Don't look at other material until the signature is validated

author: Alex Gaynor <alex.gaynor@gmail.com> 2013-12-20 11:05:13 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2013-12-20 11:05:13 -0800
commit: d66f3726a5e945e74a32d10895b0f6acf5676f91 (patch)
tree: 0dabcaf369eb02add2526ca728977024c721ba75
parent: e78960fa8c2a210484695bf2e20c4847313cf5a0 (diff)
download: cryptography-d66f3726a5e945e74a32d10895b0f6acf5676f91.tar.gz
cryptography-d66f3726a5e945e74a32d10895b0f6acf5676f91.tar.bz2
cryptography-d66f3726a5e945e74a32d10895b0f6acf5676f91.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index b59f6a94..9f4294f0 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -98,8 +98,6 @@ class Fernet(object):
             timestamp, = struct.unpack(">Q", data[1:9])
         except struct.error:
             raise InvalidToken
-        iv = data[9:25]
-        ciphertext = data[25:-32]
         if ttl is not None:
             if timestamp + ttl < current_time:
                 raise InvalidToken
@@ -111,6 +109,8 @@ class Fernet(object):
         if not constant_time.bytes_eq(hmac, data[-32:]):
             raise InvalidToken
 
+        iv = data[9:25]
+        ciphertext = data[25:-32]
         decryptor = Cipher(
             algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
         ).decryptor()
author	Alex Gaynor <alex.gaynor@gmail.com>	2013-12-20 11:05:13 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2013-12-20 11:05:13 -0800
commit	d66f3726a5e945e74a32d10895b0f6acf5676f91 (patch)
tree	0dabcaf369eb02add2526ca728977024c721ba75
parent	e78960fa8c2a210484695bf2e20c4847313cf5a0 (diff)
download	cryptography-d66f3726a5e945e74a32d10895b0f6acf5676f91.tar.gz cryptography-d66f3726a5e945e74a32d10895b0f6acf5676f91.tar.bz2 cryptography-d66f3726a5e945e74a32d10895b0f6acf5676f91.zip