Switch to the newer, safer, API

author: Alex Gaynor <alex.gaynor@gmail.com> 2013-12-27 08:23:14 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2013-12-27 08:23:14 -0800
commit: b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01 (patch)
tree: c34abd28670e6e8f806ba19527828e9ee4151bc3
parent: 4b31af7407ab6221712e8d83cd1bce53bd57aa95 (diff)
download: cryptography-b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01.tar.gz
cryptography-b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01.tar.bz2
cryptography-b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 9f4294f0..c19309d5 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -19,8 +19,9 @@ import time
 
 import six
 
+from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import padding, hashes, constant_time
+from cryptography.hazmat.primitives import padding, hashes
 from cryptography.hazmat.primitives.hmac import HMAC
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 
@@ -105,8 +106,9 @@ class Fernet(object):
             raise InvalidToken
         h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
         h.update(data[:-32])
-        hmac = h.finalize()
-        if not constant_time.bytes_eq(hmac, data[-32:]):
+        try:
+            h.verify(data[-32:])
+        except InvalidSignature:
             raise InvalidToken
 
         iv = data[9:25]
author	Alex Gaynor <alex.gaynor@gmail.com>	2013-12-27 08:23:14 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2013-12-27 08:23:14 -0800
commit	b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01 (patch)
tree	c34abd28670e6e8f806ba19527828e9ee4151bc3
parent	4b31af7407ab6221712e8d83cd1bce53bd57aa95 (diff)
download	cryptography-b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01.tar.gz cryptography-b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01.tar.bz2 cryptography-b9bc6c3e4c9b647de1a1a2dd852ab591e9a69b01.zip