diff --git a/ChangeLog b/ChangeLog
index ab88cfcfa..43ca2df91 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@
      note that .ssh/environment is only read when
      allowed (PermitUserEnvironment in sshd_config).
      OK markus@
+   - markus@cvs.openbsd.org 2002/08/02 21:23:41
+     [ssh-rsa.c]
+     diff is u_int (2x); ok deraadt/provos
 
 20020813
  - (tim) [configure.ac] Display OpenSSL header/library version.
@@ -1507,4 +1510,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2416 2002/08/20 18:38:02 mouring Exp $
+$Id: ChangeLog,v 1.2417 2002/08/20 18:39:14 mouring Exp $
diff --git a/ssh-rsa.c b/ssh-rsa.c
index d6729b045..8271af42b 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.23 2002/07/04 10:41:47 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.24 2002/08/02 21:23:41 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -76,7 +76,7 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
 		return -1;
 	}
 	if (len < slen) {
-		int diff = slen - len;
+		u_int diff = slen - len;
 		debug("slen %u > len %u", slen, len);
 		memmove(sig + diff, sig, len);
 		memset(sig, 0, diff);
@@ -149,7 +149,7 @@ ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
 		xfree(sigblob);
 		return -1;
 	} else if (len < modlen) {
-		int diff = modlen - len;
+		u_int diff = modlen - len;
 		debug("ssh_rsa_verify: add padding: modlen %u > len %u",
 		    modlen, len);
 		sigblob = xrealloc(sigblob, modlen);