pycrypto's AES implementation is not constant time

This is a non-issue when AES-NI is supported by the host CPU since a separate code path is taken.

https://github.com/dlitz/pycrypto/blob/master/src/AES.c

It's not too bad in the pluggable transport case since traffic is super-enciphered, the session keys are ephemeral, and actually extracting sufficiently accurate timing information is probably non-trivial, but it probably should be addressed somehow.