From 2f4e40bdd5f1be3753d7bb5a842f09d4521784d7 Mon Sep 17 00:00:00 2001
From: Mike Lodder <redmike7@gmail.com>
Date: Mon, 1 Jun 2026 14:25:12 -0600
Subject: [PATCH 1/2] hqc-kem: fix constant-time nonzero test in
 compute_error_values

Signed-off-by: Mike Lodder <redmike7@gmail.com>
---
 hqc-kem/src/reed_solomon.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hqc-kem/src/reed_solomon.rs b/hqc-kem/src/reed_solomon.rs
index 7466f41..5412381 100644
--- a/hqc-kem/src/reed_solomon.rs
+++ b/hqc-kem/src/reed_solomon.rs
@@ -141,8 +141,9 @@ fn compute_error_values(error_values: &mut [u16], z: &[u16], error: &[u8; 256],
         for j in 0..p.delta {
             // Proper constant-time eq: both are u16
             let diff = (j as u16) ^ delta_counter;
+            let diff_u32 = diff as u32;
             let zero_mask =
-                0u16.wrapping_sub(((diff as u32 | diff.wrapping_neg() as u32) >> 31) as u16);
+                0u16.wrapping_sub(((diff_u32 | diff_u32.wrapping_neg()) >> 31) as u16);
             let eq_mask2 = !zero_mask; // 0xFFFF if j == delta_counter
 
             beta_j[j] ^= found_mask & eq_mask2 & GF_EXP[i];
@@ -184,8 +185,9 @@ fn compute_error_values(error_values: &mut [u16], z: &[u16], error: &[u8; 256],
 
         for j in 0..p.delta {
             let diff = (j as u16) ^ delta_counter;
+            let diff_u32 = diff as u32;
             let zero_mask =
-                0u16.wrapping_sub(((diff as u32 | diff.wrapping_neg() as u32) >> 31) as u16);
+                0u16.wrapping_sub(((diff_u32 | diff_u32.wrapping_neg()) >> 31) as u16);
             let eq_mask = !zero_mask;
 
             error_values[i] ^= found_mask & eq_mask & e_j[j];

From d3a5fd4b30a37331858d6e2edae58ee2cf1cc36a Mon Sep 17 00:00:00 2001
From: Mike Lodder <redmike7@gmail.com>
Date: Tue, 2 Jun 2026 08:08:38 -0600
Subject: [PATCH 2/2] fmt

Signed-off-by: Mike Lodder <redmike7@gmail.com>
---
 hqc-kem/src/reed_solomon.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hqc-kem/src/reed_solomon.rs b/hqc-kem/src/reed_solomon.rs
index 5412381..0993d83 100644
--- a/hqc-kem/src/reed_solomon.rs
+++ b/hqc-kem/src/reed_solomon.rs
@@ -142,8 +142,7 @@ fn compute_error_values(error_values: &mut [u16], z: &[u16], error: &[u8; 256],
             // Proper constant-time eq: both are u16
             let diff = (j as u16) ^ delta_counter;
             let diff_u32 = diff as u32;
-            let zero_mask =
-                0u16.wrapping_sub(((diff_u32 | diff_u32.wrapping_neg()) >> 31) as u16);
+            let zero_mask = 0u16.wrapping_sub(((diff_u32 | diff_u32.wrapping_neg()) >> 31) as u16);
             let eq_mask2 = !zero_mask; // 0xFFFF if j == delta_counter
 
             beta_j[j] ^= found_mask & eq_mask2 & GF_EXP[i];
@@ -186,8 +185,7 @@ fn compute_error_values(error_values: &mut [u16], z: &[u16], error: &[u8; 256],
         for j in 0..p.delta {
             let diff = (j as u16) ^ delta_counter;
             let diff_u32 = diff as u32;
-            let zero_mask =
-                0u16.wrapping_sub(((diff_u32 | diff_u32.wrapping_neg()) >> 31) as u16);
+            let zero_mask = 0u16.wrapping_sub(((diff_u32 | diff_u32.wrapping_neg()) >> 31) as u16);
             let eq_mask = !zero_mask;
 
             error_values[i] ^= found_mask & eq_mask & e_j[j];