test/recipes/80-test_cms.t

   1 #! /usr/bin/perl
   2
   3 use strict;
   4 use warnings;
   5
   6 use POSIX;
   7 use File::Spec::Functions qw/catfile/;
   8 use File::Compare qw/compare_text/;
   9 use Test::More 0.96;
  10 use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
  11
  12 setup("test_cms");
  13
  14 my $smdir    = top_dir("test", "smime-certs");
  15 my $smcont   = top_file("test", "smcont.txt");
  16 my $no_ec    = run(app(["openssl", "no-ec"], stdout => undef));
  17 my $no_ec2m  = run(app(["openssl", "no-ec2m"], stdout => undef));
  18 my $no_ecdh  = run(app(["openssl", "no-ecdh"], stdout => undef));
  19
  20 plan tests => 4;
  21
  22 my @smime_pkcs7_tests = (
  23
  24     [ "signed content DER format, RSA key",
  25       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  26         "-certfile", catfile($smdir, "smroot.pem"),
  27         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  28       [ "-verify", "-in", "test.cms", "-inform", "DER",
  29         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  30     ],
  31
  32     [ "signed detached content DER format, RSA key",
  33       [ "-sign", "-in", $smcont, "-outform", "DER",
  34         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  35       [ "-verify", "-in", "test.cms", "-inform", "DER",
  36         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  37         "-content", $smcont ]
  38     ],
  39
  40     [ "signed content test streaming BER format, RSA",
  41       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  42         "-stream",
  43         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  44       [ "-verify", "-in", "test.cms", "-inform", "DER",
  45         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  46     ],
  47
  48     [ "signed content DER format, DSA key",
  49       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  50         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  51       [ "-verify", "-in", "test.cms", "-inform", "DER",
  52         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  53     ],
  54
  55     [ "signed detached content DER format, DSA key",
  56       [ "-sign", "-in", $smcont, "-outform", "DER",
  57         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  58       [ "-verify", "-in", "test.cms", "-inform", "DER",
  59         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  60         "-content", $smcont ]
  61     ],
  62
  63     [ "signed detached content DER format, add RSA signer",
  64       [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
  65         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
  66       [ "-verify", "-in", "test2.cms", "-inform", "DER",
  67         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  68         "-content", $smcont ]
  69     ],
  70
  71     [ "signed content test streaming BER format, DSA key",
  72       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  73         "-stream",
  74         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  75       [ "-verify", "-in", "test.cms", "-inform", "DER",
  76         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  77     ],
  78
  79     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
  80       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  81         "-signer", catfile($smdir, "smrsa1.pem"),
  82         "-signer", catfile($smdir, "smrsa2.pem"),
  83         "-signer", catfile($smdir, "smdsa1.pem"),
  84         "-signer", catfile($smdir, "smdsa2.pem"),
  85         "-stream", "-out", "test.cms" ],
  86       [ "-verify", "-in", "test.cms", "-inform", "DER",
  87         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  88     ],
  89
  90     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
  91       [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
  92         "-signer", catfile($smdir, "smrsa1.pem"),
  93         "-signer", catfile($smdir, "smrsa2.pem"),
  94         "-signer", catfile($smdir, "smdsa1.pem"),
  95         "-signer", catfile($smdir, "smdsa2.pem"),
  96         "-stream", "-out", "test.cms" ],
  97       [ "-verify", "-in", "test.cms", "-inform", "DER",
  98         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  99     ],
 100
 101     [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
 102       [ "-sign", "-in", $smcont, "-nodetach",
 103         "-signer", catfile($smdir, "smrsa1.pem"),
 104         "-signer", catfile($smdir, "smrsa2.pem"),
 105         "-signer", catfile($smdir, "smdsa1.pem"),
 106         "-signer", catfile($smdir, "smdsa2.pem"),
 107         "-stream", "-out", "test.cms" ],
 108       [ "-verify", "-in", "test.cms",
 109         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 110     ],
 111
 112     [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
 113       [ "-sign", "-in", $smcont,
 114         "-signer", catfile($smdir, "smrsa1.pem"),
 115         "-signer", catfile($smdir, "smrsa2.pem"),
 116         "-signer", catfile($smdir, "smdsa1.pem"),
 117         "-signer", catfile($smdir, "smdsa2.pem"),
 118         "-stream", "-out", "test.cms" ],
 119       [ "-verify", "-in", "test.cms",
 120         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 121     ],
 122
 123     [ "enveloped content test streaming S/MIME format, 3 recipients",
 124       [ "-encrypt", "-in", $smcont,
 125         "-stream", "-out", "test.cms",
 126         catfile($smdir, "smrsa1.pem"),
 127         catfile($smdir, "smrsa2.pem"),
 128         catfile($smdir, "smrsa3.pem") ],
 129       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 130         "-in", "test.cms", "-out", "smtst.txt" ]
 131     ],
 132
 133     [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
 134       [ "-encrypt", "-in", $smcont,
 135         "-stream", "-out", "test.cms",
 136         catfile($smdir, "smrsa1.pem"),
 137         catfile($smdir, "smrsa2.pem"),
 138         catfile($smdir, "smrsa3.pem") ],
 139       [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
 140         "-in", "test.cms", "-out", "smtst.txt" ]
 141     ],
 142
 143     [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
 144       [ "-encrypt", "-in", $smcont,
 145         "-stream", "-out", "test.cms",
 146         catfile($smdir, "smrsa1.pem"),
 147         catfile($smdir, "smrsa2.pem"),
 148         catfile($smdir, "smrsa3.pem") ],
 149       [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
 150         "-in", "test.cms", "-out", "smtst.txt" ]
 151     ],
 152
 153     [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
 154       [ "-encrypt", "-in", $smcont,
 155         "-aes256", "-stream", "-out", "test.cms",
 156         catfile($smdir, "smrsa1.pem"),
 157         catfile($smdir, "smrsa2.pem"),
 158         catfile($smdir, "smrsa3.pem") ],
 159       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 160         "-in", "test.cms", "-out", "smtst.txt" ]
 161     ],
 162
 163 );
 164
 165 my @smime_cms_tests = (
 166
 167     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
 168       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
 169         "-signer", catfile($smdir, "smrsa1.pem"),
 170         "-signer", catfile($smdir, "smrsa2.pem"),
 171         "-signer", catfile($smdir, "smdsa1.pem"),
 172         "-signer", catfile($smdir, "smdsa2.pem"),
 173         "-stream", "-out", "test.cms" ],
 174       [ "-verify", "-in", "test.cms", "-inform", "DER",
 175         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 176     ],
 177
 178     [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
 179       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 180         "-signer", catfile($smdir, "smrsa1.pem"),
 181         "-signer", catfile($smdir, "smrsa2.pem"),
 182         "-signer", catfile($smdir, "smdsa1.pem"),
 183         "-signer", catfile($smdir, "smdsa2.pem"),
 184         "-stream", "-out", "test.cms" ],
 185       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 186         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 187     ],
 188
 189     [ "signed content MIME format, RSA key, signed receipt request",
 190       [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
 191         "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
 192         "-out", "test.cms" ],
 193       [ "-verify", "-in", "test.cms",
 194         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 195     ],
 196
 197     [ "signed receipt MIME format, RSA key",
 198       [ "-sign_receipt", "-in", "test.cms",
 199         "-signer", catfile($smdir, "smrsa2.pem"),
 200         "-out", "test2.cms" ],
 201       [ "-verify_receipt", "test2.cms", "-in", "test.cms",
 202         "-CAfile", catfile($smdir, "smroot.pem") ]
 203     ],
 204
 205     [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
 206       [ "-encrypt", "-in", $smcont,
 207         "-stream", "-out", "test.cms", "-keyid",
 208         catfile($smdir, "smrsa1.pem"),
 209         catfile($smdir, "smrsa2.pem"),
 210         catfile($smdir, "smrsa3.pem") ],
 211       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 212         "-in", "test.cms", "-out", "smtst.txt" ]
 213     ],
 214
 215     [ "enveloped content test streaming PEM format, KEK",
 216       [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
 217         "-stream", "-out", "test.cms",
 218         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 219         "-secretkeyid", "C0FEE0" ],
 220       [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
 221         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 222         "-secretkeyid", "C0FEE0" ]
 223     ],
 224
 225     [ "enveloped content test streaming PEM format, KEK, key only",
 226       [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
 227         "-stream", "-out", "test.cms",
 228         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 229         "-secretkeyid", "C0FEE0" ],
 230       [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
 231         "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
 232     ],
 233
 234     [ "data content test streaming PEM format",
 235       [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
 236         "-stream", "-out", "test.cms" ],
 237       [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
 238     ],
 239
 240     [ "encrypted content test streaming PEM format, 128 bit RC2 key",
 241       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 242         "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
 243         "-stream", "-out", "test.cms" ],
 244       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 245         "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
 246     ],
 247
 248     [ "encrypted content test streaming PEM format, 40 bit RC2 key",
 249       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 250         "-rc2", "-secretkey", "0001020304",
 251         "-stream", "-out", "test.cms" ],
 252       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 253         "-secretkey", "0001020304", "-out", "smtst.txt" ]
 254     ],
 255
 256     [ "encrypted content test streaming PEM format, triple DES key",
 257       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 258         "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
 259         "-stream", "-out", "test.cms" ],
 260       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 261         "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
 262         "-out", "smtst.txt" ]
 263     ],
 264
 265     [ "encrypted content test streaming PEM format, 128 bit AES key",
 266       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 267         "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
 268         "-stream", "-out", "test.cms" ],
 269       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 270         "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
 271     ],
 272
 273 );
 274
 275 my @smime_cms_comp_tests = (
 276
 277     [ "compressed content test streaming PEM format",
 278       [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
 279         "-stream", "-out", "test.cms" ],
 280       [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
 281     ]
 282
 283 );
 284
 285 my @smime_cms_param_tests = (
 286     [ "signed content test streaming PEM format, RSA keys, PSS signature",
 287       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 288         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 289         "-out", "test.cms" ],
 290       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 291         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 292     ],
 293
 294     [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
 295       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
 296         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 297         "-out", "test.cms" ],
 298       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 299         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 300     ],
 301
 302     [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
 303       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 304         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 305         "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
 306       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 307         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 308     ],
 309
 310     [ "enveloped content test streaming S/MIME format, OAEP default parameters",
 311       [ "-encrypt", "-in", $smcont,
 312         "-stream", "-out", "test.cms",
 313         "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
 314       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 315         "-in", "test.cms", "-out", "smtst.txt" ]
 316     ],
 317
 318     [ "enveloped content test streaming S/MIME format, OAEP SHA256",
 319       [ "-encrypt", "-in", $smcont,
 320         "-stream", "-out", "test.cms",
 321         "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
 322         "-keyopt", "rsa_oaep_md:sha256" ],
 323       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 324         "-in", "test.cms", "-out", "smtst.txt" ]
 325     ],
 326
 327     [ "enveloped content test streaming S/MIME format, ECDH",
 328       [ "-encrypt", "-in", $smcont,
 329         "-stream", "-out", "test.cms",
 330         "-recip", catfile($smdir, "smec1.pem") ],
 331       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 332         "-in", "test.cms", "-out", "smtst.txt" ]
 333     ],
 334
 335     [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
 336       [ "-encrypt", "-keyid", "-in", $smcont,
 337         "-stream", "-out", "test.cms",
 338         "-recip", catfile($smdir, "smec1.pem") ],
 339       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 340         "-in", "test.cms", "-out", "smtst.txt" ]
 341     ],
 342
 343     [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
 344       [ "-encrypt", "-in", $smcont,
 345         "-stream", "-out", "test.cms",
 346         "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
 347       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 348         "-in", "test.cms", "-out", "smtst.txt" ]
 349     ],
 350
 351     [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
 352       [ "-encrypt", "-in", $smcont,
 353         "-stream", "-out", "test.cms",
 354         "-recip", catfile($smdir, "smec2.pem"), "-aes128",
 355         "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
 356       [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
 357         "-in", "test.cms", "-out", "smtst.txt" ]
 358     ],
 359
 360     [ "enveloped content test streaming S/MIME format, X9.42 DH",
 361       [ "-encrypt", "-in", $smcont,
 362         "-stream", "-out", "test.cms",
 363         "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
 364       [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
 365         "-in", "test.cms", "-out", "smtst.txt" ]
 366     ]
 367     );
 368
 369 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
 370     plan tests => scalar @smime_pkcs7_tests;
 371
 372     foreach (@smime_pkcs7_tests) {
 373       SKIP: {
 374           my $skip_reason = check_availability($$_[0]);
 375           skip $skip_reason, 1 if $skip_reason;
 376
 377           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 378              && run(app(["openssl", "smime", @{$$_[2]}]))
 379              && compare_text($smcont, "smtst.txt") == 0,
 380              $$_[0]);
 381         }
 382     }
 383 };
 384 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
 385     plan tests => scalar @smime_pkcs7_tests;
 386
 387     foreach (@smime_pkcs7_tests) {
 388       SKIP: {
 389           my $skip_reason = check_availability($$_[0]);
 390           skip $skip_reason, 1 if $skip_reason;
 391
 392           ok(run(app(["openssl", "smime", @{$$_[1]}]))
 393              && run(app(["openssl", "cms", @{$$_[2]}]))
 394              && compare_text($smcont, "smtst.txt") == 0,
 395              $$_[0]);
 396         }
 397     }
 398 };
 399
 400 subtest "CMS <=> CMS consistency tests\n" => sub {
 401     plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
 402
 403     foreach (@smime_pkcs7_tests) {
 404       SKIP: {
 405           my $skip_reason = check_availability($$_[0]);
 406           skip $skip_reason, 1 if $skip_reason;
 407
 408           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 409              && run(app(["openssl", "cms", @{$$_[2]}]))
 410              && compare_text($smcont, "smtst.txt") == 0,
 411              $$_[0]);
 412         }
 413     }
 414     foreach (@smime_cms_tests) {
 415       SKIP: {
 416           my $skip_reason = check_availability($$_[0]);
 417           skip $skip_reason, 1 if $skip_reason;
 418
 419           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 420              && run(app(["openssl", "cms", @{$$_[2]}]))
 421              && compare_text($smcont, "smtst.txt") == 0,
 422              $$_[0]);
 423         }
 424     }
 425 };
 426
 427 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
 428     plan tests =>
 429         (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
 430
 431     foreach (@smime_cms_param_tests) {
 432       SKIP: {
 433           my $skip_reason = check_availability($$_[0]);
 434           skip $skip_reason, 1 if $skip_reason;
 435
 436           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 437              && run(app(["openssl", "cms", @{$$_[2]}]))
 438              && compare_text($smcont, "smtst.txt") == 0,
 439              $$_[0]);
 440         }
 441     }
 442
 443   SKIP: {
 444       skip("Zlib not supported: compression tests skipped",
 445            scalar @smime_cms_comp_tests)
 446           unless grep /ZLIB/, run(app(["openssl", "version", "-f"]),
 447                                   capture => 1);
 448
 449       foreach (@smime_cms_param_tests) {
 450         SKIP: {
 451             my $skip_reason = check_availability($$_[0]);
 452             skip $skip_reason, 1 if $skip_reason;
 453
 454             ok(run(app(["openssl", "cms", @{$$_[1]}]))
 455                && run(app(["openssl", "cms", @{$$_[2]}]))
 456                && compare_text($smcont, "smtst.txt") == 0,
 457                $$_[0]);
 458           }
 459       }
 460     }
 461 };
 462
 463 unlink "test.cms";
 464 unlink "test2.cms";
 465 unlink "smtst.txt";
 466
 467 sub check_availability {
 468     my $tnam = shift;
 469
 470     return "$tnam: skipped, EC disabled\n"
 471         if ($no_ec && $tnam =~ /ECDH/);
 472     return "$tnam: skipped, ECDH disabled\n"
 473         if ($no_ecdh && $tnam =~ /ECDH/);
 474     return "$tnam: skipped, EC2M disabled\n"
 475         if ($no_ec2m && $tnam =~ /K-283/);
 476     return "";
 477 }