From 48bd505c0b715c3dfe8dfb1d256d1bcbff3c63fb Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Thu, 5 Apr 2007 17:31:29 +0000
Subject: [PATCH] If you're going to check for negative, use an signed integer!
 Coverity ID 122.

---
 crypto/pkcs7/pk7_doit.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 7eb053a656..451de84489 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1024,7 +1024,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 		{
 		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len, alen;
+                unsigned int md_len;
+		int alen;
 		ASN1_OCTET_STRING *message_digest;
 
 		EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
-- 
2.34.1