diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.dsa-consttime openssl-1.0.1e/crypto/dsa/dsa_ossl.c
--- openssl-1.0.1e/crypto/dsa/dsa_ossl.c.dsa-consttime	2016-09-20 14:55:57.000000000 +0200
+++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c	2016-09-20 15:46:32.608375100 +0200
@@ -278,6 +278,8 @@ static int dsa_sign_setup(DSA *dsa, BN_C
 		{
 		if (!BN_copy(&kq, &k)) goto err;
 
+		BN_set_flags(&kq, BN_FLG_CONSTTIME);
+
 		/* We do not want timing information to leak the length of k,
 		 * so we compute g^k using an equivalent exponent of fixed length.
 		 *