ed9
+6fafb8fd9ff4

security/nss/build.sh

@@ -19,43 +19,7 @@ source "$cwd"/coreconf/sanitizers.sh
 # Usage info
 show_help()
 {
-    cat << EOF
-Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
-                [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
-                [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
-                [--disable-tests] [--fuzz[=tls|oss]]
-
-This script builds NSS with gyp and ninja.
-
-This build system is still under development.  It does not yet support all
-the features or platforms that NSS supports.
-
-NSS build tool options:
-
-    -h               display this help and exit
-    -c               clean before build
-    -v               verbose build
-    -j <n>           run at most <n> concurrent jobs
-    --nspr           force a rebuild of NSPR
-    --gyp|-g         force a rerun of gyp
-    --opt|-o         do an opt build
-    -m32             do a 32-bit build on a 64-bit system
-    --test           ignore map files and export everything we have
-    --fuzz           build fuzzing targets (this always enables test builds)
-                     --fuzz=tls to enable TLS fuzzing mode
-                     --fuzz=oss to build for OSS-Fuzz
-    --pprof          build with gperftool support
-    --ct-verif       build with valgrind for ct-verif
-    --scan-build     run the build with scan-build (scan-build has to be in the path)
-                     --scan-build=/out/path sets the output path for scan-build
-    --asan           do an asan build
-    --ubsan          do an ubsan build
-                     --ubsan=bool,shift,... sets specific UB sanitizers
-    --msan           do an msan build
-    --sancov         do sanitize coverage builds
-                     --sancov=func sets coverage to function level for example
-    --disable-tests  don't build tests and corresponding cmdline utils
-EOF
+    cat "$cwd"/help.txt
 }
 
 run_verbose()
@@ -84,6 +48,7 @@ verbose=0
 fuzz=0
 fuzz_tls=0
 fuzz_oss=0
+no_local_nspr=0
 
 gyp_params=(--depth="$cwd" --generator-output=".")
 nspr_params=()
@@ -121,6 +86,9 @@ while [ $# -gt 0 ]; do
         --ct-verif) gyp_params+=(-Dct_verif=1) ;;
         --disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
         --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
+        --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
+        --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
+        --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
         *) show_help; exit 2 ;;
     esac
     shift
@@ -207,7 +175,7 @@ fi
 mkdir -p "$dist_dir"
 echo $target > "$dist_dir"/latest
 
-if [ "$rebuild_nspr" = 1 ]; then
+if [[ "$rebuild_nspr" = 1 && "$no_local_nspr" = 0 ]]; then
     nspr_build "${nspr_params[@]}"
     mv -f "$nspr_config".new "$nspr_config"
 fi
@@ -216,8 +184,9 @@ if [ "$rebuild_gyp" = 1 ]; then
     # These extra arguments aren't used in determining whether to rebuild.
     obj_dir="$dist_dir"/$target
     gyp_params+=(-Dnss_dist_obj_dir=$obj_dir)
-    gyp_params+=(-Dnspr_lib_dir=$obj_dir/lib)
-    gyp_params+=(-Dnspr_include_dir=$obj_dir/include/nspr)
+    if [ "$no_local_nspr" = 0 ]; then
+        set_nspr_path "$obj_dir/include/nspr:$obj_dir/lib"
+    fi
 
     run_verbose run_scanbuild gyp -f ninja "${gyp_params[@]}" "$cwd"/nss.gyp
 

security/nss/cmd/modutil/pk11.c

@@ -494,7 +494,7 @@ static char *disableReasonStr[] = {
     "could not verify token",
     "token not present"
 };
-static int numDisableReasonStr =
+static size_t numDisableReasonStr =
     sizeof(disableReasonStr) / sizeof(disableReasonStr[0]);
 
 /***********************************************************************
@@ -513,7 +513,7 @@ ListModule(char *moduleName)
     CK_SLOT_INFO slotinfo;
     CK_TOKEN_INFO tokeninfo;
     char *ciphers, *mechanisms;
-    PK11DisableReasons reason;
+    size_t reasonIdx;
     Error rv = SUCCESS;
 
     if (!moduleName) {
@@ -604,10 +604,10 @@ ListModule(char *moduleName)
         PR_fprintf(PR_STDOUT, PAD "Firmware Version: %d.%d\n",
                    slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
         if (PK11_IsDisabled(slot)) {
-            reason = PK11_GetDisabledReason(slot);
-            if (reason < numDisableReasonStr) {
+            reasonIdx = PK11_GetDisabledReason(slot);
+            if (reasonIdx < numDisableReasonStr) {
                 PR_fprintf(PR_STDOUT, PAD "Status: DISABLED (%s)\n",
-                           disableReasonStr[reason]);
+                           disableReasonStr[reasonIdx]);
             } else {
                 PR_fprintf(PR_STDOUT, PAD "Status: DISABLED\n");
             }

security/nss/coreconf/coreconf.dep

@@ -10,4 +10,3 @@
  */
 
 #error "Do not include this header file."
-

security/nss/coreconf/nspr.sh

@@ -49,3 +49,11 @@ nspr_clean()
 {
     rm -rf "$cwd"/../nspr/$target
 }
+
+set_nspr_path()
+{
+    local include=$(echo "$1" | cut -d: -f1)
+    local lib=$(echo "$1" | cut -d: -f2)
+    gyp_params+=(-Dnspr_include_dir="$include")
+    gyp_params+=(-Dnspr_lib_dir="$lib")
+}

security/nss/gtests/common/gtests.cc

@@ -10,8 +10,12 @@
 int main(int argc, char **argv) {
   ::testing::InitGoogleTest(&argc, argv);
 
-  NSS_NoDB_Init(nullptr);
-  NSS_SetDomesticPolicy();
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return 1;
+  }
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    return 1;
+  }
   int rv = RUN_ALL_TESTS();
 
   if (NSS_Shutdown() != SECSuccess) {

security/nss/gtests/freebl_gtest/freebl_gtest.gyp

@@ -35,7 +35,28 @@
           ],
         }],
       ],
-    }
+    },
+    {
+      'target_name': 'prng_gtest',
+      'type': 'executable',
+      'sources': [
+        'prng_kat_unittest.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+      ],
+    },
   ],
   'target_defaults': {
     'include_dirs': [

security/nss/gtests/freebl_gtest/prng_kat_unittest.cc

@@ -0,0 +1,195 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "nspr.h"
+#include "nss.h"
+#include "ssl.h"
+
+#include <cstdlib>
+#include <fstream>
+#include <string>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+#include "blapi.h"
+
+namespace nss_test {
+
+typedef struct PRNGTestValuesStr {
+  std::vector<uint8_t> entropy;
+  std::vector<uint8_t> nonce;
+  std::vector<uint8_t> personal;
+  std::vector<uint8_t> expected_result;
+  std::vector<uint8_t> additional_entropy;
+  std::vector<uint8_t> additional_input_reseed;
+  std::vector<std::vector<uint8_t>> additional_input;
+} PRNGTestValues;
+
+std::vector<PRNGTestValues> test_vector;
+
+bool contains(std::string& s, const char* to_find) {
+  return s.find(to_find) != std::string::npos;
+}
+
+std::string trim(std::string str) {
+  std::string whitespace = " \t";
+  const auto strBegin = str.find_first_not_of(whitespace);
+  if (strBegin == std::string::npos) {
+    return "";
+  }
+  const auto strEnd = str.find_last_not_of(whitespace);
+  const auto strRange = strEnd - strBegin + 1;
+  return str.substr(strBegin, strRange);
+}
+
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+  std::vector<uint8_t> bytes;
+  for (size_t i = 0; i < s.length() - 1; i += 2) {
+    bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
+  }
+  return bytes;
+}
+
+std::vector<uint8_t> read_option_s(std::string& s) {
+  size_t start = s.find("=") + 1;
+  assert(start > 0);
+  return hex_string_to_bytes(trim(s.substr(start, s.find("]", start))));
+}
+
+void print_bytes(std::vector<uint8_t> bytes, std::string name) {
+  std::cout << name << ": ";
+  for (auto b : bytes) {
+    std::cout << std::setfill('0') << std::setw(2) << std::hex
+              << static_cast<int>(b);
+  }
+  std::cout << std::endl;
+}
+
+static void ReadFile(const std::string file_name) {
+  std::ifstream infile(file_name);
+  std::string line;
+
+  // Variables holding the input for each test.
+  bool valid_option = false;
+
+  // Read the file.
+  std::streampos pos;
+  while (std::getline(infile, line)) {
+    // We only implement SHA256. Skip all other tests.
+    if (contains(line, "[SHA-")) {
+      valid_option = contains(line, "[SHA-256]");
+    }
+    if (!valid_option) {
+      continue;
+    }
+
+    // We ignore the options and infer them from the test case.
+
+    PRNGTestValues test;
+    if (line.find("COUNT =")) {
+      continue;
+    }
+
+    // Read test input.
+    do {
+      pos = infile.tellg();
+      std::getline(infile, line);
+      if (contains(line, "EntropyInput ")) {
+        test.entropy = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "Nonce")) {
+        test.nonce = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "PersonalizationString")) {
+        test.personal = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "AdditionalInput ")) {
+        test.additional_input.push_back(read_option_s(line));
+        continue;
+      }
+      if (contains(line, "EntropyInputReseed")) {
+        test.additional_entropy = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "AdditionalInputReseed")) {
+        test.additional_input_reseed = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "ReturnedBits")) {
+        test.expected_result = read_option_s(line);
+        continue;
+      }
+    } while (!infile.eof() && line.find("COUNT =") && line.find("["));
+
+    // Save test case.
+    test_vector.push_back(test);
+    test = {};
+    infile.seekg(pos);
+  }
+}
+
+class PRNGTest : public ::testing::TestWithParam<PRNGTestValues> {
+ protected:
+  void RunTest(PRNGTestValues test) {
+    ASSERT_EQ(2U, test.additional_input.size());
+    SECStatus rv = PRNGTEST_Instantiate_Kat(
+        test.entropy.data(), test.entropy.size(), test.nonce.data(),
+        test.nonce.size(), test.personal.data(), test.personal.size());
+    ASSERT_EQ(SECSuccess, rv);
+    rv = PRNGTEST_Reseed(test.additional_entropy.data(),
+                         test.additional_entropy.size(),
+                         test.additional_input_reseed.data(),
+                         test.additional_input_reseed.size());
+    ASSERT_EQ(SECSuccess, rv);
+
+    // Generate bytes.
+    uint8_t bytes[128];
+    PRNGTEST_Generate(bytes, 128, test.additional_input[0].data(),
+                      test.additional_input[0].size());
+    PRNGTEST_Generate(bytes, 128, test.additional_input[1].data(),
+                      test.additional_input[1].size());
+    std::vector<uint8_t> result(bytes, bytes + 128);
+    if (result != test.expected_result) {
+      print_bytes(result, "result  ");
+      print_bytes(test.expected_result, "expected");
+    }
+    ASSERT_EQ(test.expected_result, result);
+    rv = PRNGTEST_Uninstantiate();
+    ASSERT_EQ(SECSuccess, rv);
+  }
+};
+
+TEST_P(PRNGTest, HashDRBG) { RunTest(GetParam()); }
+
+INSTANTIATE_TEST_CASE_P(NISTTestVector, PRNGTest,
+                        ::testing::ValuesIn(test_vector));
+
+}  // nss_test
+
+int main(int argc, char** argv) {
+  if (argc < 2) {
+    std::cout << "usage: prng_gtest <.rsp file>" << std::endl;
+    return 1;
+  }
+
+  nss_test::ReadFile(argv[1]);
+  assert(!nss_test::test_vector.empty());
+
+  ::testing::InitGoogleTest(&argc, argv);
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return 1;
+  }
+  int rv = RUN_ALL_TESTS();
+
+  if (NSS_Shutdown() != SECSuccess) {
+    return 1;
+  }
+
+  return rv;
+}

security/nss/gtests/ssl_gtest/ssl_gtest.cc

@@ -31,12 +31,18 @@ int main(int argc, char** argv) {
     }
   }
 
-  NSS_Initialize(g_working_dir_path.c_str(), "", "", SECMOD_DB,
-                 NSS_INIT_READONLY);
-  NSS_SetDomesticPolicy();
+  if (NSS_Initialize(g_working_dir_path.c_str(), "", "", SECMOD_DB,
+                     NSS_INIT_READONLY) != SECSuccess) {
+    return 1;
+  }
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    return 1;
+  }
   int rv = RUN_ALL_TESTS();
 
-  NSS_Shutdown();
+  if (NSS_Shutdown() != SECSuccess) {
+    return 1;
+  }
 
   nss_test::Poller::Shutdown();
 

security/nss/help.txt

@@ -0,0 +1,42 @@
+Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
+                [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
+                [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
+                [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
+                [--no-zdefs] [--with-nspr] [--system-nspr]
+
+This script builds NSS with gyp and ninja.
+
+This build system is still under development.  It does not yet support all
+the features or platforms that NSS supports.
+
+NSS build tool options:
+
+    -h               display this help and exit
+    -c               clean before build
+    -v               verbose build
+    -j <n>           run at most <n> concurrent jobs
+    --nspr           force a rebuild of NSPR
+    --gyp|-g         force a rerun of gyp
+    --opt|-o         do an opt build
+    -m32             do a 32-bit build on a 64-bit system
+    --test           ignore map files and export everything we have
+    --fuzz           build fuzzing targets (this always enables test builds)
+                     --fuzz=tls to enable TLS fuzzing mode
+                     --fuzz=oss to build for OSS-Fuzz
+    --pprof          build with gperftool support
+    --ct-verif       build with valgrind for ct-verif
+    --scan-build     run the build with scan-build (scan-build has to be in the path)
+                     --scan-build=/out/path sets the output path for scan-build
+    --asan           do an asan build
+    --ubsan          do an ubsan build
+                     --ubsan=bool,shift,... sets specific UB sanitizers
+    --msan           do an msan build
+    --sancov         do sanitize coverage builds
+                     --sancov=func sets coverage to function level for example
+    --disable-tests  don't build tests and corresponding cmdline utils
+    --system-sqlite  use system sqlite
+    --no-zdefs       don't set -Wl,-z,defs
+    --with-nspr      don't build NSPR but use the one at the given location, e.g.
+                     --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
+    --system-nspr    use system nspr. This requires an installation of NSPR and
+                     might not work on all systems.

security/nss/lib/freebl/blapi.h

@@ -1469,6 +1469,12 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w,
                                const unsigned char *q,
                                unsigned char *xj);
 
+/* To allow NIST KAT tests */
+extern SECStatus
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
+                         const PRUint8 *nonce, unsigned int nonce_len,
+                         const PRUint8 *personal_string, unsigned int ps_len);
+
 /*
  * The following functions are for FIPS poweron self test and FIPS algorithm
  * testing.

security/nss/lib/freebl/drbg.c

@@ -99,7 +99,8 @@ struct RNGContextStr {
      * RNG_RandomUpdate. */
     PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
     PRUint32 additionalAvail;
-    PRBool isValid; /* false if RNG reaches an invalid state */
+    PRBool isValid;   /* false if RNG reaches an invalid state */
+    PRBool isKatTest; /* true if running NIST PRNG KAT tests */
 };
 
 typedef struct RNGContextStr RNGContext;
@@ -150,7 +151,7 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return,
 }
 
 /*
- * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2
+ * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2
  *
  * NOTE: bytes & len are entropy || nonce || personalization_string. In
  * normal operation, NSS calculates them all together in a single call.
@@ -158,9 +159,11 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return,
 static SECStatus
 prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
 {
-    if (len < PRNG_SEEDLEN) {
-        /* if the seedlen is to small, it's probably because we failed to get
-     * enough random data */
+    if (!rng->isKatTest && len < PRNG_SEEDLEN) {
+        /* If the seedlen is too small, it's probably because we failed to get
+         * enough random data.
+         * This is stricter than NIST SP800-90A requires. Don't enforce it for
+         * tests. */
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
         return SECFailure;
     }
@@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy,
 
 #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
     PRNG_ADD_BITS(dest, dest_len, add, len, carry)               \
-    PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
+    PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry)
 
 /*
  * This function expands the internal state of the prng to fulfill any number
@@ -445,6 +448,7 @@ rng_init(void)
 
         /* the RNG is in a valid state */
         globalrng->isValid = PR_TRUE;
+        globalrng->isKatTest = PR_FALSE;
 
         /* fetch one random value so that we can populate rng->oldV for our
          * continous random number test. */
@@ -700,6 +704,17 @@ RNG_RNGShutdown(void)
   * entropy we may have previously collected. */
 RNGContext testContext;
 
+SECStatus
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
+                         const PRUint8 *nonce, unsigned int nonce_len,
+                         const PRUint8 *personal_string, unsigned int ps_len)
+{
+    testContext.isKatTest = PR_TRUE;
+    return PRNGTEST_Instantiate(entropy, entropy_len,
+                                nonce, nonce_len,
+                                personal_string, ps_len);
+}
+
 /*
  * Test vector API. Use NIST SP 800-90 general interface so one of the
  * other NIST SP 800-90 algorithms may be used in the future.

security/nss/lib/nss/nss.h

@@ -24,7 +24,7 @@
  */
 #define NSS_VERSION "3.30" _NSS_CUSTOMIZED " Beta"
 #define NSS_VMAJOR 3
-#define NSS_VMINOR 30
+#define NSS_VMINOR 31
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
 #define NSS_BETA PR_TRUE

security/nss/lib/softoken/softkver.h

@@ -23,7 +23,7 @@
  */
 #define SOFTOKEN_VERSION "3.30" SOFTOKEN_ECC_STRING " Beta"
 #define SOFTOKEN_VMAJOR 3
-#define SOFTOKEN_VMINOR 30
+#define SOFTOKEN_VMINOR 31
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
 #define SOFTOKEN_BETA PR_TRUE

security/nss/lib/util/nssutil.h

@@ -21,7 +21,7 @@
  */
 #define NSSUTIL_VERSION "3.30 Beta"
 #define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 30
+#define NSSUTIL_VMINOR 31
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
 #define NSSUTIL_BETA PR_TRUE

security/nss/nss.gyp

@@ -178,10 +178,11 @@
             'cmd/vfychain/vfychain.gyp:vfychain',
             'cmd/vfyserv/vfyserv.gyp:vfyserv',
             'gtests/der_gtest/der_gtest.gyp:der_gtest',
+            'gtests/freebl_gtest/freebl_gtest.gyp:prng_gtest',
             'gtests/pk11_gtest/pk11_gtest.gyp:pk11_gtest',
             'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',
             'gtests/util_gtest/util_gtest.gyp:util_gtest',
-            'gtests/nss_bogo_shim/nss_bogo_shim.gyp:nss_bogo_shim'
+            'gtests/nss_bogo_shim/nss_bogo_shim.gyp:nss_bogo_shim',
           ],
           'conditions': [
             [ 'OS=="linux"', {

security/nss/tests/gtests/gtests.sh

@@ -55,7 +55,8 @@ gtest_start()
     GTESTREPORT="$GTESTDIR/report.xml"
     PARSED_REPORT="$GTESTDIR/report.parsed"
     echo "executing $i"
-    ${BINDIR}/$i -d "$GTESTDIR" --gtest_output=xml:"${GTESTREPORT}" \
+    ${BINDIR}/$i "${SOURCE_DIR}/gtests/freebl_gtest/kat/Hash_DRBG.rsp" \
+                 -d "$GTESTDIR" --gtest_output=xml:"${GTESTREPORT}" \
                                 --gtest_filter="${GTESTFILTER-*}"
     html_msg $? 0 "$i run successfully"
     echo "test output dir: ${GTESTREPORT}"
@@ -82,7 +83,8 @@ gtest_cleanup()
 }
 
 ################## main #################################################
-GTESTS="der_gtest pk11_gtest util_gtest"
+GTESTS="prng_gtest der_gtest pk11_gtest util_gtest"
+SOURCE_DIR="$PWD"/../..
 gtest_init $0
 gtest_start
 gtest_cleanup