deps: float 26d7fce1 from openssl

The fix for CVE-2018-0734, floated in 213c7d2, failed to include a
constant-time calculation for one of the variables. This introduces
a fix for that.

Upstream: openssl/openssl@26d7fce1

Original commit message:
  Add a constant time flag to one of the bignums to avoid a timing leak.

  Reviewed-by: Tim Hudson <[email protected]>
  (Merged from openssl/openssl#7549)

  (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)

PR-URL: #24353
Refs: openssl/openssl#7549
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>

Author: rvagg

deps/openssl/openssl/crypto/dsa/dsa_ossl.c

@@ -225,6 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     } while (BN_is_zero(k));
 
     BN_set_flags(k, BN_FLG_CONSTTIME);
+    BN_set_flags(l, BN_FLG_CONSTTIME);
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,