From d66f3726a5e945e74a32d10895b0f6acf5676f91 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 20 Dec 2013 11:05:13 -0800
Subject: Don't look at other material until the signature is validated

---
 cryptography/fernet.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index b59f6a94..9f4294f0 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -98,8 +98,6 @@ class Fernet(object):
             timestamp, = struct.unpack(">Q", data[1:9])
         except struct.error:
             raise InvalidToken
-        iv = data[9:25]
-        ciphertext = data[25:-32]
         if ttl is not None:
             if timestamp + ttl < current_time:
                 raise InvalidToken
@@ -111,6 +109,8 @@ class Fernet(object):
         if not constant_time.bytes_eq(hmac, data[-32:]):
             raise InvalidToken
 
+        iv = data[9:25]
+        ciphertext = data[25:-32]
         decryptor = Cipher(
             algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
         ).decryptor()
-- 
cgit v1.2.3