diff --git a/VERSION b/VERSION index 525721d7..b393f988 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.4.1-alpha.2+timestamp.2012.12.24.16.13.22 +Version 2.4.1-alpha.2+timestamp.2012.12.25.09.44.01 diff --git a/gluon/utils.py b/gluon/utils.py index 85468730..8e55108b 100644 --- a/gluon/utils.py +++ b/gluon/utils.py @@ -49,6 +49,7 @@ except ImportError: logger = logging.getLogger("web2py") +AES_new = lambda key: AES.new(key, AES.MODE_CBC, IV=key[:16]) def compare(a, b): """ compares two strings and not vulnerable to timing attacks """ @@ -130,7 +131,7 @@ def secure_dumps(data, encryption_key, hash_key=None, compression_level=None): if compression_level: dump = zlib.compress(dump, compression_level) key = pad(encryption_key[:32]) - cipher = AES.new(key, IV=key[:16]) + cipher = AES_new(key) encrypted_data = base64.urlsafe_b64encode(cipher.encrypt(pad(dump))) signature = hmac.new(hash_key, encrypted_data).hexdigest() return signature + ':' + encrypted_data @@ -146,7 +147,7 @@ def secure_loads(data, encryption_key, hash_key=None, compression_level=None): if signature != actual_signature: return None key = pad(encryption_key[:32]) - cipher = AES.new(key, IV=key[:16]) + cipher = AES_new(key) try: data = cipher.decrypt(base64.urlsafe_b64decode(encrypted_data)) data = data.rstrip(' ') diff --git a/web2py_src.zip b/web2py_src.zip index 2abab609..acd9aa1a 100644 Binary files a/web2py_src.zip and b/web2py_src.zip differ diff --git a/web2py_src_old.zip b/web2py_src_old.zip index 7eefd36a..2abab609 100644 Binary files a/web2py_src_old.zip and b/web2py_src_old.zip differ