Fix some suspect warnings on Windows

Windows was complaining about a unary minus operator being applied to an
unsigned type. It did seem to go on and do the right thing anyway, but the
code does look a little suspect. This fixes it.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

ssl/record/rec_layer_d1.c

@@ -464,7 +464,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
 
         memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
         if (!peek) {
-            SSL3_RECORD_add_length(rr, -n);
+            SSL3_RECORD_sub_length(rr, n);
             SSL3_RECORD_add_off(rr, n);
             if (SSL3_RECORD_get_length(rr) == 0) {
                 s->rlayer.rstate = SSL_ST_READ_HEADER;

ssl/record/rec_layer_s3.c

@@ -201,7 +201,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
     left = rb->left;
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
     align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
-    align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
 #endif
 
     if (!extend) {
@@ -711,7 +711,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * payload, then we can just pretend we simply have two headers.
          */
         align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
-        align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
+        align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
 #endif
         outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
         SSL3_BUFFER_set_offset(wb, align);
@@ -724,7 +724,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
             wb = &s->rlayer.wbuf[j];
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
             align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
-            align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+            align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
 #endif
             outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
             SSL3_BUFFER_set_offset(wb, align);
@@ -1131,7 +1131,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             memcpy(buf, &(rr->data[rr->off]), n);
             buf += n;
             if (!peek) {
-                SSL3_RECORD_add_length(rr, -n);
+                SSL3_RECORD_sub_length(rr, n);
                 SSL3_RECORD_add_off(rr, n);
                 if (SSL3_RECORD_get_length(rr) == 0) {
                     s->rlayer.rstate = SSL_ST_READ_HEADER;

ssl/record/record_locl.h

@@ -76,6 +76,7 @@ int ssl3_release_write_buffer(SSL *s);
 #define SSL3_RECORD_get_length(r)               ((r)->length)
 #define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
 #define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l)            ((r)->length -= (l))
 #define SSL3_RECORD_get_data(r)                 ((r)->data)
 #define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
 #define SSL3_RECORD_get_input(r)                ((r)->input)