diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 577fdfc96578c2f6b7fec1297fe9f85fdba6e363..a7cffc80cc407fdbbf14882ce9661a3521498e24 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -464,7 +464,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
 
         memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
         if (!peek) {
-            SSL3_RECORD_add_length(rr, -n);
+            SSL3_RECORD_sub_length(rr, n);
             SSL3_RECORD_add_off(rr, n);
             if (SSL3_RECORD_get_length(rr) == 0) {
                 s->rlayer.rstate = SSL_ST_READ_HEADER;
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index dd4869c4893e757a0ff70f3560025a2dec06e8e4..8c02efd2a24f0376394db1788c441ebcc881a9f5 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -201,7 +201,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
     left = rb->left;
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
     align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
-    align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
 #endif
 
     if (!extend) {
@@ -711,7 +711,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * payload, then we can just pretend we simply have two headers.
          */
         align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
-        align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
+        align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
 #endif
         outbuf[0] = SSL3_BUFFER_get_buf(wb) + align;
         SSL3_BUFFER_set_offset(wb, align);
@@ -724,7 +724,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
             wb = &s->rlayer.wbuf[j];
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
             align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
-            align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
+            align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
 #endif
             outbuf[j] = SSL3_BUFFER_get_buf(wb) + align;
             SSL3_BUFFER_set_offset(wb, align);
@@ -1131,7 +1131,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             memcpy(buf, &(rr->data[rr->off]), n);
             buf += n;
             if (!peek) {
-                SSL3_RECORD_add_length(rr, -n);
+                SSL3_RECORD_sub_length(rr, n);
                 SSL3_RECORD_add_off(rr, n);
                 if (SSL3_RECORD_get_length(rr) == 0) {
                     s->rlayer.rstate = SSL_ST_READ_HEADER;
diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
index 9881d617e12a13526e60d93a13d0fa1730b569e3..67ae1f42902a1470f390120e030df30a05e88581 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -76,6 +76,7 @@ int ssl3_release_write_buffer(SSL *s);
 #define SSL3_RECORD_get_length(r)               ((r)->length)
 #define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
 #define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l)            ((r)->length -= (l))
 #define SSL3_RECORD_get_data(r)                 ((r)->data)
 #define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
 #define SSL3_RECORD_get_input(r)                ((r)->input)