test/recipes/80-test_cms.t

   1 #! /usr/bin/perl
   2
   3 use strict;
   4 use warnings;
   5
   6 use POSIX;
   7 use File::Spec::Functions qw/catfile/;
   8 use File::Compare qw/compare_text/;
   9 use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
  10
  11 setup("test_cms");
  12
  13 my $smdir    = top_dir("test", "smime-certs");
  14 my $smcont   = top_file("test", "smcont.txt");
  15 my $no_ec    = run(app(["openssl", "no-ec"], stdout => undef));
  16 my $no_ec2m  = run(app(["openssl", "no-ec2m"], stdout => undef));
  17 my $no_ecdh  = run(app(["openssl", "no-ecdh"], stdout => undef));
  18
  19 plan tests => 4;
  20
  21 my @smime_pkcs7_tests = (
  22
  23     [ "signed content DER format, RSA key",
  24       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  25         "-certfile", catfile($smdir, "smroot.pem"),
  26         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  27       [ "-verify", "-in", "test.cms", "-inform", "DER",
  28         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  29     ],
  30
  31     [ "signed detached content DER format, RSA key",
  32       [ "-sign", "-in", $smcont, "-outform", "DER",
  33         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  34       [ "-verify", "-in", "test.cms", "-inform", "DER",
  35         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  36         "-content", $smcont ]
  37     ],
  38
  39     [ "signed content test streaming BER format, RSA",
  40       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  41         "-stream",
  42         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  43       [ "-verify", "-in", "test.cms", "-inform", "DER",
  44         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  45     ],
  46
  47     [ "signed content DER format, DSA key",
  48       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  49         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  50       [ "-verify", "-in", "test.cms", "-inform", "DER",
  51         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  52     ],
  53
  54     [ "signed detached content DER format, DSA key",
  55       [ "-sign", "-in", $smcont, "-outform", "DER",
  56         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  57       [ "-verify", "-in", "test.cms", "-inform", "DER",
  58         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  59         "-content", $smcont ]
  60     ],
  61
  62     [ "signed detached content DER format, add RSA signer",
  63       [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
  64         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
  65       [ "-verify", "-in", "test2.cms", "-inform", "DER",
  66         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  67         "-content", $smcont ]
  68     ],
  69
  70     [ "signed content test streaming BER format, DSA key",
  71       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  72         "-stream",
  73         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  74       [ "-verify", "-in", "test.cms", "-inform", "DER",
  75         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  76     ],
  77
  78     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
  79       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  80         "-signer", catfile($smdir, "smrsa1.pem"),
  81         "-signer", catfile($smdir, "smrsa2.pem"),
  82         "-signer", catfile($smdir, "smdsa1.pem"),
  83         "-signer", catfile($smdir, "smdsa2.pem"),
  84         "-stream", "-out", "test.cms" ],
  85       [ "-verify", "-in", "test.cms", "-inform", "DER",
  86         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  87     ],
  88
  89     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
  90       [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
  91         "-signer", catfile($smdir, "smrsa1.pem"),
  92         "-signer", catfile($smdir, "smrsa2.pem"),
  93         "-signer", catfile($smdir, "smdsa1.pem"),
  94         "-signer", catfile($smdir, "smdsa2.pem"),
  95         "-stream", "-out", "test.cms" ],
  96       [ "-verify", "-in", "test.cms", "-inform", "DER",
  97         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  98     ],
  99
 100     [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
 101       [ "-sign", "-in", $smcont, "-nodetach",
 102         "-signer", catfile($smdir, "smrsa1.pem"),
 103         "-signer", catfile($smdir, "smrsa2.pem"),
 104         "-signer", catfile($smdir, "smdsa1.pem"),
 105         "-signer", catfile($smdir, "smdsa2.pem"),
 106         "-stream", "-out", "test.cms" ],
 107       [ "-verify", "-in", "test.cms",
 108         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 109     ],
 110
 111     [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
 112       [ "-sign", "-in", $smcont,
 113         "-signer", catfile($smdir, "smrsa1.pem"),
 114         "-signer", catfile($smdir, "smrsa2.pem"),
 115         "-signer", catfile($smdir, "smdsa1.pem"),
 116         "-signer", catfile($smdir, "smdsa2.pem"),
 117         "-stream", "-out", "test.cms" ],
 118       [ "-verify", "-in", "test.cms",
 119         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 120     ],
 121
 122     [ "enveloped content test streaming S/MIME format, 3 recipients",
 123       [ "-encrypt", "-in", $smcont,
 124         "-stream", "-out", "test.cms",
 125         catfile($smdir, "smrsa1.pem"),
 126         catfile($smdir, "smrsa2.pem"),
 127         catfile($smdir, "smrsa3.pem") ],
 128       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 129         "-in", "test.cms", "-out", "smtst.txt" ]
 130     ],
 131
 132     [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
 133       [ "-encrypt", "-in", $smcont,
 134         "-stream", "-out", "test.cms",
 135         catfile($smdir, "smrsa1.pem"),
 136         catfile($smdir, "smrsa2.pem"),
 137         catfile($smdir, "smrsa3.pem") ],
 138       [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
 139         "-in", "test.cms", "-out", "smtst.txt" ]
 140     ],
 141
 142     [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
 143       [ "-encrypt", "-in", $smcont,
 144         "-stream", "-out", "test.cms",
 145         catfile($smdir, "smrsa1.pem"),
 146         catfile($smdir, "smrsa2.pem"),
 147         catfile($smdir, "smrsa3.pem") ],
 148       [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
 149         "-in", "test.cms", "-out", "smtst.txt" ]
 150     ],
 151
 152     [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
 153       [ "-encrypt", "-in", $smcont,
 154         "-aes256", "-stream", "-out", "test.cms",
 155         catfile($smdir, "smrsa1.pem"),
 156         catfile($smdir, "smrsa2.pem"),
 157         catfile($smdir, "smrsa3.pem") ],
 158       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 159         "-in", "test.cms", "-out", "smtst.txt" ]
 160     ],
 161
 162 );
 163
 164 my @smime_cms_tests = (
 165
 166     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
 167       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
 168         "-signer", catfile($smdir, "smrsa1.pem"),
 169         "-signer", catfile($smdir, "smrsa2.pem"),
 170         "-signer", catfile($smdir, "smdsa1.pem"),
 171         "-signer", catfile($smdir, "smdsa2.pem"),
 172         "-stream", "-out", "test.cms" ],
 173       [ "-verify", "-in", "test.cms", "-inform", "DER",
 174         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 175     ],
 176
 177     [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
 178       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 179         "-signer", catfile($smdir, "smrsa1.pem"),
 180         "-signer", catfile($smdir, "smrsa2.pem"),
 181         "-signer", catfile($smdir, "smdsa1.pem"),
 182         "-signer", catfile($smdir, "smdsa2.pem"),
 183         "-stream", "-out", "test.cms" ],
 184       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 185         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 186     ],
 187
 188     [ "signed content MIME format, RSA key, signed receipt request",
 189       [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
 190         "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
 191         "-out", "test.cms" ],
 192       [ "-verify", "-in", "test.cms",
 193         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 194     ],
 195
 196     [ "signed receipt MIME format, RSA key",
 197       [ "-sign_receipt", "-in", "test.cms",
 198         "-signer", catfile($smdir, "smrsa2.pem"),
 199         "-out", "test2.cms" ],
 200       [ "-verify_receipt", "test2.cms", "-in", "test.cms",
 201         "-CAfile", catfile($smdir, "smroot.pem") ]
 202     ],
 203
 204     [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
 205       [ "-encrypt", "-in", $smcont,
 206         "-stream", "-out", "test.cms", "-keyid",
 207         catfile($smdir, "smrsa1.pem"),
 208         catfile($smdir, "smrsa2.pem"),
 209         catfile($smdir, "smrsa3.pem") ],
 210       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 211         "-in", "test.cms", "-out", "smtst.txt" ]
 212     ],
 213
 214     [ "enveloped content test streaming PEM format, KEK",
 215       [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
 216         "-stream", "-out", "test.cms",
 217         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 218         "-secretkeyid", "C0FEE0" ],
 219       [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
 220         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 221         "-secretkeyid", "C0FEE0" ]
 222     ],
 223
 224     [ "enveloped content test streaming PEM format, KEK, key only",
 225       [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
 226         "-stream", "-out", "test.cms",
 227         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 228         "-secretkeyid", "C0FEE0" ],
 229       [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
 230         "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
 231     ],
 232
 233     [ "data content test streaming PEM format",
 234       [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
 235         "-stream", "-out", "test.cms" ],
 236       [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
 237     ],
 238
 239     [ "encrypted content test streaming PEM format, 128 bit RC2 key",
 240       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 241         "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
 242         "-stream", "-out", "test.cms" ],
 243       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 244         "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
 245     ],
 246
 247     [ "encrypted content test streaming PEM format, 40 bit RC2 key",
 248       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 249         "-rc2", "-secretkey", "0001020304",
 250         "-stream", "-out", "test.cms" ],
 251       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 252         "-secretkey", "0001020304", "-out", "smtst.txt" ]
 253     ],
 254
 255     [ "encrypted content test streaming PEM format, triple DES key",
 256       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 257         "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
 258         "-stream", "-out", "test.cms" ],
 259       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 260         "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
 261         "-out", "smtst.txt" ]
 262     ],
 263
 264     [ "encrypted content test streaming PEM format, 128 bit AES key",
 265       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 266         "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
 267         "-stream", "-out", "test.cms" ],
 268       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 269         "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
 270     ],
 271
 272 );
 273
 274 my @smime_cms_comp_tests = (
 275
 276     [ "compressed content test streaming PEM format",
 277       [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
 278         "-stream", "-out", "test.cms" ],
 279       [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
 280     ]
 281
 282 );
 283
 284 my @smime_cms_param_tests = (
 285     [ "signed content test streaming PEM format, RSA keys, PSS signature",
 286       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 287         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 288         "-out", "test.cms" ],
 289       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 290         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 291     ],
 292
 293     [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
 294       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
 295         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 296         "-out", "test.cms" ],
 297       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 298         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 299     ],
 300
 301     [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
 302       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 303         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 304         "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
 305       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 306         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 307     ],
 308
 309     [ "enveloped content test streaming S/MIME format, OAEP default parameters",
 310       [ "-encrypt", "-in", $smcont,
 311         "-stream", "-out", "test.cms",
 312         "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
 313       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 314         "-in", "test.cms", "-out", "smtst.txt" ]
 315     ],
 316
 317     [ "enveloped content test streaming S/MIME format, OAEP SHA256",
 318       [ "-encrypt", "-in", $smcont,
 319         "-stream", "-out", "test.cms",
 320         "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
 321         "-keyopt", "rsa_oaep_md:sha256" ],
 322       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 323         "-in", "test.cms", "-out", "smtst.txt" ]
 324     ],
 325
 326     [ "enveloped content test streaming S/MIME format, ECDH",
 327       [ "-encrypt", "-in", $smcont,
 328         "-stream", "-out", "test.cms",
 329         "-recip", catfile($smdir, "smec1.pem") ],
 330       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 331         "-in", "test.cms", "-out", "smtst.txt" ]
 332     ],
 333
 334     [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
 335       [ "-encrypt", "-keyid", "-in", $smcont,
 336         "-stream", "-out", "test.cms",
 337         "-recip", catfile($smdir, "smec1.pem") ],
 338       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 339         "-in", "test.cms", "-out", "smtst.txt" ]
 340     ],
 341
 342     [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
 343       [ "-encrypt", "-in", $smcont,
 344         "-stream", "-out", "test.cms",
 345         "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
 346       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 347         "-in", "test.cms", "-out", "smtst.txt" ]
 348     ],
 349
 350     [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
 351       [ "-encrypt", "-in", $smcont,
 352         "-stream", "-out", "test.cms",
 353         "-recip", catfile($smdir, "smec2.pem"), "-aes128",
 354         "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
 355       [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
 356         "-in", "test.cms", "-out", "smtst.txt" ]
 357     ],
 358
 359     [ "enveloped content test streaming S/MIME format, X9.42 DH",
 360       [ "-encrypt", "-in", $smcont,
 361         "-stream", "-out", "test.cms",
 362         "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
 363       [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
 364         "-in", "test.cms", "-out", "smtst.txt" ]
 365     ]
 366     );
 367
 368 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
 369     plan tests => scalar @smime_pkcs7_tests;
 370
 371     foreach (@smime_pkcs7_tests) {
 372       SKIP: {
 373           my $skip_reason = check_availability($$_[0]);
 374           skip $skip_reason, 1 if $skip_reason;
 375
 376           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 377              && run(app(["openssl", "smime", @{$$_[2]}]))
 378              && compare_text($smcont, "smtst.txt") == 0,
 379              $$_[0]);
 380         }
 381     }
 382 };
 383 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
 384     plan tests => scalar @smime_pkcs7_tests;
 385
 386     foreach (@smime_pkcs7_tests) {
 387       SKIP: {
 388           my $skip_reason = check_availability($$_[0]);
 389           skip $skip_reason, 1 if $skip_reason;
 390
 391           ok(run(app(["openssl", "smime", @{$$_[1]}]))
 392              && run(app(["openssl", "cms", @{$$_[2]}]))
 393              && compare_text($smcont, "smtst.txt") == 0,
 394              $$_[0]);
 395         }
 396     }
 397 };
 398
 399 subtest "CMS <=> CMS consistency tests\n" => sub {
 400     plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
 401
 402     foreach (@smime_pkcs7_tests) {
 403       SKIP: {
 404           my $skip_reason = check_availability($$_[0]);
 405           skip $skip_reason, 1 if $skip_reason;
 406
 407           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 408              && run(app(["openssl", "cms", @{$$_[2]}]))
 409              && compare_text($smcont, "smtst.txt") == 0,
 410              $$_[0]);
 411         }
 412     }
 413     foreach (@smime_cms_tests) {
 414       SKIP: {
 415           my $skip_reason = check_availability($$_[0]);
 416           skip $skip_reason, 1 if $skip_reason;
 417
 418           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 419              && run(app(["openssl", "cms", @{$$_[2]}]))
 420              && compare_text($smcont, "smtst.txt") == 0,
 421              $$_[0]);
 422         }
 423     }
 424 };
 425
 426 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
 427     plan tests =>
 428         (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
 429
 430     foreach (@smime_cms_param_tests) {
 431       SKIP: {
 432           my $skip_reason = check_availability($$_[0]);
 433           skip $skip_reason, 1 if $skip_reason;
 434
 435           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 436              && run(app(["openssl", "cms", @{$$_[2]}]))
 437              && compare_text($smcont, "smtst.txt") == 0,
 438              $$_[0]);
 439         }
 440     }
 441
 442   SKIP: {
 443       skip("Zlib not supported: compression tests skipped",
 444            scalar @smime_cms_comp_tests)
 445           unless grep /ZLIB/, run(app(["openssl", "version", "-f"]),
 446                                   capture => 1);
 447
 448       foreach (@smime_cms_param_tests) {
 449         SKIP: {
 450             my $skip_reason = check_availability($$_[0]);
 451             skip $skip_reason, 1 if $skip_reason;
 452
 453             ok(run(app(["openssl", "cms", @{$$_[1]}]))
 454                && run(app(["openssl", "cms", @{$$_[2]}]))
 455                && compare_text($smcont, "smtst.txt") == 0,
 456                $$_[0]);
 457           }
 458       }
 459     }
 460 };
 461
 462 unlink "test.cms";
 463 unlink "test2.cms";
 464 unlink "smtst.txt";
 465
 466 sub check_availability {
 467     my $tnam = shift;
 468
 469     return "$tnam: skipped, EC disabled\n"
 470         if ($no_ec && $tnam =~ /ECDH/);
 471     return "$tnam: skipped, ECDH disabled\n"
 472         if ($no_ecdh && $tnam =~ /ECDH/);
 473     return "$tnam: skipped, EC2M disabled\n"
 474         if ($no_ec2m && $tnam =~ /K-283/);
 475     return "";
 476 }