Don't look at other material until the signature is validated

commit: d66f3726a5e945e74a32d10895b0f6acf5676f91 [log] [tgz]
author: Alex Gaynor <alex.gaynor@gmail.com> Fri Dec 20 11:05:13 2013 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> Fri Dec 20 11:05:13 2013 -0800
tree: 0dabcaf369eb02add2526ca728977024c721ba75
parent: e78960fa8c2a210484695bf2e20c4847313cf5a0 [diff] [blame]
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index b59f6a9..9f4294f 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py

@@ -98,8 +98,6 @@
             timestamp, = struct.unpack(">Q", data[1:9])
         except struct.error:
             raise InvalidToken
-        iv = data[9:25]
-        ciphertext = data[25:-32]
         if ttl is not None:
             if timestamp + ttl < current_time:
                 raise InvalidToken
@@ -111,6 +109,8 @@
         if not constant_time.bytes_eq(hmac, data[-32:]):
             raise InvalidToken
 
+        iv = data[9:25]
+        ciphertext = data[25:-32]
         decryptor = Cipher(
             algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
         ).decryptor()
commit	d66f3726a5e945e74a32d10895b0f6acf5676f91	[log] [tgz]
author	Alex Gaynor <alex.gaynor@gmail.com>	Fri Dec 20 11:05:13 2013 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	Fri Dec 20 11:05:13 2013 -0800
tree	0dabcaf369eb02add2526ca728977024c721ba75
parent	e78960fa8c2a210484695bf2e20c4847313cf5a0 [diff] [blame]