From 0fccaf9a75dd2731112a5553be5a66e4b3ad81d2 Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sun, 12 Nov 2017 17:27:28 +0100
Subject: [PATCH] more warnings for multiplication timings

Following CuleX's advice.

Whitelisted x86, x86_64, ARM, and ARM64.  Users should check
how multiplication is done on other platforms.
---
 doc/man/man3/intro.3monocypher | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/man/man3/intro.3monocypher b/doc/man/man3/intro.3monocypher
index 0a3b389..8666124 100644
--- a/doc/man/man3/intro.3monocypher
+++ b/doc/man/man3/intro.3monocypher
@@ -174,6 +174,8 @@ destroy all security.
 .Pp
 The Poly1305 authenticator, X25519, and EdDSA use multiplication.
 Some older processors do not multiply in constant time.
+If the target platform is something other than x86, x86_64, ARM or
+ARM64, double check how it handles multiplication.
 .Pp
 .Sy The lengths of the inputs are not secret.
 Timings do reveal them \(en So do network traffic and file sizes.
-- 
2.47.3