I defined AES_new as a function that returns an AES cipher object and a new secure random IV if None was specified. If an attacker can exhibit control over any ciphertext fed to the decrypter, recovering the secret key is a trivial exercise as described in Key as Initialization Vector.
See the following gist for an example showing how this can be exploited.
I also noticed compare() provides a contant-time comparison function for comparing HMAC signatures, however was never called anywhere. This patch updates the secure_loads() function to use compare() when comparing HMAC signatures.
actually use the constant-time compare function in secure_loads
never use secret key as an initialization vector
Merge pull request #58 from mwielgoszewski/master
Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison
Transfert object related function to a specific controller.
This close #58