diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 577fdfc965..a7cffc80cc 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -464,7 +464,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); if (!peek) { - SSL3_RECORD_add_length(rr, -n); + SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { s->rlayer.rstate = SSL_ST_READ_HEADER; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index dd4869c489..8c02efd2a2 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -201,7 +201,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) left = rb->left; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; - align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif if (!extend) { @@ -711,7 +711,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * payload, then we can just pretend we simply have two headers. */ align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH; - align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif outbuf[0] = SSL3_BUFFER_get_buf(wb) + align; SSL3_BUFFER_set_offset(wb, align); @@ -724,7 +724,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wb = &s->rlayer.wbuf[j]; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH; - align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif outbuf[j] = SSL3_BUFFER_get_buf(wb) + align; SSL3_BUFFER_set_offset(wb, align); @@ -1131,7 +1131,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, memcpy(buf, &(rr->data[rr->off]), n); buf += n; if (!peek) { - SSL3_RECORD_add_length(rr, -n); + SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { s->rlayer.rstate = SSL_ST_READ_HEADER; diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index 9881d617e1..67ae1f4290 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -76,6 +76,7 @@ int ssl3_release_write_buffer(SSL *s); #define SSL3_RECORD_get_length(r) ((r)->length) #define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) #define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) +#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l)) #define SSL3_RECORD_get_data(r) ((r)->data) #define SSL3_RECORD_set_data(r, d) ((r)->data = (d)) #define SSL3_RECORD_get_input(r) ((r)->input)