1 files changed, 10 insertions, 3 deletions

diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
index 6f66cd84dd..70b0f618ff 100644
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -321,6 +321,10 @@ static int test_sig(gnutls_pk_algorithm_t pk,
 	gnutls_datum_t sig = { NULL, 0 };
 	gnutls_pubkey_t pub = NULL;
 	char param_name[32];
+	unsigned vflags = 0;
+
+	if (sigalgo == GNUTLS_SIGN_GOST_94)
+		vflags |= GNUTLS_VERIFY_ALLOW_BROKEN;
 
 	ret = gnutls_privkey_init(&key);
 	if (ret < 0)
@@ -427,7 +431,7 @@ static int test_sig(gnutls_pk_algorithm_t pk,
 	}
 
 	ret =
-	    gnutls_pubkey_verify_data2(pub, sigalgo, 0,
+	    gnutls_pubkey_verify_data2(pub, sigalgo, vflags,
 				       &signed_data, &sig);
 	if (ret < 0) {
 		ret = GNUTLS_E_SELF_TEST_ERROR;
@@ -436,7 +440,7 @@ static int test_sig(gnutls_pk_algorithm_t pk,
 	}
 
 	ret =
-	    gnutls_pubkey_verify_data2(pub, sigalgo, 0,
+	    gnutls_pubkey_verify_data2(pub, sigalgo, vflags,
 				       &bad_data, &sig);
 
 	if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) {
@@ -475,6 +479,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
 	gnutls_pubkey_t pub = NULL;
 	gnutls_privkey_t key;
 	char param_name[32];
+	unsigned vflags = 0;
 
 	if (pk == GNUTLS_PK_EC ||
 	    pk == GNUTLS_PK_GOST_01 ||
@@ -484,6 +489,8 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
 		snprintf(param_name, sizeof(param_name), "%s",
 			 gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE
 						   (bits)));
+		if (dig == GNUTLS_DIG_GOSTR_94)
+			vflags |= GNUTLS_VERIFY_ALLOW_BROKEN;
 	} else {
 		snprintf(param_name, sizeof(param_name), "%u", bits);
 	}
@@ -553,7 +560,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
 	}
 
 	ret =
-	    gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
+	    gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), vflags,
 				       &signed_data, &sig);
 	if (ret < 0) {
 		ret = GNUTLS_E_SELF_TEST_ERROR;