untrusted comment: signature from openbsd 6.2 base secret key
RWRVWzAMgtyg7ouX7RMMtezOF8nL2ZUE/h6FSwnmCXrpdEE2mMA+lGP3OVHVZm1z5k0YAUGMN5Ro5VeEKTqF/OxcZva9D7FpRww=

OpenBSD 6.2 errata 015, June 13, 2018:

DSA and ECDSA signature generation can potentially leak secret information
to a timing side-channel attack.

Apply by doing:
    signify -Vep /etc/signify/openbsd-62-base.pub -x 015_libcryto.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install libcrypto:
	cd /usr/src/lib/libcrypto
	make obj
	make
	make install

Index: lib/libcrypto/dsa/dsa_ossl.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/dsa/dsa_ossl.c,v
diff -u -p -r1.30 -r1.30.6.1
--- lib/libcrypto/dsa/dsa_ossl.c	29 Jan 2017 17:49:22 -0000	1.30
+++ lib/libcrypto/dsa/dsa_ossl.c	13 Jun 2018 15:07:19 -0000	1.30.6.1
@@ -142,11 +142,8 @@ redo:
 	/* Compute  s = inv(k) (m + xr) mod q */
 	if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))	/* s = xr */
 		goto err;
-	if (!BN_add(s, &xr, &m))				/* s = m + xr */
+	if (!BN_mod_add(s, &xr, &m, dsa->q, ctx))		/* s = m + xr */
 		goto err;
-	if (BN_cmp(s, dsa->q) > 0)
-		if (!BN_sub(s, s, dsa->q))
-			goto err;
 	if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
 		goto err;
 
Index: lib/libcrypto/ecdsa/ecs_ossl.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/ecdsa/ecs_ossl.c,v
diff -u -p -r1.9 -r1.9.6.1
--- lib/libcrypto/ecdsa/ecs_ossl.c	29 Jan 2017 17:49:23 -0000	1.9
+++ lib/libcrypto/ecdsa/ecs_ossl.c	13 Jun 2018 15:07:19 -0000	1.9.6.1
@@ -273,7 +273,7 @@ ecdsa_do_sign(const unsigned char *dgst,
 			ECDSAerror(ERR_R_BN_LIB);
 			goto err;
 		}
-		if (!BN_mod_add_quick(s, tmp, m, order)) {
+		if (!BN_mod_add(s, tmp, m, order, ctx)) {
 			ECDSAerror(ERR_R_BN_LIB);
 			goto err;
 		}