diff --git a/lib/jwa/aes_cbc_hmac_sha2.js b/lib/jwa/aes_cbc_hmac_sha2.js
index 29a2fbeac1..f63dc32c4a 100644
--- a/lib/jwa/aes_cbc_hmac_sha2.js
+++ b/lib/jwa/aes_cbc_hmac_sha2.js
@@ -44,13 +44,17 @@ const decrypt = (size, sign, { [KEYOBJECT]: keyObject }, ciphertext, { iv, tag =
   const expectedTag = sign({ [KEYOBJECT]: macKey }, macData, tag).slice(0, keySize)
   const macCheckPassed = timingSafeEqual(tag, expectedTag)
 
+  if (!macCheckPassed) {
+    throw new JWEDecryptionFailed()
+  }
+
   let cleartext
   try {
     const cipher = createDecipheriv(`aes-${size}-cbc`, encKey, iv)
     cleartext = Buffer.concat([cipher.update(ciphertext), cipher.final()])
   } catch (err) {}
 
-  if (!cleartext || !macCheckPassed) {
+  if (!cleartext) {
     throw new JWEDecryptionFailed()
   }