From 26c8c6adcb9a6485966070418080a17cd2445bed Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 29 Nov 2013 16:24:56 -0600
Subject: begin adding warnings to GCM mode

---
 docs/hazmat/primitives/symmetric-encryption.rst | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs')

diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 70c3d2f4..a77e0e79 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -320,6 +320,12 @@ Modes
 
 .. class:: GCM(initialization_vector, tag=None)
 
+    .. warning::
+
+        When using this mode you MUST not use the decrypted data until every
+        byte has been decrypted. GCM provides NO guarantees of ciphertext
+        integrity until decryption is complete.
+
     GCM (Galois Counter Mode) is a mode of operation for block ciphers. It
     is an AEAD (authenticated encryption with additional data) mode. AEAD
     is a type of block cipher mode that encrypts the message as well as
-- 
cgit v1.2.3