test/recipes/80-test_cms.t

   1 #! /usr/bin/perl
   2
   3 use strict;
   4 use warnings;
   5
   6 use POSIX;
   7 use File::Spec::Functions qw/catfile/;
   8 use File::Compare qw/compare_text/;
   9 use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
  10 use OpenSSL::Test::Utils;
  11
  12 setup("test_cms");
  13
  14 my $smdir    = srctop_dir("test", "smime-certs");
  15 my $smcont   = srctop_file("test", "smcont.txt");
  16 my ($no_dh, $no_ec, $no_ec2m, $no_zlib) = disabled qw/dh ec ec2m zlib/;
  17
  18 plan tests => 4;
  19
  20 my @smime_pkcs7_tests = (
  21
  22     [ "signed content DER format, RSA key",
  23       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  24         "-certfile", catfile($smdir, "smroot.pem"),
  25         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  26       [ "-verify", "-in", "test.cms", "-inform", "DER",
  27         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  28     ],
  29
  30     [ "signed detached content DER format, RSA key",
  31       [ "-sign", "-in", $smcont, "-outform", "DER",
  32         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  33       [ "-verify", "-in", "test.cms", "-inform", "DER",
  34         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  35         "-content", $smcont ]
  36     ],
  37
  38     [ "signed content test streaming BER format, RSA",
  39       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  40         "-stream",
  41         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  42       [ "-verify", "-in", "test.cms", "-inform", "DER",
  43         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  44     ],
  45
  46     [ "signed content DER format, DSA key",
  47       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  48         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  49       [ "-verify", "-in", "test.cms", "-inform", "DER",
  50         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  51     ],
  52
  53     [ "signed detached content DER format, DSA key",
  54       [ "-sign", "-in", $smcont, "-outform", "DER",
  55         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  56       [ "-verify", "-in", "test.cms", "-inform", "DER",
  57         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  58         "-content", $smcont ]
  59     ],
  60
  61     [ "signed detached content DER format, add RSA signer",
  62       [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
  63         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
  64       [ "-verify", "-in", "test2.cms", "-inform", "DER",
  65         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  66         "-content", $smcont ]
  67     ],
  68
  69     [ "signed content test streaming BER format, DSA key",
  70       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  71         "-stream",
  72         "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  73       [ "-verify", "-in", "test.cms", "-inform", "DER",
  74         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  75     ],
  76
  77     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
  78       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  79         "-signer", catfile($smdir, "smrsa1.pem"),
  80         "-signer", catfile($smdir, "smrsa2.pem"),
  81         "-signer", catfile($smdir, "smdsa1.pem"),
  82         "-signer", catfile($smdir, "smdsa2.pem"),
  83         "-stream", "-out", "test.cms" ],
  84       [ "-verify", "-in", "test.cms", "-inform", "DER",
  85         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  86     ],
  87
  88     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
  89       [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
  90         "-signer", catfile($smdir, "smrsa1.pem"),
  91         "-signer", catfile($smdir, "smrsa2.pem"),
  92         "-signer", catfile($smdir, "smdsa1.pem"),
  93         "-signer", catfile($smdir, "smdsa2.pem"),
  94         "-stream", "-out", "test.cms" ],
  95       [ "-verify", "-in", "test.cms", "-inform", "DER",
  96         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  97     ],
  98
  99     [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
 100       [ "-sign", "-in", $smcont, "-nodetach",
 101         "-signer", catfile($smdir, "smrsa1.pem"),
 102         "-signer", catfile($smdir, "smrsa2.pem"),
 103         "-signer", catfile($smdir, "smdsa1.pem"),
 104         "-signer", catfile($smdir, "smdsa2.pem"),
 105         "-stream", "-out", "test.cms" ],
 106       [ "-verify", "-in", "test.cms",
 107         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 108     ],
 109
 110     [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
 111       [ "-sign", "-in", $smcont,
 112         "-signer", catfile($smdir, "smrsa1.pem"),
 113         "-signer", catfile($smdir, "smrsa2.pem"),
 114         "-signer", catfile($smdir, "smdsa1.pem"),
 115         "-signer", catfile($smdir, "smdsa2.pem"),
 116         "-stream", "-out", "test.cms" ],
 117       [ "-verify", "-in", "test.cms",
 118         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 119     ],
 120
 121     [ "enveloped content test streaming S/MIME format, 3 recipients",
 122       [ "-encrypt", "-in", $smcont,
 123         "-stream", "-out", "test.cms",
 124         catfile($smdir, "smrsa1.pem"),
 125         catfile($smdir, "smrsa2.pem"),
 126         catfile($smdir, "smrsa3.pem") ],
 127       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 128         "-in", "test.cms", "-out", "smtst.txt" ]
 129     ],
 130
 131     [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
 132       [ "-encrypt", "-in", $smcont,
 133         "-stream", "-out", "test.cms",
 134         catfile($smdir, "smrsa1.pem"),
 135         catfile($smdir, "smrsa2.pem"),
 136         catfile($smdir, "smrsa3.pem") ],
 137       [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
 138         "-in", "test.cms", "-out", "smtst.txt" ]
 139     ],
 140
 141     [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
 142       [ "-encrypt", "-in", $smcont,
 143         "-stream", "-out", "test.cms",
 144         catfile($smdir, "smrsa1.pem"),
 145         catfile($smdir, "smrsa2.pem"),
 146         catfile($smdir, "smrsa3.pem") ],
 147       [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
 148         "-in", "test.cms", "-out", "smtst.txt" ]
 149     ],
 150
 151     [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
 152       [ "-encrypt", "-in", $smcont,
 153         "-aes256", "-stream", "-out", "test.cms",
 154         catfile($smdir, "smrsa1.pem"),
 155         catfile($smdir, "smrsa2.pem"),
 156         catfile($smdir, "smrsa3.pem") ],
 157       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 158         "-in", "test.cms", "-out", "smtst.txt" ]
 159     ],
 160
 161 );
 162
 163 my @smime_cms_tests = (
 164
 165     [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
 166       [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
 167         "-signer", catfile($smdir, "smrsa1.pem"),
 168         "-signer", catfile($smdir, "smrsa2.pem"),
 169         "-signer", catfile($smdir, "smdsa1.pem"),
 170         "-signer", catfile($smdir, "smdsa2.pem"),
 171         "-stream", "-out", "test.cms" ],
 172       [ "-verify", "-in", "test.cms", "-inform", "DER",
 173         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 174     ],
 175
 176     [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
 177       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 178         "-signer", catfile($smdir, "smrsa1.pem"),
 179         "-signer", catfile($smdir, "smrsa2.pem"),
 180         "-signer", catfile($smdir, "smdsa1.pem"),
 181         "-signer", catfile($smdir, "smdsa2.pem"),
 182         "-stream", "-out", "test.cms" ],
 183       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 184         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 185     ],
 186
 187     [ "signed content MIME format, RSA key, signed receipt request",
 188       [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
 189         "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
 190         "-out", "test.cms" ],
 191       [ "-verify", "-in", "test.cms",
 192         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 193     ],
 194
 195     [ "signed receipt MIME format, RSA key",
 196       [ "-sign_receipt", "-in", "test.cms",
 197         "-signer", catfile($smdir, "smrsa2.pem"),
 198         "-out", "test2.cms" ],
 199       [ "-verify_receipt", "test2.cms", "-in", "test.cms",
 200         "-CAfile", catfile($smdir, "smroot.pem") ]
 201     ],
 202
 203     [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
 204       [ "-encrypt", "-in", $smcont,
 205         "-stream", "-out", "test.cms", "-keyid",
 206         catfile($smdir, "smrsa1.pem"),
 207         catfile($smdir, "smrsa2.pem"),
 208         catfile($smdir, "smrsa3.pem") ],
 209       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 210         "-in", "test.cms", "-out", "smtst.txt" ]
 211     ],
 212
 213     [ "enveloped content test streaming PEM format, KEK",
 214       [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
 215         "-stream", "-out", "test.cms",
 216         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 217         "-secretkeyid", "C0FEE0" ],
 218       [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
 219         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 220         "-secretkeyid", "C0FEE0" ]
 221     ],
 222
 223     [ "enveloped content test streaming PEM format, KEK, key only",
 224       [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
 225         "-stream", "-out", "test.cms",
 226         "-secretkey", "000102030405060708090A0B0C0D0E0F",
 227         "-secretkeyid", "C0FEE0" ],
 228       [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
 229         "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
 230     ],
 231
 232     [ "data content test streaming PEM format",
 233       [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
 234         "-stream", "-out", "test.cms" ],
 235       [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
 236     ],
 237
 238     [ "encrypted content test streaming PEM format, 128 bit RC2 key",
 239       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 240         "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
 241         "-stream", "-out", "test.cms" ],
 242       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 243         "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
 244     ],
 245
 246     [ "encrypted content test streaming PEM format, 40 bit RC2 key",
 247       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 248         "-rc2", "-secretkey", "0001020304",
 249         "-stream", "-out", "test.cms" ],
 250       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 251         "-secretkey", "0001020304", "-out", "smtst.txt" ]
 252     ],
 253
 254     [ "encrypted content test streaming PEM format, triple DES key",
 255       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 256         "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
 257         "-stream", "-out", "test.cms" ],
 258       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 259         "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
 260         "-out", "smtst.txt" ]
 261     ],
 262
 263     [ "encrypted content test streaming PEM format, 128 bit AES key",
 264       [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
 265         "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
 266         "-stream", "-out", "test.cms" ],
 267       [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
 268         "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
 269     ],
 270
 271 );
 272
 273 my @smime_cms_comp_tests = (
 274
 275     [ "compressed content test streaming PEM format",
 276       [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
 277         "-stream", "-out", "test.cms" ],
 278       [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
 279     ]
 280
 281 );
 282
 283 my @smime_cms_param_tests = (
 284     [ "signed content test streaming PEM format, RSA keys, PSS signature",
 285       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 286         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 287         "-out", "test.cms" ],
 288       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 289         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 290     ],
 291
 292     [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
 293       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
 294         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 295         "-out", "test.cms" ],
 296       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 297         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 298     ],
 299
 300     [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
 301       [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
 302         "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
 303         "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
 304       [ "-verify", "-in", "test.cms", "-inform", "PEM",
 305         "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
 306     ],
 307
 308     [ "enveloped content test streaming S/MIME format, OAEP default parameters",
 309       [ "-encrypt", "-in", $smcont,
 310         "-stream", "-out", "test.cms",
 311         "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
 312       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 313         "-in", "test.cms", "-out", "smtst.txt" ]
 314     ],
 315
 316     [ "enveloped content test streaming S/MIME format, OAEP SHA256",
 317       [ "-encrypt", "-in", $smcont,
 318         "-stream", "-out", "test.cms",
 319         "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
 320         "-keyopt", "rsa_oaep_md:sha256" ],
 321       [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
 322         "-in", "test.cms", "-out", "smtst.txt" ]
 323     ],
 324
 325     [ "enveloped content test streaming S/MIME format, ECDH",
 326       [ "-encrypt", "-in", $smcont,
 327         "-stream", "-out", "test.cms",
 328         "-recip", catfile($smdir, "smec1.pem") ],
 329       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 330         "-in", "test.cms", "-out", "smtst.txt" ]
 331     ],
 332
 333     [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
 334       [ "-encrypt", "-keyid", "-in", $smcont,
 335         "-stream", "-out", "test.cms",
 336         "-recip", catfile($smdir, "smec1.pem") ],
 337       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 338         "-in", "test.cms", "-out", "smtst.txt" ]
 339     ],
 340
 341     [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
 342       [ "-encrypt", "-in", $smcont,
 343         "-stream", "-out", "test.cms",
 344         "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
 345       [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
 346         "-in", "test.cms", "-out", "smtst.txt" ]
 347     ],
 348
 349     [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
 350       [ "-encrypt", "-in", $smcont,
 351         "-stream", "-out", "test.cms",
 352         "-recip", catfile($smdir, "smec2.pem"), "-aes128",
 353         "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
 354       [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
 355         "-in", "test.cms", "-out", "smtst.txt" ]
 356     ],
 357
 358     [ "enveloped content test streaming S/MIME format, X9.42 DH",
 359       [ "-encrypt", "-in", $smcont,
 360         "-stream", "-out", "test.cms",
 361         "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
 362       [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
 363         "-in", "test.cms", "-out", "smtst.txt" ]
 364     ]
 365     );
 366
 367 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
 368     plan tests => scalar @smime_pkcs7_tests;
 369
 370     foreach (@smime_pkcs7_tests) {
 371       SKIP: {
 372           my $skip_reason = check_availability($$_[0]);
 373           skip $skip_reason, 1 if $skip_reason;
 374
 375           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 376              && run(app(["openssl", "smime", @{$$_[2]}]))
 377              && compare_text($smcont, "smtst.txt") == 0,
 378              $$_[0]);
 379         }
 380     }
 381 };
 382 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
 383     plan tests => scalar @smime_pkcs7_tests;
 384
 385     foreach (@smime_pkcs7_tests) {
 386       SKIP: {
 387           my $skip_reason = check_availability($$_[0]);
 388           skip $skip_reason, 1 if $skip_reason;
 389
 390           ok(run(app(["openssl", "smime", @{$$_[1]}]))
 391              && run(app(["openssl", "cms", @{$$_[2]}]))
 392              && compare_text($smcont, "smtst.txt") == 0,
 393              $$_[0]);
 394         }
 395     }
 396 };
 397
 398 subtest "CMS <=> CMS consistency tests\n" => sub {
 399     plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
 400
 401     foreach (@smime_pkcs7_tests) {
 402       SKIP: {
 403           my $skip_reason = check_availability($$_[0]);
 404           skip $skip_reason, 1 if $skip_reason;
 405
 406           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 407              && run(app(["openssl", "cms", @{$$_[2]}]))
 408              && compare_text($smcont, "smtst.txt") == 0,
 409              $$_[0]);
 410         }
 411     }
 412     foreach (@smime_cms_tests) {
 413       SKIP: {
 414           my $skip_reason = check_availability($$_[0]);
 415           skip $skip_reason, 1 if $skip_reason;
 416
 417           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 418              && run(app(["openssl", "cms", @{$$_[2]}]))
 419              && compare_text($smcont, "smtst.txt") == 0,
 420              $$_[0]);
 421         }
 422     }
 423 };
 424
 425 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
 426     plan tests =>
 427         (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
 428
 429     foreach (@smime_cms_param_tests) {
 430       SKIP: {
 431           my $skip_reason = check_availability($$_[0]);
 432           skip $skip_reason, 1 if $skip_reason;
 433
 434           ok(run(app(["openssl", "cms", @{$$_[1]}]))
 435              && run(app(["openssl", "cms", @{$$_[2]}]))
 436              && compare_text($smcont, "smtst.txt") == 0,
 437              $$_[0]);
 438         }
 439     }
 440
 441   SKIP: {
 442       skip("Zlib not supported: compression tests skipped",
 443            scalar @smime_cms_comp_tests)
 444           if $no_zlib;
 445
 446       foreach (@smime_cms_comp_tests) {
 447         SKIP: {
 448             my $skip_reason = check_availability($$_[0]);
 449             skip $skip_reason, 1 if $skip_reason;
 450
 451             ok(run(app(["openssl", "cms", @{$$_[1]}]))
 452                && run(app(["openssl", "cms", @{$$_[2]}]))
 453                && compare_text($smcont, "smtst.txt") == 0,
 454                $$_[0]);
 455           }
 456       }
 457     }
 458 };
 459
 460 unlink "test.cms";
 461 unlink "test2.cms";
 462 unlink "smtst.txt";
 463
 464 sub check_availability {
 465     my $tnam = shift;
 466
 467     return "$tnam: skipped, EC disabled\n"
 468         if ($no_ec && $tnam =~ /ECDH/);
 469     return "$tnam: skipped, ECDH disabled\n"
 470         if ($no_ec && $tnam =~ /ECDH/);
 471     return "$tnam: skipped, EC2M disabled\n"
 472         if ($no_ec2m && $tnam =~ /K-283/);
 473     return "$tnam: skipped, DH disabled\n"
 474         if ($no_dh && $tnam =~ /X9\.42/);
 475     return "";
 476 }