From 497ba2aa3bfd2a04a59fba3c6913777fd605d9fe Mon Sep 17 00:00:00 2001
From: Rod Vagg <rod@vagg.org>
Date: Wed, 14 Nov 2018 14:13:57 +1100
Subject: [PATCH] deps: float 26d7fce1 from openssl (CVE-2018-0734 follow-on)

The fix for CVE-2018-0734, floated in 213c7d2d, failed to include a
constant-time calculation for one of the variables. This introduces
a fix for that.

Ref: https://github.com/openssl/openssl/pull/7549
Upstream: https://github.com/openssl/openssl/commit/26d7fce1

Original commit message:
    Add a constant time flag to one of the bignums to avoid a timing leak.

    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7549)

    (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)
---
 deps/openssl/openssl/crypto/dsa/dsa_ossl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
index be58625db3b162..868283ac63a1f4 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@@ -225,6 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     } while (BN_is_zero(k));
 
     BN_set_flags(k, BN_FLG_CONSTTIME);
+    BN_set_flags(l, BN_FLG_CONSTTIME);
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,