From d3c10161e3b13bf9352ad4e53dddfde955b04c71 Mon Sep 17 00:00:00 2001
From: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Tue, 9 Aug 2022 17:26:41 +0200
Subject: [PATCH] add warning about HQC [skip ci] (#1284)

---
 docs/algorithms/kem/hqc.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/algorithms/kem/hqc.md b/docs/algorithms/kem/hqc.md
index e28bdf12c..914f46635 100644
--- a/docs/algorithms/kem/hqc.md
+++ b/docs/algorithms/kem/hqc.md
@@ -12,6 +12,10 @@
   - https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc, which takes it from:
   - submission 2020-10-01 at https://pqc-hqc.org/implementation.html
 
+## Security advisory
+
+The implementation is [known to *not* provide constant time execution properties](https://github.com/open-quantum-safe/liboqs/issues/995).
+
 ## Parameter set summary
 
 |  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
@@ -51,4 +55,4 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 
 ## Explanation of Terms
 
-- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
\ No newline at end of file
+- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.