diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3dbfde61bfa2eae263ce92280675a1d4db375ffe..91ee34b10272aa05119ff14eb07642064dc6c2be 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1144,9 +1144,9 @@ struct ssl_st {
 
 typedef struct ssl3_state_st {
     long flags;
-    int read_mac_secret_size;
+    size_t read_mac_secret_size;
     unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-    int write_mac_secret_size;
+    size_t write_mac_secret_size;
     unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
     unsigned char server_random[SSL3_RANDOM_SIZE];
     unsigned char client_random[SSL3_RANDOM_SIZE];
@@ -1205,7 +1205,7 @@ typedef struct ssl3_state_st {
         const EVP_CIPHER *new_sym_enc;
         const EVP_MD *new_hash;
         int new_mac_pkey_type;
-        int new_mac_secret_size;
+        size_t new_mac_secret_size;
 # ifndef OPENSSL_NO_COMP
         const SSL_COMP *new_compression;
 # else
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 4aa5ddd18a3c73b9f712f864e1be548f6ccb861e..3a1e024de3934ba6e69f5e1628a654337e4fa2a4 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -116,10 +116,10 @@ int tls1_change_cipher_state(SSL *s, int which)
 #endif
     const EVP_MD *m;
     int mac_type;
-    int *mac_secret_size;
+    size_t *mac_secret_size;
     EVP_MD_CTX *mac_ctx;
     EVP_PKEY *mac_key;
-    int n, i, j, k, cl;
+    size_t n, i, j, k, cl;
     int reuse_dd = 0;
 
     c = s->s3->tmp.new_sym_enc;
@@ -214,6 +214,7 @@ int tls1_change_cipher_state(SSL *s, int which)
     p = s->s3->tmp.key_block;
     i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
 
+    /* TODO(size_t): convert me */
     cl = EVP_CIPHER_key_length(c);
     j = cl;
     /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */