From 8a89eb9a466a64285c67998f0ce1bc257bd9e8d2 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 22 Mar 2023 12:51:49 +0700
Subject: Falcon: delay complete_private() verify failure for potential
 vulnerability

---
 crypto/src/pqc/crypto/falcon/FalconVrfy.cs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/src/pqc/crypto/falcon/FalconVrfy.cs b/crypto/src/pqc/crypto/falcon/FalconVrfy.cs
index 4f28a77d9..a678937d5 100644
--- a/crypto/src/pqc/crypto/falcon/FalconVrfy.cs
+++ b/crypto/src/pqc/crypto/falcon/FalconVrfy.cs
@@ -712,6 +712,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon
             sbyte[] fsrc, int f, sbyte[] gsrc, int g, sbyte[] Fsrc, int F,
             uint logn, ushort[] tmpsrc, int tmp)
         {
+            int success = 1;
             int u, n;
             int t1, t2;
 
@@ -732,7 +733,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon
             mq_NTT(tmpsrc, t2, logn);
             for (u = 0; u < n; u ++) {
                 if (tmpsrc[t2+u] == 0) {
-                    return 0;
+                    success = 0;
                 }
                 tmpsrc[t1+u] = (ushort)mq_div_12289(tmpsrc[t1+u], tmpsrc[t2+u]);
             }
@@ -746,11 +747,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Falcon
                 //gi = *(int *)&w;
                 gi = (int)w;
                 if (gi < -127 || gi > +127) {
-                    return 0;
+                    success = 0;
                 }
                 Gsrc[G+u] = (sbyte)gi;
             }
-            return 1;
+            return success;
         }
 
         internal int is_invertible(
-- 
cgit 1.4.1