Blame SOURCES/openssl-1.0.1e-cve-2016-2178.patch

653b37
diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.dsa-consttime openssl-1.0.1e/crypto/dsa/dsa_ossl.c
653b37
--- openssl-1.0.1e/crypto/dsa/dsa_ossl.c.dsa-consttime	2016-09-20 14:55:57.000000000 +0200
653b37
+++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c	2016-09-20 15:46:32.608375100 +0200
653b37
@@ -278,6 +278,8 @@ static int dsa_sign_setup(DSA *dsa, BN_C
653b37
 		{
653b37
 		if (!BN_copy(&kq, &k)) goto err;
653b37
 
653b37
+		BN_set_flags(&kq, BN_FLG_CONSTTIME);
653b37
+
653b37
 		/* We do not want timing information to leak the length of k,
653b37
 		 * so we compute g^k using an equivalent exponent of fixed length.
653b37
 		 *