1 files changed, 179 insertions, 132 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 24f4c48ca..890ddb011 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -95,8 +95,8 @@ eddsa_symmetric_decrypt (
  if (ctlen < 0)
    return GNUNET_SYSERR;
  if (0 != crypto_secretbox_open_detached (result,
-                                           block, // Ciphertext
+                                           ((unsigned char*) block) + crypto_secretbox_MACBYTES, // Ciphertext
-                                           ((unsigned char*) block) + ctlen, // TAG
+                                           block, // Tag
                                           ctlen,
                                           nonce, key))
  {
@@ -116,8 +116,8 @@ eddsa_symmetric_encrypt (
 {
  if (size > crypto_secretbox_MESSAGEBYTES_MAX)
    return GNUNET_SYSERR;
-  crypto_secretbox_detached (result, // Ciphertext
+  crypto_secretbox_detached (result + crypto_secretbox_MACBYTES, // Ciphertext
-                             result + size, // TAG
+                             result, // TAG
                             block, size, nonce, key);
  return GNUNET_OK;
 }
@@ -180,6 +180,20 @@ GNR_derive_block_xsalsa_key (unsigned char *nonce,
 }
+static ssize_t
+block_get_size_ecdsa (const struct GNUNET_GNSRECORD_Data *rd,
+                      unsigned int rd_count)
+{
+  ssize_t len;
+  len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
+  if (len < 0)
+    return -1;
+  len += sizeof(struct GNUNET_GNSRECORD_Block);
+  return len;
+}
 /**
 * Sign name and records
 *
@@ -189,20 +203,22 @@ GNR_derive_block_xsalsa_key (unsigned char *nonce,
 * @param label the name for the records
 * @param rd record data
 * @param rd_count number of records
- * @return NULL on error (block too large)
+ * @param block the block result. Must be allocated sufficiently.
+ * @return GNUNET_SYSERR on error (otherwise GNUNET_OK)
 */
-static struct GNUNET_GNSRECORD_Block *
+static enum GNUNET_GenericReturnValue
 block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                    const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
                    struct GNUNET_TIME_Absolute expire,
                    const char *label,
                    const struct GNUNET_GNSRECORD_Data *rd,
-                    unsigned int rd_count)
+                    unsigned int rd_count,
+                    struct GNUNET_GNSRECORD_Block **block)
 {
  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
                                                           rd);
-  struct GNUNET_GNSRECORD_Block *block;
  struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
+  struct GNRBlockPS *gnr_block;
  struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
  unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
@@ -213,12 +229,12 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  if (payload_len < 0)
  {
    GNUNET_break (0);
-    return NULL;
+    return GNUNET_SYSERR;
  }
  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
  {
    GNUNET_break (0);
-    return NULL;
+    return GNUNET_SYSERR;
  }
  /* convert relative to absolute times */
  now = GNUNET_TIME_absolute_get ();
@@ -236,31 +252,25 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
    }
  }
  /* serialize */
+  *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
+  (*block)->size = htonl(sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
  rd_count_nbo = htonl (rd_count);
  {
-    char payload[sizeof(uint32_t) + payload_len];
+    char payload[payload_len];
-    GNUNET_memcpy (payload,
-                   &rd_count_nbo,
-                   sizeof(uint32_t));
    GNUNET_assert (payload_len ==
                   GNUNET_GNSRECORD_records_serialize (rd_count,
                                                       rdc,
                                                       payload_len,
-                                                       &payload[sizeof(uint32_t)
+                                                       payload));
-                                                       ]));
+    gnr_block = GNUNET_malloc (sizeof (struct GNRBlockPS) + payload_len);
-    block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
+    ecblock = &(*block)->ecdsa_block;
-                           + sizeof(uint32_t)
+    (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
-                           + payload_len);
+    gnr_block->purpose.size = htonl (sizeof(struct GNRBlockPS) + payload_len);
-    ecblock = &block->ecdsa_block;
+    gnr_block->purpose.purpose =
-    block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
+      htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-    ecblock->purpose.size = htonl (sizeof(uint32_t)
+    gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire);
-                                   + payload_len
+    ecblock->expiration_time = gnr_block->expiration_time;
-                                   + sizeof(struct
-                                            GNUNET_CRYPTO_EccSignaturePurpose)
-                                   + sizeof(struct GNUNET_TIME_AbsoluteNBO));
-    ecblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-    ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
    /* encrypt and sign */
    dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
                                                   label,
@@ -272,26 +282,40 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                              label,
                              ecblock->expiration_time.abs_value_us__,
                              pkey);
-    GNUNET_break (payload_len + sizeof(uint32_t) ==
+    GNUNET_break (payload_len ==
                  ecdsa_symmetric_encrypt (payload,
-                                           payload_len
+                                           payload_len,
-                                           + sizeof(uint32_t),
                                           skey,
                                           ctr,
                                           &ecblock[1]));
+    GNUNET_memcpy (&gnr_block[1], &ecblock[1], payload_len);
  }
  if (GNUNET_OK !=
      GNUNET_CRYPTO_ecdsa_sign_ (dkey,
-                                 &ecblock->purpose,
+                                 &gnr_block->purpose,
                                 &ecblock->signature))
  {
    GNUNET_break (0);
+    GNUNET_free (*block);
    GNUNET_free (dkey);
-    GNUNET_free (block);
+    return GNUNET_SYSERR;
-    return NULL;
  }
  GNUNET_free (dkey);
-  return block;
+  return GNUNET_OK;
+}
+static ssize_t
+block_get_size_eddsa (const struct GNUNET_GNSRECORD_Data *rd,
+                      unsigned int rd_count)
+{
+  ssize_t len;
+  len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
+  if (len < 0)
+    return -1;
+  len += sizeof(struct GNUNET_GNSRECORD_Block);
+  len += crypto_secretbox_MACBYTES;
+  return len;
 }
@@ -304,20 +328,22 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 * @param label the name for the records
 * @param rd record data
 * @param rd_count number of records
- * @return NULL on error (block too large)
+ * @param block where to store the block. Must be allocated sufficiently.
+ * @return GNUNET_SYSERR on error (otherwise GNUNET_OK)
 */
-static struct GNUNET_GNSRECORD_Block *
+enum GNUNET_GenericReturnValue
 block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
                    const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
                    struct GNUNET_TIME_Absolute expire,
                    const char *label,
                    const struct GNUNET_GNSRECORD_Data *rd,
-                    unsigned int rd_count)
+                    unsigned int rd_count,
+                    struct GNUNET_GNSRECORD_Block **block)
 {
  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
                                                           rd);
-  struct GNUNET_GNSRECORD_Block *block;
  struct GNUNET_GNSRECORD_EddsaBlock *edblock;
+  struct GNRBlockPS *gnr_block;
  struct GNUNET_CRYPTO_EddsaPrivateScalar dkey;
  unsigned char nonce[crypto_secretbox_NONCEBYTES];
  unsigned char skey[crypto_secretbox_KEYBYTES];
@@ -328,12 +354,12 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
  if (payload_len < 0)
  {
    GNUNET_break (0);
-    return NULL;
+    return GNUNET_SYSERR;
  }
  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
  {
    GNUNET_break (0);
-    return NULL;
+    return GNUNET_SYSERR;
  }
  /* convert relative to absolute times */
  now = GNUNET_TIME_absolute_get ();
@@ -351,33 +377,32 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
    }
  }
  /* serialize */
+  *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block)
+                          + payload_len + crypto_secretbox_MACBYTES);
+  (*block)->size = htonl(sizeof (struct GNUNET_GNSRECORD_Block)
+                 + payload_len + crypto_secretbox_MACBYTES);
  rd_count_nbo = htonl (rd_count);
  {
-    char payload[sizeof(uint32_t) + payload_len];
+    char payload[payload_len];
-    GNUNET_memcpy (payload,
-                   &rd_count_nbo,
-                   sizeof(uint32_t));
    GNUNET_assert (payload_len ==
                   GNUNET_GNSRECORD_records_serialize (rd_count,
                                                       rdc,
                                                       payload_len,
-                                                       &payload[sizeof(uint32_t)
+                                                       payload));
-                                                       ]));
+    gnr_block = GNUNET_malloc (sizeof (struct GNRBlockPS)
-    block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
+                               + payload_len
-                           + sizeof(uint32_t)
+                               + crypto_secretbox_MACBYTES);
-                           + payload_len
+    edblock = &(*block)->eddsa_block;
-                           + crypto_secretbox_MACBYTES);
+    (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
-    edblock = &block->eddsa_block;
+    gnr_block->purpose.size =
-    block->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
+      htonl (sizeof(struct GNRBlockPS)
-    edblock->purpose.size = htonl (sizeof(uint32_t)
+             + payload_len
-                                   + payload_len
+             + crypto_secretbox_MACBYTES);
-                                   + sizeof(struct
+    gnr_block->purpose.purpose =
-                                            GNUNET_CRYPTO_EccSignaturePurpose)
+      htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-                                   + sizeof(struct GNUNET_TIME_AbsoluteNBO)
+    gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire);
-                                   + crypto_secretbox_MACBYTES);
+    edblock->expiration_time = gnr_block->expiration_time;
-    edblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-    edblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
    /* encrypt and sign */
    GNUNET_CRYPTO_eddsa_private_key_derive (key,
                                            label,
@@ -392,38 +417,56 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
                                 pkey);
    GNUNET_break (GNUNET_OK ==
                  eddsa_symmetric_encrypt (payload,
-                                           payload_len
+                                           payload_len,
-                                           + sizeof(uint32_t),
                                           skey,
                                           nonce,
                                           &edblock[1]));
+    GNUNET_memcpy (&gnr_block[1], &edblock[1],
+                   payload_len + crypto_secretbox_MACBYTES);
+    GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey,
+                                          &gnr_block->purpose,
+                                          &edblock->signature);
  }
-  GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey,
+  return GNUNET_OK;
-                                        &edblock->purpose,
-                                        &edblock->signature);
-  return block;
 }
+ssize_t
+GNUNET_GNSRECORD_block_calculate_size (const struct
+                                       GNUNET_IDENTITY_PrivateKey *key,
+                                       const struct GNUNET_GNSRECORD_Data *rd,
+                                       unsigned int rd_count)
+{
+  struct GNUNET_IDENTITY_PublicKey pkey;
+  ssize_t res;
-/**
+  GNUNET_IDENTITY_key_get_public (key,
- * Sign name and records
+                                  &pkey);
- *
+  switch (ntohl (key->type))
- * @param key the private key
+  {
- * @param expire block expiration
+  case GNUNET_GNSRECORD_TYPE_PKEY:
- * @param label the name for the records
+    res = block_get_size_ecdsa (rd, rd_count);
- * @param rd record data
+    break;
- * @param rd_count number of records
+  case GNUNET_GNSRECORD_TYPE_EDKEY:
- * @return NULL on error (block too large)
+    res = block_get_size_eddsa (rd, rd_count);
- */
+    break;
-struct GNUNET_GNSRECORD_Block *
+  default:
+    GNUNET_assert (0);
+  }
+  return -1;
+}
+enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                               struct GNUNET_TIME_Absolute expire,
                               const char *label,
                               const struct GNUNET_GNSRECORD_Data *rd,
-                               unsigned int rd_count)
+                               unsigned int rd_count,
+                               struct GNUNET_GNSRECORD_Block **result)
 {
  struct GNUNET_IDENTITY_PublicKey pkey;
-  struct GNUNET_GNSRECORD_Block *res = NULL;
+  enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
  char *norm_label;
  GNUNET_IDENTITY_key_get_public (key,
@@ -438,7 +481,8 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                              expire,
                              norm_label,
                              rd,
-                              rd_count);
+                              rd_count,
+                              result);
    break;
  case GNUNET_GNSRECORD_TYPE_EDKEY:
    res = block_create_eddsa (&key->eddsa_key,
@@ -446,7 +490,8 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                              expire,
                              norm_label,
                              rd,
-                              rd_count);
+                              rd_count,
+                              result);
    break;
  default:
    GNUNET_assert (0);
@@ -473,28 +518,17 @@ struct KeyCacheLine
 };
-/**
+enum GNUNET_GenericReturnValue
- * Sign name and records, cache derived public key (also keeps the
- * private key in static memory, so do not use this function if
- * keeping the private key in the process'es RAM is a major issue).
- *
- * @param key the private key
- * @param expire block expiration
- * @param label the name for the records
- * @param rd record data
- * @param rd_count number of records
- * @return NULL on error (block too large)
- */
-struct GNUNET_GNSRECORD_Block *
 GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
-                                unsigned int rd_count)
+                                unsigned int rd_count,
+                                struct GNUNET_GNSRECORD_Block **result)
 {
  const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
  struct GNUNET_CRYPTO_EddsaPublicKey edpubkey;
-  struct GNUNET_GNSRECORD_Block *res = NULL;
+  enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
  char *norm_label;
  norm_label = GNUNET_GNSRECORD_string_normalize (label);
@@ -522,7 +556,8 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
                              expire,
                              norm_label,
                              rd,
-                              rd_count);
+                              rd_count,
+                              result);
  }
  else if (GNUNET_IDENTITY_TYPE_EDDSA == ntohl (pkey->type))
  {
@@ -533,7 +568,8 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
                              expire,
                              norm_label,
                              rd,
-                              rd_count);
+                              rd_count,
+                              result);
  }
  GNUNET_free (norm_label);
  return res;
@@ -550,41 +586,55 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 {
+  struct GNRBlockPS *purp;
+  size_t payload_len = ntohl (block->size)
+                       - sizeof (struct GNUNET_GNSRECORD_Block);
+  enum GNUNET_GenericReturnValue res = GNUNET_NO;
+  purp = GNUNET_malloc (sizeof (struct GNRBlockPS) + payload_len);
+  purp->purpose.size = htonl (sizeof (struct GNRBlockPS) + payload_len);
+  purp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
+  GNUNET_memcpy (&purp[1], &block[1], payload_len);
  switch (ntohl (block->type))
  {
  case GNUNET_GNSRECORD_TYPE_PKEY:
-    return GNUNET_CRYPTO_ecdsa_verify_ (
+    purp->expiration_time = block->ecdsa_block.expiration_time;
+    res = GNUNET_CRYPTO_ecdsa_verify_ (
      GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-      &block->ecdsa_block.purpose,
+      &purp->purpose,
      &block->ecdsa_block.signature,
      &block->ecdsa_block.derived_key);
+    break;
  case GNUNET_GNSRECORD_TYPE_EDKEY:
-    return GNUNET_CRYPTO_eddsa_verify_ (
+    purp->expiration_time = block->eddsa_block.expiration_time;
+    res = GNUNET_CRYPTO_eddsa_verify_ (
      GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-      &block->eddsa_block.purpose,
+      &purp->purpose,
      &block->eddsa_block.signature,
      &block->eddsa_block.derived_key);
+    break;
  default:
-    return GNUNET_NO;
+    res = GNUNET_NO;
  }
+  GNUNET_free (purp);
+  return res;
 }
 enum GNUNET_GenericReturnValue
-block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
+block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_Block *block,
                     const struct
                     GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
                     const char *label,
                     GNUNET_GNSRECORD_RecordCallback proc,
                     void *proc_cls)
 {
-  size_t payload_len = ntohl (block->purpose.size)
+  size_t payload_len = ntohl (block->size) - sizeof (struct
-                       - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+                                                     GNUNET_GNSRECORD_Block);
-                       - sizeof(struct GNUNET_TIME_AbsoluteNBO);
  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
-  if (ntohl (block->purpose.size) <
+  if (ntohl (block->size) <
      sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
      + sizeof(struct GNUNET_TIME_AbsoluteNBO))
  {
@@ -594,20 +644,18 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
  GNR_derive_block_aes_key (ctr,
                            key,
                            label,
-                            block->expiration_time.abs_value_us__,
+                            block->ecdsa_block.expiration_time.abs_value_us__,
                            zone_key);
  {
    char payload[payload_len];
-    uint32_t rd_count;
+    unsigned int rd_count;
    GNUNET_break (payload_len ==
                  ecdsa_symmetric_decrypt (&block[1], payload_len,
                                           key, ctr,
                                           payload));
-    GNUNET_memcpy (&rd_count,
+    rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
-                   payload,
+                                                              payload);
-                   sizeof(uint32_t));
-    rd_count = ntohl (rd_count);
    if (rd_count > 2048)
    {
      /* limit to sane value */
@@ -620,8 +668,8 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
      struct GNUNET_TIME_Absolute now;
      if (GNUNET_OK !=
-          GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t),
+          GNUNET_GNSRECORD_records_deserialize (payload_len,
-                                                &payload[sizeof(uint32_t)],
+                                                payload,
                                                rd_count,
                                                rd))
      {
@@ -699,20 +747,20 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
 enum GNUNET_GenericReturnValue
-block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
+block_decrypt_eddsa (const struct GNUNET_GNSRECORD_Block *block,
                     const struct
                     GNUNET_CRYPTO_EddsaPublicKey *zone_key,
                     const char *label,
                     GNUNET_GNSRECORD_RecordCallback proc,
                     void *proc_cls)
 {
-  size_t payload_len = ntohl (block->purpose.size)
+  const struct GNUNET_GNSRECORD_EddsaBlock *edblock = &block->eddsa_block;
-                       - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+  size_t payload_len = ntohl (block->size) - sizeof (struct
-                       - sizeof(struct GNUNET_TIME_AbsoluteNBO);
+                                                     GNUNET_GNSRECORD_Block);
  unsigned char nonce[crypto_secretbox_NONCEBYTES];
  unsigned char key[crypto_secretbox_KEYBYTES];
-  if (ntohl (block->purpose.size) <
+  if (ntohl (block->size) <
      sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
      + sizeof(struct GNUNET_TIME_AbsoluteNBO))
  {
@@ -722,20 +770,19 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
  GNR_derive_block_xsalsa_key (nonce,
                               key,
                               label,
-                               block->expiration_time.abs_value_us__,
+                               block->eddsa_block.expiration_time.abs_value_us__,
                               zone_key);
  {
    char payload[payload_len];
-    uint32_t rd_count;
+    unsigned int rd_count;
    GNUNET_break (GNUNET_OK ==
                  eddsa_symmetric_decrypt (&block[1], payload_len,
                                           key, nonce,
                                           payload));
-    GNUNET_memcpy (&rd_count,
+    payload_len -= crypto_secretbox_MACBYTES;
-                   payload,
+    rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
-                   sizeof(uint32_t));
+                                                              payload);
-    rd_count = ntohl (rd_count);
    if (rd_count > 2048)
    {
      /* limit to sane value */
@@ -748,8 +795,8 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
      struct GNUNET_TIME_Absolute now;
      if (GNUNET_OK !=
-          GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t),
+          GNUNET_GNSRECORD_records_deserialize (payload_len,
-                                                &payload[sizeof(uint32_t)],
+                                                payload,
                                                rd_count,
                                                rd))
      {
@@ -852,12 +899,12 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
  switch (ntohl (zone_key->type))
  {
  case GNUNET_IDENTITY_TYPE_ECDSA:
-    res = block_decrypt_ecdsa (&block->ecdsa_block,
+    res = block_decrypt_ecdsa (block,
                               &zone_key->ecdsa_key, norm_label, proc,
                               proc_cls);
    break;
  case GNUNET_IDENTITY_TYPE_EDDSA:
-    res = block_decrypt_eddsa (&block->eddsa_block,
+    res = block_decrypt_eddsa (block,
                               &zone_key->eddsa_key, norm_label, proc,
                               proc_cls);
    break;