Using int for the digest length in EVP_DigestFinal() broke some compilers. Changed to unsigned int: also need an evil cast in pk7_doit.c because a signed, unsigned comparison chokes VC++.
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 2e27f7d..88229c0 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c
@@ -721,7 +721,7 @@ if ((sk != NULL) && (sk_num(sk) != 0)) { unsigned char md_dat[EVP_MAX_MD_SIZE]; - int md_len; + unsigned int md_len; ASN1_OCTET_STRING *message_digest; EVP_DigestFinal(&mdc_tmp,md_dat,&md_len); @@ -731,7 +731,7 @@ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } - if ((message_digest->length != md_len) || + if ((message_digest->length != (int)md_len) || (memcmp(message_digest->data,md_dat,md_len))) { #if 0
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 20c9c2c..e725d66 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c
@@ -124,7 +124,7 @@ ASN1_BIT_STRING *pk; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; EVP_MD_CTX md; - int diglen; + unsigned int diglen; if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);