Merge branch 'master' of ssh://gnunet.org/gnunet

53 files changed, 1122 insertions, 1647 deletions

diff --git a/.buildbot/firefly-x86_64-amdepyc_test_tng.sh b/.buildbot/firefly-x86_64-amdepyc_test_tng.sh
index 162363b5a..ff504ae57 100755
--- a/.buildbot/firefly-x86_64-amdepyc_test_tng.sh
+++ b/.buildbot/firefly-x86_64-amdepyc_test_tng.sh
@@ -3,6 +3,6 @@
 # echo "Skipped"
 
 pushd src/transport
-make check TESTS='test_communicator_basic-tcp test_communicator_rekey-tcp test_communicator_basic-unix test_communicator_basic-udp test_communicator_backchannel-udp'
+make check TESTS='test_communicator_basic-tcp test_communicator_rekey-tcp test_communicator_basic-unix test_communicator_basic-udp test_communicator_backchannel-udp test_communicator_rekey-udp'
 pkill --signal 9 -U buildbot gnunet
 popd
diff --git a/doc/handbook/chapters/configuration.texi b/doc/handbook/chapters/configuration.texi
index 286c72e7a..27efc82e2 100644
--- a/doc/handbook/chapters/configuration.texi
+++ b/doc/handbook/chapters/configuration.texi
@@ -1,5 +1,77 @@
 @node Configuration Handbook
 @chapter Configuration Handbook
 
-This chapter has yet to be written. It is intended to be about in-depth
+This chapter has yet to be fully written.  It is intended to be about in-depth
 configuration of GNUnet.
+
+
+@menu
+* Config file format::
+@end menu
+
+
+@node Config file format
+@section Config file format
+
+In GNUnet realm, all components obey the same pattern to get configuration
+values.  According to this pattern, once the component has been installed, the
+installation deploys default values in @file{$prefix/share/gnunet/config.d/},
+in @file{.conf} files.  In order to override these defaults, the user can
+write a custom @file{.conf} file and either pass it to the component at
+execution time, or name it @file{gnunet.conf} and place it under
+@file{$HOME/.config/}.
+
+A config file is a text file containing sections, and each section
+contains its values.  The right format follows:
+
+@example
+[section1]
+value1 = string
+value2 = 23
+
+[section2]
+value21 = string
+value22 = /path22
+@end example
+
+Throughout any configuration file, it is possible to use @code{$}-prefixed
+variables, like @code{$VAR}, especially when they represent filenames in in
+the filesystem.  It is also possible to provide defaults values for those
+variables that are unset, by using the following syntax:
+
+@example
+$@{VAR:-default@}
+@end example
+
+@noindent
+However, there are two ways a user can set @code{$}-prefixable variables:
+(a) by defining them under a @code{[paths]} section
+
+@example
+[paths]
+GNUNET_DEPLOYMENT_SHARED = $@{HOME@}/shared-data
+..
+[section-x]
+path-x = $@{GNUNET_DEPLOYMENT_SHARED@}/x
+@end example
+
+@noindent
+or (b) by setting them in the environment
+
+@example
+$ export VAR=/x
+@end example
+
+@noindent
+The configuration loader will give precedence to variables set under
+@code{[path]}, though.
+
+The utility @samp{gnunet-config}, which gets installed along with GNUnet,
+serves to get and set configuration values without directly editing the
+@file{.conf} file.  The option @samp{-f} is particularly useful to resolve
+filenames, when they use several levels of @code{$}-expanded variables.
+See @samp{gnunet-config --help}.
+
+Note that, in this stage of development, the file
+@file{$HOME/.config/gnunet.conf} can contain sections for @strong{all} the
+components.
diff --git a/doc/handbook/chapters/installation.texi b/doc/handbook/chapters/installation.texi
index d7b2fb590..40a23e738 100644
--- a/doc/handbook/chapters/installation.texi
+++ b/doc/handbook/chapters/installation.texi
@@ -327,8 +327,8 @@ Now GNS should work in browsers that are configured to use a SOCKS proxy on
 
 @node Minimal configuration
 @section Minimal configuration
-GNUnet needs a configuration file to start. For the @emph{single-user setup}
-an empty file is sufficient:
+GNUnet needs a configuration file to start (@pxref{Config file format}).
+For the @emph{single-user setup} an empty file is sufficient:
 
 @example
 $ touch ~/.config/gnunet.conf
@@ -2493,4 +2493,3 @@ Furthermore, 'make install' will silently fail to set the DNS binaries to
 be owned by group "gnunetdns" unless that group already exists (!).
 An alternative name for the "gnunetdns" group can be specified using the
 @code{--with-gnunetdns=GRPNAME} configure option.
-
diff --git a/doc/handbook/chapters/user.texi b/doc/handbook/chapters/user.texi
index adc287e04..4ae9aa951 100644
--- a/doc/handbook/chapters/user.texi
+++ b/doc/handbook/chapters/user.texi
@@ -2050,7 +2050,7 @@ The third party may retrieve the key in string format for use in the above
 call using "gnunet-identity":
 
 @example
-$ RP_KEY=$(gnunet-identity -d grep "relyingparty" | awk '@{print $3@}')
+$ RP_KEY=$(gnunet-identity -d | grep "relyingparty" | awk '@{print $3@}')
 @end example
 
 The third party can then retrieve your shared identity attributes using:
diff --git a/doc/handbook/gnunet.texi b/doc/handbook/gnunet.texi
index 5ff33d94c..ca74c347d 100644
--- a/doc/handbook/gnunet.texi
+++ b/doc/handbook/gnunet.texi
@@ -78,7 +78,7 @@ This document is the Reference Manual for GNUnet version @value{VERSION}.
 @c * Vocabulary::                      Vocabulary
 * Installing GNUnet::               Installing GNUnet
 * Using GNUnet::                    Using GNUnet
-@c * Configuration Handbook::          Configuring GNUnet
+* Configuration Handbook::          Configuring GNUnet
 * GNUnet Contributors Handbook::    Contributing to GNUnet
 * GNUnet Developer Handbook::       Developing GNUnet
 * GNU Free Documentation License::  The license of this manual
@@ -137,6 +137,10 @@ Using GNUnet
 * reclaimID Identity Provider::
 * Using the Virtual Public Network::
 
+Configuration Handbook
+
+* Config file format::
+
 GNUnet Contributors Handbook
 
 * Contributing to GNUnet::
@@ -209,6 +213,10 @@ GNUnet Developer Handbook
 @include chapters/user.texi
 @c *********************************************************************
 
+@c *********************************************************************
+@include chapters/configuration.texi
+@c *********************************************************************
+
 @include chapters/contributing.texi
 
 @c *********************************************************************
diff --git a/src/fs/gnunet-search.c b/src/fs/gnunet-search.c
index d25ae55e6..e49609b18 100644
--- a/src/fs/gnunet-search.c
+++ b/src/fs/gnunet-search.c
@@ -111,17 +111,20 @@ clean_task (void *cls)
   ctx = NULL;
   if (output_filename == NULL)
     return;
-  if (GNUNET_OK != GNUNET_FS_directory_builder_finish (db, &dsize, &ddata))
+  if (GNUNET_OK !=
+      GNUNET_FS_directory_builder_finish (db, &dsize, &ddata))
   {
     GNUNET_break (0);
     GNUNET_free (output_filename);
     return;
   }
-  if (dsize != GNUNET_DISK_fn_write (output_filename,
-                                     ddata,
-                                     dsize,
-                                     GNUNET_DISK_PERM_USER_READ
-                                     | GNUNET_DISK_PERM_USER_WRITE))
+  (void) GNUNET_DISK_directory_remove (output_filename);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (output_filename,
+                            ddata,
+                            dsize,
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE))
   {
     fprintf (stderr,
              _ ("Failed to write directory with search results to `%s'\n"),
diff --git a/src/fs/test_fs_download.c b/src/fs/test_fs_download.c
index 2be2e7f6a..2fe0da77c 100644
--- a/src/fs/test_fs_download.c
+++ b/src/fs/test_fs_download.c
@@ -299,8 +299,11 @@ run (void *cls,
                                             "USE_INDEX"))
   {
     fn1 = GNUNET_DISK_mktemp ("gnunet-download-indexed-test");
-    GNUNET_assert (FILESIZE ==
-                   GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
+    (void) GNUNET_DISK_directory_remove (fn1);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_DISK_fn_write (fn1,
+                                         buf,
+                                         FILESIZE,
                                          GNUNET_DISK_PERM_USER_READ
                                          | GNUNET_DISK_PERM_USER_WRITE));
     GNUNET_free (buf);
diff --git a/src/fs/test_fs_file_information.c b/src/fs/test_fs_file_information.c
index 9305471d6..9d0978e06 100644
--- a/src/fs/test_fs_file_information.c
+++ b/src/fs/test_fs_file_information.c
@@ -82,7 +82,8 @@ run (void *cls, char *const *args, const char *cfgfile,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -92,7 +93,8 @@ run (void *cls, char *const *args, const char *cfgfile,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_list_indexed.c b/src/fs/test_fs_list_indexed.c
index 93367883f..2f04a017a 100644
--- a/src/fs/test_fs_list_indexed.c
+++ b/src/fs/test_fs_list_indexed.c
@@ -198,7 +198,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -208,7 +209,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_publish.c b/src/fs/test_fs_publish.c
index c42e546e3..2ffc722da 100644
--- a/src/fs/test_fs_publish.c
+++ b/src/fs/test_fs_publish.c
@@ -184,7 +184,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -194,7 +195,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_publish_persistence.c b/src/fs/test_fs_publish_persistence.c
index 4ec39d06e..da0209793 100644
--- a/src/fs/test_fs_publish_persistence.c
+++ b/src/fs/test_fs_publish_persistence.c
@@ -258,7 +258,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -268,7 +269,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_unindex.c b/src/fs/test_fs_unindex.c
index a11c574c1..992672244 100644
--- a/src/fs/test_fs_unindex.c
+++ b/src/fs/test_fs_unindex.c
@@ -197,7 +197,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_unindex_persistence.c b/src/fs/test_fs_unindex_persistence.c
index c3668f4e0..802aaf7ca 100644
--- a/src/fs/test_fs_unindex_persistence.c
+++ b/src/fs/test_fs_unindex_persistence.c
@@ -267,7 +267,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index 6cdb1c2f7..2bb4b0897 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -697,8 +697,7 @@ check_create_message (void *cls,
 
 
 /**
- * Handler for CREATE message from client, creates
- * new identity.
+ * Handler for CREATE message from client, creates new identity.
  *
  * @param cls unused
  * @param client who sent the message
@@ -737,8 +736,7 @@ handle_create_message (void *cls,
                                ego);
   send_result_code (client, 0, NULL);
   fn = get_ego_filename (ego);
-  (void) GNUNET_DISK_directory_create_for_file (fn);
-  if (sizeof(struct GNUNET_IDENTITY_PrivateKey) !=
+  if (GNUNET_OK !=
       GNUNET_DISK_fn_write (fn,
                             &crm->private_key,
                             sizeof(struct GNUNET_IDENTITY_PrivateKey),
diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h
index bc2055709..b5af1146d 100644
--- a/src/include/gnunet_common.h
+++ b/src/include/gnunet_common.h
@@ -345,7 +345,7 @@ struct GNUNET_AsyncScopeSave
  *  #GNUNET_NO to stop iteration with no error,
  *  #GNUNET_SYSERR to abort iteration with error!
  */
-typedef int
+typedef enum GNUNET_GenericReturnValue
 (*GNUNET_FileNameCallback) (void *cls,
                             const char *filename);
 
diff --git a/src/include/gnunet_configuration_lib.h b/src/include/gnunet_configuration_lib.h
index b4e7f7d8f..ad55c1b9a 100644
--- a/src/include/gnunet_configuration_lib.h
+++ b/src/include/gnunet_configuration_lib.h
@@ -82,7 +82,7 @@ GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg);
  * @param filename name of the configuration file, NULL to load defaults
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_load (struct GNUNET_CONFIGURATION_Handle *cfg,
                            const char *filename);
 
@@ -95,7 +95,7 @@ GNUNET_CONFIGURATION_load (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param defaults_d directory with the defaults
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_load_from (struct GNUNET_CONFIGURATION_Handle *cfg,
                                 const char *defaults_d);
 
@@ -120,7 +120,7 @@ GNUNET_CONFIGURATION_default (void);
  * @param filename name of the configuration file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename);
 
@@ -149,7 +149,7 @@ GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg,
  *          when we come across them
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
                                   const char *mem,
                                   size_t size,
@@ -163,19 +163,20 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param filename where to write the configuration
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename);
 
 
 /**
  * Write only configuration entries that have been changed to configuration file
+ *
  * @param cfg_default default configuration
  * @param cfg_new new configuration
  * @param filename where to write the configuration diff between default and new
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write_diffs (const struct
                                   GNUNET_CONFIGURATION_Handle *cfg_default,
                                   const struct
@@ -204,7 +205,7 @@ GNUNET_CONFIGURATION_get_diff (const struct
  * @param cfg configuration to inspect
  * @return #GNUNET_NO if clean, #GNUNET_YES if dirty, #GNUNET_SYSERR on error (i.e. last save failed)
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_is_dirty (const struct GNUNET_CONFIGURATION_Handle *cfg);
 
 
@@ -215,7 +216,7 @@ GNUNET_CONFIGURATION_is_dirty (const struct GNUNET_CONFIGURATION_Handle *cfg);
  * @param cfg the configuration
  * @return status code
  */
-typedef int
+typedef enum GNUNET_GenericReturnValue
 (*GNUNET_CONFIGURATION_Callback)(void *cls,
                                  const struct GNUNET_CONFIGURATION_Handle *cfg);
 
@@ -231,7 +232,7 @@ typedef int
  * @return #GNUNET_SYSERR if parsing the configuration failed,
  *   otherwise return value from @a cb.
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse_and_run (const char *filename,
                                     GNUNET_CONFIGURATION_Callback cb,
                                     void *cb_cls);
@@ -311,7 +312,7 @@ GNUNET_CONFIGURATION_remove_section (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param number where to store the numeric value of the option
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_number (const struct
                                        GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -328,7 +329,7 @@ GNUNET_CONFIGURATION_get_value_number (const struct
  * @param number where to store the floating value of the option
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_float (const struct
                                       GNUNET_CONFIGURATION_Handle *cfg,
                                       const char *section,
@@ -345,7 +346,7 @@ GNUNET_CONFIGURATION_get_value_float (const struct
  * @param time set to the time value stored in the configuration
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_time (const struct
                                      GNUNET_CONFIGURATION_Handle *cfg,
                                      const char *section,
@@ -362,7 +363,7 @@ GNUNET_CONFIGURATION_get_value_time (const struct
  * @param size set to the size in bytes as stored in the configuration
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_size (const struct
                                      GNUNET_CONFIGURATION_Handle *cfg,
                                      const char *section,
@@ -378,7 +379,7 @@ GNUNET_CONFIGURATION_get_value_size (const struct
  * @param option option of interest
  * @return #GNUNET_YES if so, #GNUNET_NO if not.
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_have_value (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                  const char *section,
                                  const char *option);
@@ -394,12 +395,12 @@ GNUNET_CONFIGURATION_have_value (const struct GNUNET_CONFIGURATION_Handle *cfg,
  *        value, or NULL if option is not specified
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
-GNUNET_CONFIGURATION_get_value_string (const struct
-                                       GNUNET_CONFIGURATION_Handle *cfg,
-                                       const char *section,
-                                       const char *option,
-                                       char **value);
+enum GNUNET_GenericReturnValue
+GNUNET_CONFIGURATION_get_value_string (
+  const struct GNUNET_CONFIGURATION_Handle *cfg,
+  const char *section,
+  const char *option,
+  char **value);
 
 
 /**
@@ -413,7 +414,7 @@ GNUNET_CONFIGURATION_get_value_string (const struct
  *        value, or NULL if option is not specified
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_filename (const struct
                                          GNUNET_CONFIGURATION_Handle *cfg,
                                          const char *section,
@@ -466,7 +467,7 @@ GNUNET_CONFIGURATION_iterate_section_values (const struct
  *        or NULL if option is not specified and no default given
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_choice (const struct
                                        GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -483,7 +484,7 @@ GNUNET_CONFIGURATION_get_value_choice (const struct
  * @param option option of interest
  * @return #GNUNET_YES, #GNUNET_NO or if option has no valid value, #GNUNET_SYSERR
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_yesno (const struct
                                       GNUNET_CONFIGURATION_Handle *cfg,
                                       const char *section,
@@ -502,7 +503,7 @@ GNUNET_CONFIGURATION_get_value_yesno (const struct
  *         #GNUNET_NO is the value does not exist
  *         #GNUNET_SYSERR on decoding error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                const char *section,
                                const char *option,
@@ -527,9 +528,9 @@ GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
  * @return $-expanded string
  */
 char *
-GNUNET_CONFIGURATION_expand_dollar (const struct
-                                    GNUNET_CONFIGURATION_Handle *cfg,
-                                    char *orig);
+GNUNET_CONFIGURATION_expand_dollar (
+  const struct GNUNET_CONFIGURATION_Handle *cfg,
+  char *orig);
 
 
 /**
@@ -573,7 +574,7 @@ GNUNET_CONFIGURATION_set_value_string (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @return #GNUNET_OK on success,
  *         #GNUNET_SYSERR if the filename is not in the list
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_remove_value_filename (struct
                                             GNUNET_CONFIGURATION_Handle *cfg,
                                             const char *section,
@@ -592,7 +593,7 @@ GNUNET_CONFIGURATION_remove_value_filename (struct
  * @return #GNUNET_OK on success,
  *         #GNUNET_SYSERR if the filename already in the list
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_append_value_filename (struct
                                             GNUNET_CONFIGURATION_Handle *cfg,
                                             const char *section,
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 6dc56f0e4..5521dad3c 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1023,7 +1023,7 @@ GNUNET_CRYPTO_hmac_derive_key (
  * @param ... pair of void * & size_t for context chunks, terminated by NULL
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_hkdf (void *result,
                     size_t out_len,
                     int xtr_algo,
@@ -1049,7 +1049,7 @@ GNUNET_CRYPTO_hkdf (void *result,
  * @param argp va_list of void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_hkdf_v (void *result,
                       size_t out_len,
                       int xtr_algo,
@@ -1072,7 +1072,7 @@ GNUNET_CRYPTO_hkdf_v (void *result,
  * @param argp va_list of void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_kdf_v (void *result,
                      size_t out_len,
                      const void *xts,
@@ -1116,7 +1116,7 @@ GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
  * @param ... void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_kdf (void *result,
                    size_t out_len,
                    const void *xts,
@@ -1215,7 +1215,7 @@ GNUNET_CRYPTO_eddsa_public_key_to_string (
  * @param pub where to store the public key
  * @return #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -1245,7 +1245,7 @@ GNUNET_CRYPTO_eddsa_private_key_from_string (
  * @param pub where to store the public key
  * @return #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -1267,7 +1267,7 @@ GNUNET_CRYPTO_eddsa_public_key_from_string (
  * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
  *         we found an existing file, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
                                    int do_create,
                                    struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey);
@@ -1606,7 +1606,7 @@ GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
  * @param key_material where to write the key material (xyG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                         const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                         struct GNUNET_HashCode *key_material);
@@ -1622,7 +1622,7 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  * @param key_material where to write the key material H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1637,7 +1637,7 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
  * @param key_material where to write the key material H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1653,7 +1653,7 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
  * @param key_material where to write the key material H(yX)=H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1668,7 +1668,7 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  * @param key_material where to write the key material H(yX)=H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1689,7 +1689,7 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  * @param[out] sig where to write the signature
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_sign_ (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -1736,7 +1736,7 @@ GNUNET_CRYPTO_eddsa_sign_ (
  * @param[out] sig where to write the signature
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -2333,7 +2333,7 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
  * @param public_key public key of the signer
  * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
                           const struct GNUNET_CRYPTO_RsaSignature *sig,
                           const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
diff --git a/src/include/gnunet_disk_lib.h b/src/include/gnunet_disk_lib.h
index 3f29dc2e4..e45ab84f4 100644
--- a/src/include/gnunet_disk_lib.h
+++ b/src/include/gnunet_disk_lib.h
@@ -251,7 +251,7 @@ enum GNUNET_DISK_PipeEnd
  * @param h handle to check
  * @return #GNUNET_YES if invalid, #GNUNET_NO if valid
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h);
 
 
@@ -263,7 +263,7 @@ GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h);
  * @return #GNUNET_YES if yes, #GNUNET_NO if not a file, #GNUNET_SYSERR if something
  * else (will print an error message in that case, too).
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_test (const char *fil);
 
 
@@ -304,7 +304,7 @@ GNUNET_DISK_file_seek (const struct GNUNET_DISK_FileHandle *h,
  *        and return #GNUNET_SYSERR for directories.
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_size (const char *filename,
                        uint64_t *size,
                        int include_symbolic_links,
@@ -326,7 +326,7 @@ GNUNET_DISK_file_size (const char *filename,
  * @param ino set to the inode ID
  * @return #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_get_identifiers (const char *filename,
                                   uint64_t *dev,
                                   uint64_t *ino);
@@ -385,7 +385,7 @@ GNUNET_DISK_file_open (const char *fn,
  * @param size where to write size of the file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh,
                               off_t *size);
 
@@ -447,7 +447,7 @@ GNUNET_DISK_pipe_from_fd (enum GNUNET_DISK_PipeFlags pf,
  * @param p pipe
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p);
 
 
@@ -458,7 +458,7 @@ GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p);
  * @param end which end of the pipe to close
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close_end (struct GNUNET_DISK_PipeHandle *p,
                             enum GNUNET_DISK_PipeEnd end);
 
@@ -485,7 +485,7 @@ GNUNET_DISK_pipe_detach_end (struct GNUNET_DISK_PipeHandle *p,
  * @param h file handle
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_close (struct GNUNET_DISK_FileHandle *h);
 
 
@@ -609,19 +609,22 @@ GNUNET_DISK_file_write_blocking (const struct GNUNET_DISK_FileHandle *h,
 
 
 /**
- * Write a buffer to a file.  If the file is longer than
- * the given buffer size, it will be truncated.
+ * Write a buffer to a file atomically.  The directory is created if
+ * necessary.  Fail if @a filename already exists or if not exactly @a buf
+ * with @a buf_size bytes could be written to @a filename.
  *
  * @param fn file name
- * @param buffer the data to write
- * @param n number of bytes to write
+ * @param buf the data to write
+ * @param buf_size number of bytes to write from @a buf
  * @param mode file permissions
- * @return number of bytes written on success, #GNUNET_SYSERR on error
+ * @return #GNUNET_OK on success,
+ *         #GNUNET_NO if a file existed under @a filename
+ *         #GNUNET_SYSERR on failure
  */
-ssize_t
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_fn_write (const char *fn,
-                      const void *buffer,
-                      size_t n,
+                      const void *buf,
+                      size_t buf_size,
                       enum GNUNET_DISK_AccessPermissions mode);
 
 
@@ -632,7 +635,7 @@ GNUNET_DISK_fn_write (const char *fn,
  * @param dst destination file name
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_copy (const char *src,
                        const char *dst);
 
@@ -659,7 +662,7 @@ GNUNET_DISK_directory_scan (const char *dir_name,
  * @returns #GNUNET_OK on success, #GNUNET_SYSERR on failure,
  *          #GNUNET_NO if directory exists but is not writeable
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create_for_file (const char *filename);
 
 
@@ -675,8 +678,9 @@ GNUNET_DISK_directory_create_for_file (const char *filename);
  * @return #GNUNET_YES if yes, #GNUNET_NO if not; #GNUNET_SYSERR if it
  *           does not exist or `stat`ed
  */
-int
-GNUNET_DISK_directory_test (const char *fil, int is_readable);
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_directory_test (const char *fil,
+                            int is_readable);
 
 
 /**
@@ -685,7 +689,7 @@ GNUNET_DISK_directory_test (const char *fil, int is_readable);
  * @param filename the file to remove
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_remove (const char *filename);
 
 
@@ -707,7 +711,7 @@ GNUNET_DISK_purge_cfg_dir (const char *cfg_filename,
  * @param dir the directory to create
  * @returns #GNUNET_SYSERR on failure, #GNUNET_OK otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create (const char *dir);
 
 
@@ -725,7 +729,7 @@ GNUNET_DISK_filename_canonicalize (char *fn);
  * @param user new owner of the file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_change_owner (const char *filename,
                                const char *user);
 
@@ -758,7 +762,7 @@ GNUNET_DISK_file_map (const struct GNUNET_DISK_FileHandle *h,
  * @param h mapping handle
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h);
 
 
@@ -768,7 +772,7 @@ GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h);
  * @param h handle to an open file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_sync (const struct GNUNET_DISK_FileHandle *h);
 
 
diff --git a/src/include/gnunet_scheduler_lib.h b/src/include/gnunet_scheduler_lib.h
index b828e2db7..158f1d83b 100644
--- a/src/include/gnunet_scheduler_lib.h
+++ b/src/include/gnunet_scheduler_lib.h
@@ -497,13 +497,11 @@ GNUNET_SCHEDULER_cancel (struct GNUNET_SCHEDULER_Task *task);
  * @param priority priority to use for the task
  */
 void
-GNUNET_SCHEDULER_add_with_reason_and_priority (GNUNET_SCHEDULER_TaskCallback
-                                               task,
-                                               void *task_cls,
-                                               enum GNUNET_SCHEDULER_Reason
-                                               reason,
-                                               enum GNUNET_SCHEDULER_Priority
-                                               priority);
+GNUNET_SCHEDULER_add_with_reason_and_priority (
+  GNUNET_SCHEDULER_TaskCallback task,
+  void *task_cls,
+  enum GNUNET_SCHEDULER_Reason reason,
+  enum GNUNET_SCHEDULER_Priority priority);
 
 
 /**
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index dfd71e57a..8e9cd0c9d 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -824,19 +824,26 @@ check_proof_of_work (const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
  * Write our current proof to disk.
  */
 static void
-write_proof ()
+write_proof (void)
 {
   char *proof;
 
   if (GNUNET_OK !=
-      GNUNET_CONFIGURATION_get_value_filename (cfg, "NSE", "PROOFFILE", &proof))
+      GNUNET_CONFIGURATION_get_value_filename (cfg,
+                                               "NSE",
+                                               "PROOFFILE",
+                                               &proof))
     return;
-  if (sizeof(my_proof) != GNUNET_DISK_fn_write (proof,
-                                                &my_proof,
-                                                sizeof(my_proof),
-                                                GNUNET_DISK_PERM_USER_READ
-                                                | GNUNET_DISK_PERM_USER_WRITE))
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "write", proof);
+  (void) GNUNET_DISK_directory_remove (proof);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (proof,
+                            &my_proof,
+                            sizeof(my_proof),
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "write",
+                              proof);
   GNUNET_free (proof);
 }
 
diff --git a/src/peerinfo-tool/gnunet-peerinfo.c b/src/peerinfo-tool/gnunet-peerinfo.c
index 987c7c3a0..8b149c98e 100644
--- a/src/peerinfo-tool/gnunet-peerinfo.c
+++ b/src/peerinfo-tool/gnunet-peerinfo.c
@@ -451,13 +451,14 @@ dump_my_hello ()
     fprintf (stderr, _ ("Failure: Received invalid %s\n"), "HELLO");
     return;
   }
-  if (GNUNET_SYSERR == GNUNET_DISK_fn_write (dump_hello,
-                                             my_hello,
-                                             size,
-                                             GNUNET_DISK_PERM_USER_READ
-                                             | GNUNET_DISK_PERM_USER_WRITE
-                                             | GNUNET_DISK_PERM_GROUP_READ
-                                             | GNUNET_DISK_PERM_OTHER_READ))
+  if (GNUNET_SYSERR ==
+      GNUNET_DISK_fn_write (dump_hello,
+                            my_hello,
+                            size,
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE
+                            | GNUNET_DISK_PERM_GROUP_READ
+                            | GNUNET_DISK_PERM_OTHER_READ))
   {
     fprintf (stderr,
              _ ("Failed to write HELLO with %u bytes to file `%s'\n"),
diff --git a/src/peerinfo/gnunet-service-peerinfo.c b/src/peerinfo/gnunet-service-peerinfo.c
index 79af90dd4..1b1232ecb 100644
--- a/src/peerinfo/gnunet-service-peerinfo.c
+++ b/src/peerinfo/gnunet-service-peerinfo.c
@@ -807,13 +807,14 @@ update_hello (const struct GNUNET_PeerIdentity *peer,
       }
       GNUNET_assert (pos == size);
 
-      if (GNUNET_SYSERR == GNUNET_DISK_fn_write (fn,
-                                                 buffer,
-                                                 size,
-                                                 GNUNET_DISK_PERM_USER_READ
-                                                 | GNUNET_DISK_PERM_USER_WRITE
-                                                 | GNUNET_DISK_PERM_GROUP_READ
-                                                 | GNUNET_DISK_PERM_OTHER_READ))
+      if (GNUNET_SYSERR ==
+          GNUNET_DISK_fn_write (fn,
+                                buffer,
+                                size,
+                                GNUNET_DISK_PERM_USER_READ
+                                | GNUNET_DISK_PERM_USER_WRITE
+                                | GNUNET_DISK_PERM_GROUP_READ
+                                | GNUNET_DISK_PERM_OTHER_READ))
         GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "write", fn);
       else
         GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -987,13 +988,15 @@ discard_hosts_helper (void *cls, const char *fn)
 
   if (0 < write_pos)
   {
-    GNUNET_DISK_fn_write (fn,
-                          writebuffer,
-                          write_pos,
-                          GNUNET_DISK_PERM_USER_READ
-                          | GNUNET_DISK_PERM_USER_WRITE
-                          | GNUNET_DISK_PERM_GROUP_READ
-                          | GNUNET_DISK_PERM_OTHER_READ);
+    (void) GNUNET_DISK_directory_remove (fn);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_DISK_fn_write (fn,
+                                         writebuffer,
+                                         write_pos,
+                                         GNUNET_DISK_PERM_USER_READ
+                                         | GNUNET_DISK_PERM_USER_WRITE
+                                         | GNUNET_DISK_PERM_GROUP_READ
+                                         | GNUNET_DISK_PERM_OTHER_READ));
   }
   else if (0 != unlink (fn))
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING
diff --git a/src/pq/pq_connect.c b/src/pq/pq_connect.c
index 22230cf5c..fd73cf0d8 100644
--- a/src/pq/pq_connect.c
+++ b/src/pq/pq_connect.c
@@ -190,7 +190,7 @@ apply_patch (struct GNUNET_PQ_Context *db,
   if ( (GNUNET_OS_PROCESS_EXITED != type) ||
        (0 != code) )
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                 "Could not run PSQL on file %s: %d\n",
                 buf,
                 (int) code);
@@ -419,7 +419,7 @@ GNUNET_PQ_reconnect (struct GNUNET_PQ_Context *db)
         GNUNET_PQ_run_sql (db,
                            db->load_path))
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                   "Failed to load SQL statements from `%s*'\n",
                   db->load_path);
       PQfinish (db->conn);
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 40cc5751e..a90d02d68 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -694,7 +694,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
   // cmp code_challenge code_verifier
   code_challenge_len = ntohl (params->code_challenge_len);
   code_challenge = ((char *) &params[1]);
-  if (!(opts & OIDC_VERIFICATION_NO_CODE_VERIFIER))
+  if (! (opts & OIDC_VERIFICATION_NO_CODE_VERIFIER))
   {
     if (GNUNET_OK != check_code_challenge (code_challenge,
                                            code_challenge_len,
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c
index d59ea7c81..b5737158b 100644
--- a/src/revocation/gnunet-revocation.c
+++ b/src/revocation/gnunet-revocation.c
@@ -230,7 +230,7 @@ sync_pow ()
 {
   size_t psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
   if ((NULL != filename) &&
-      (psize !=
+      (GNUNET_OK !=
        GNUNET_DISK_fn_write (filename,
                              proof_of_work,
                              psize,
@@ -280,14 +280,17 @@ calculate_pow (void *cls)
   if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph))
   {
     psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
-    if ((NULL != filename) &&
-        (psize !=
-         GNUNET_DISK_fn_write (filename,
-                               proof_of_work,
-                               psize,
-                               GNUNET_DISK_PERM_USER_READ
-                               | GNUNET_DISK_PERM_USER_WRITE)))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename);
+    if (NULL != filename)
+    {
+      (void) GNUNET_DISK_directory_remove (filename);
+      if (GNUNET_OK !=
+          GNUNET_DISK_fn_write (filename,
+                                proof_of_work,
+                                psize,
+                                GNUNET_DISK_PERM_USER_READ
+                                | GNUNET_DISK_PERM_USER_WRITE))
+        GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename);
+    }
     if (perform)
     {
       perform_revocation ();
diff --git a/src/testbed/gnunet_mpi_test.c b/src/testbed/gnunet_mpi_test.c
index e0caf9676..2ee707fe6 100644
--- a/src/testbed/gnunet_mpi_test.c
+++ b/src/testbed/gnunet_mpi_test.c
@@ -49,7 +49,8 @@ main (int argc, char *argv[])
   (void) GNUNET_asprintf (&filename, "%d-%d.mpiout", (int) pid, rank);
   msg_size = GNUNET_asprintf (&msg, "My rank is: %d\n", rank);
   printf ("%s", msg);
-  if (msg_size ==
+  (void) GNUNET_DISK_directory_remove (filename);
+  if (GNUNET_OK ==
       GNUNET_DISK_fn_write (filename, msg, msg_size,
                             GNUNET_DISK_PERM_USER_READ
                             | GNUNET_DISK_PERM_GROUP_READ
diff --git a/src/topology/friends.c b/src/topology/friends.c
index a3b15d8f7..65c7e81d7 100644
--- a/src/topology/friends.c
+++ b/src/topology/friends.c
@@ -59,15 +59,6 @@ GNUNET_FRIENDS_parse (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                "FRIENDS");
     return GNUNET_SYSERR;
   }
-  if (GNUNET_SYSERR ==
-      GNUNET_DISK_directory_create_for_file (fn))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "mkdir",
-                              fn);
-    GNUNET_free (fn);
-    return GNUNET_SYSERR;
-  }
   if ((GNUNET_OK !=
        GNUNET_DISK_file_test (fn)) &&
       (GNUNET_OK !=
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 800a27aa2..0f9d40e13 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -813,42 +813,48 @@ test_communicator_basic_unix_SOURCES = \
 test_communicator_basic_unix_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_basic_tcp_SOURCES = \
  test_communicator_basic.c
 test_communicator_basic_tcp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_basic_udp_SOURCES = \
  test_communicator_basic.c
 test_communicator_basic_udp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_rekey_tcp_SOURCES = \
  test_communicator_basic.c
 test_communicator_rekey_tcp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_rekey_udp_SOURCES = \
  test_communicator_basic.c
 test_communicator_rekey_udp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_backchannel_udp_SOURCES = \
  test_communicator_basic.c
 test_communicator_backchannel_udp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 endif
 
 test_plugin_unix_SOURCES = \
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index 073b1ea02..018da8f0e 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -137,10 +137,10 @@
 #define MAX_SECRETS 128000
 
 /**
- * How often do we rekey based on number of bytes transmitted?
+ * Default value for how often we do rekey based on number of bytes transmitted?
  * (additionally randomized).
  */
-#define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
+#define DEFAULT_REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
 
 /**
  * Address prefix used by the communicator.
@@ -510,6 +510,11 @@ struct SharedSecret
 struct SenderAddress
 {
   /**
+   * Shared secret we use with @e target for rekeying.
+   */
+  struct SharedSecret *ss_rekey;
+
+  /**
    * Flag indicating sender is initiated rekeying for this receiver.
    */
   int rekeying;
@@ -760,6 +765,10 @@ struct BroadcastInterface
 static struct GNUNET_TIME_Relative rekey_interval;
 
 /**
+ * How often we do rekey based on number of bytes transmitted
+ */
+static unsigned long long rekey_max_bytes;
+/**
  * Shared secret we finished the last kce working queue for.
  */
 struct SharedSecret *ss_finished;
@@ -1056,14 +1065,14 @@ secret_destroy (struct SharedSecret *ss, int withoutKce)
   struct ReceiverAddress *receiver;
   struct KeyCacheEntry *kce;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "secret destroy %u %u\n",
-              withoutKce,
-              ss->sequence_allowed);
-
   if (withoutKce && (ss->sequence_allowed > 0))
     return GNUNET_NO;
 
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "secret %s destroy %u %u\n",
+              GNUNET_h2s (&ss->master),
+              withoutKce,
+              ss->sequence_allowed);
   if (NULL != (sender = ss->sender))
   {
     GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss);
@@ -1075,6 +1084,9 @@ secret_destroy (struct SharedSecret *ss, int withoutKce)
     receiver->num_secrets--;
     // Uncomment this for alternativ 1 of backchannel functionality
     receiver->acks_available -= (ss->sequence_allowed - ss->sequence_used);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "%u receiver->acks_available 3\n",
+                receiver->acks_available);
     // Until here for alternativ 1
   }
   while (NULL != (kce = ss->kce_head))
@@ -1194,15 +1206,15 @@ check_timeouts (void *cls)
   rt = GNUNET_TIME_UNIT_FOREVER_REL;
   while (NULL != (receiver = GNUNET_CONTAINER_heap_peek (receivers_heap)))
   {
-    if (GNUNET_YES != receiver->receiver_destroy_called)
-    {
-      rt = GNUNET_TIME_absolute_get_remaining (receiver->timeout);
-      if (0 != rt.rel_value_us)
-        break;
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Receiver timed out\n");
-      receiver_destroy (receiver);
-    }
+    /* if (GNUNET_YES != receiver->receiver_destroy_called) */
+    /* { */
+    rt = GNUNET_TIME_absolute_get_remaining (receiver->timeout);
+    if (0 != rt.rel_value_us)
+      break;
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Receiver timed out\n");
+    receiver_destroy (receiver);
+    // }
   }
   st = GNUNET_TIME_UNIT_FOREVER_REL;
   while (NULL != (sender = GNUNET_CONTAINER_heap_peek (senders_heap)))
@@ -1433,7 +1445,8 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
   int at_least_one_destroyed = GNUNET_NO;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Starting destroy all.\n");
+              "Starting destroy all withoutKce: %u.\n",
+              withoutKce);
 
   if (NULL != (sender = ss->sender))
   {
@@ -1451,7 +1464,7 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
   }
 
   pos = ss_start;
-  while ( NULL != pos)
+  while (NULL != pos)
   {
     ss_to_destroy = pos;
     pos = pos->next;
@@ -1462,6 +1475,8 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
 
   if ((ss != ss_start) && ! at_least_one_destroyed)
   {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Really destroying all.\n");
     destroy_all_secrets (ss_start, GNUNET_NO);
   }
 
@@ -1469,8 +1484,9 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
               "Finished destroy all.\n");
 }
 
+
 static void
-add_acks (struct SharedSecret *ss, int acks_to_add, int remove_from_receiver)
+add_acks (struct SharedSecret *ss, int acks_to_add)
 {
 
   struct ReceiverAddress *receiver = ss->receiver;
@@ -1489,6 +1505,9 @@ add_acks (struct SharedSecret *ss, int acks_to_add, int remove_from_receiver)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Tell transport we have %u more acks!\n",
               acks_to_add);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u kce for rekeying.\n",
+              receiver->number_rekeying_kce);
   GNUNET_TRANSPORT_communicator_mq_update (ch,
                                            receiver->d_qh,
                                            acks_to_add,
@@ -1496,35 +1515,70 @@ add_acks (struct SharedSecret *ss, int acks_to_add, int remove_from_receiver)
   // Until here for alternativ 1
 
   /* move ss to head to avoid discarding it anytime soon! */
-  if (remove_from_receiver)
-    GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
+
+  GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
   GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
   destroy_all_secrets (ss, GNUNET_YES);
+}
 
 
-  // Uncomment this for alternativ 2 of backchannel functionality
-  /*if (receiver->acks_available != ack->acks_available)
+static uint32_t
+reset_rekey_kces (struct ReceiverAddress *receiver,
+                  uint32_t acks_to_add)
+{
+  int needed_for_rekeying;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u kce for rekeying and %u acks_to_add\n",
+              receiver->number_rekeying_kce,
+              acks_to_add);
+
+  needed_for_rekeying = (3 - receiver->number_rekeying_kce);
+  if (acks_to_add <= needed_for_rekeying)
   {
-    receiver->acks_available = ack->acks_available;
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Tell transport we have different number of acks!\n");
-    GNUNET_TRANSPORT_communicator_mq_update (ch,
-                                             receiver->d_qh,
-                                             receiver->acks_available,
-                                             1);
-                                             }*/
-  // Until here for alternativ 2
+    receiver->number_rekeying_kce += acks_to_add;
+    acks_to_add = 0;
+  }
+  else
+  {
+    acks_to_add -= (3 - receiver->number_rekeying_kce);
+    receiver->number_rekeying_kce = 3;
+  }
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u kce for rekeying and %u acks_to_add\n",
+              receiver->number_rekeying_kce,
+              acks_to_add);
+  return acks_to_add;
 }
 
+
 static void
 add_acks_rekey (struct ReceiverAddress *receiver)
 {
-  add_acks (receiver->ss_rekey, receiver->ss_rekey->sequence_allowed - 3,
-            GNUNET_NO);
+  uint32_t acks_to_add = receiver->ss_rekey->sequence_allowed;
+
+  if (receiver->number_rekeying_kce < 3)
+    acks_to_add = reset_rekey_kces (receiver, acks_to_add);
   receiver->acks_available = receiver->ss_rekey->sequence_allowed;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u receiver->acks_available 4\n",
+              receiver->acks_available);
+  /* add_acks (receiver->ss_rekey, acks_to_add - 3); */
+  if (0 != acks_to_add)
+  {
+    add_acks (receiver->ss_rekey, acks_to_add);
+  }
   receiver->ss_rekey = NULL;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "# rekeying successful\n");
+  GNUNET_STATISTICS_update (stats,
+                            "# rekeying successful",
+                            1,
+                            GNUNET_NO);
 }
 
+
 /**
  * We received an ACK for @a pid. Check if it is for
  * the receiver in @a value and if so, handle it and
@@ -1540,15 +1594,17 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
 {
   const struct UDPAck *ack = cls;
   struct ReceiverAddress *receiver = value;
-  int acks_to_add;
+  uint32_t acks_to_add;
   uint32_t allowed;
+  // int needed_for_rekeying;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "in handle ack\n");
+              "in handle ack with cmac %s\n",
+              GNUNET_h2s (&ack->cmac));
 
   if (NULL != receiver->ss_rekey)
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Received secret with cmac %s \n",
+                "We have rekey secret with cmac %s \n",
                 GNUNET_h2s (&receiver->ss_rekey->cmac));
 
   if ((NULL != receiver->ss_rekey) && (0 == memcmp (&ack->cmac,
@@ -1598,16 +1654,37 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
         // Uncomment this for alternativ 1 of backchannel functionality
         acks_to_add = (allowed - ss->sequence_allowed);
         if ((GNUNET_NO == receiver->rekeying) &&
-            (receiver->number_rekeying_kce <
-             3) )
+            (receiver->number_rekeying_kce < 3) )
+          acks_to_add = reset_rekey_kces (receiver, acks_to_add);
+        /* if ((GNUNET_NO == receiver->rekeying) && */
+        /*     (receiver->number_rekeying_kce < */
+        /*      3) ) */
+        /* { */
+        /*   needed_for_rekeying = (3 - receiver->number_rekeying_kce); */
+        /*   if (acks_to_add <= needed_for_rekeying) */
+        /*   { */
+        /*     receiver->number_rekeying_kce += acks_to_add; */
+        /*     acks_to_add = 0; */
+        /*   } */
+        /*   else */
+        /*   { */
+        /*     acks_to_add -= (3 - receiver->number_rekeying_kce); */
+        /*     receiver->number_rekeying_kce = 3; */
+        /*   } */
+        /* } */
+        /* GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, */
+        /*             "%u kce for rekeying\n", */
+        /*             receiver->number_rekeying_kce); */
+
+        if ((0 != acks_to_add) && (GNUNET_NO == receiver->rekeying))
         {
-          acks_to_add -= (3 - receiver->number_rekeying_kce);
-          receiver->number_rekeying_kce = 3;
+          receiver->acks_available += (allowed - ss->sequence_allowed);
+          ss->sequence_allowed = allowed;
+          GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                      "%u receiver->acks_available 5\n",
+                      receiver->acks_available);
+          add_acks (ss, acks_to_add);
         }
-        receiver->acks_available += (allowed - ss->sequence_allowed);
-        ss->sequence_allowed = allowed;
-
-        add_acks (ss, acks_to_add, GNUNET_YES);
       }
       return GNUNET_NO;
     }
@@ -1663,18 +1740,21 @@ try_handle_plaintext (struct SenderAddress *sender,
 }
 
 
-
 static void
 kce_generate_cb (void *cls)
 {
   struct SharedSecret *ss = cls;
   kce_task = NULL;
 
-  if (ss->sender->acks_available < KCN_TARGET)
+  if (((GNUNET_NO == ss->sender->rekeying) && (ss->sender->acks_available <
+                                               KCN_TARGET) ) ||
+      ((ss->sender->ss_rekey == ss) && (GNUNET_YES == ss->sender->rekeying) &&
+       (ss->sender->acks_available < 128)))
   {
 
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Precomputing keys\n");
+                "Precomputing keys for master %s\n",
+                GNUNET_h2s (&(ss->master)));
 
     for (int i = 0; i < GENERATE_AT_ONCE; i++)
       kce_generate (ss, ++ss->sequence_allowed);
@@ -1694,6 +1774,7 @@ kce_generate_cb (void *cls)
 
 }
 
+
 static void
 kce_generate_rekey_cb (void *cls)
 {
@@ -1702,6 +1783,11 @@ kce_generate_rekey_cb (void *cls)
 
   if (NULL == kce_task)
   {
+
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Precomputing keys for rekey master %s\n",
+                GNUNET_h2s (&(ss->master)));
+
     for (int i = 0; i < GENERATE_AT_ONCE; i++)
       kce_generate (ss, ++ss->sequence_allowed);
 
@@ -1760,25 +1846,36 @@ consider_ss_ack (struct SharedSecret *ss, int initial)
   if (((NULL != kce_task) && kce_task_finished) || (GNUNET_NO == initial))
   {
     struct UDPAck ack;
+    struct SharedSecret *ss_tell;
+
+    if (GNUNET_NO != initial)
+      ss_tell = ss_finished;
+    else
+      ss_tell = ss;
 
     ack.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK);
     ack.header.size = htons (sizeof(ack));
-    ack.sequence_max = htonl (ss_finished->sequence_allowed);
+    ack.sequence_max = htonl (ss_tell->sequence_allowed);
     ack.acks_available = ss->sender->acks_available;
-    ack.cmac = ss_finished->cmac;
+    ack.cmac = ss_tell->cmac;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Notifying transport of UDPAck %s with intial %u\n",
-                GNUNET_i2s_full (&ss_finished->sender->target),
-                initial);
+                "Notifying transport of UDPAck %s with intial %u and master %s\n",
+                GNUNET_i2s_full (&ss_tell->sender->target),
+                initial,
+                GNUNET_h2s (&(ss_tell->master)));
     GNUNET_TRANSPORT_communicator_notify (ch,
-                                          &ss_finished->sender->target,
+                                          &ss_tell->sender->target,
                                           COMMUNICATOR_ADDRESS_PREFIX,
                                           &ack.header);
-    destroy_all_secrets (ss, GNUNET_YES);
-    kce_task = NULL;
-    kce_task_finished = GNUNET_NO;
+    if (GNUNET_NO != initial)
+    {
+      destroy_all_secrets (ss, GNUNET_YES);
+      kce_task = NULL;
+      kce_task_finished = GNUNET_NO;
+    }
   }
-  else if ((NULL == kce_task) && ((KCN_THRESHOLD > ss->sender->acks_available)||
+  else if ((NULL == kce_task) && ((KCN_THRESHOLD >
+                                   ss->sender->acks_available) ||
                                   (GNUNET_YES == ss->sender->rekeying) ||
                                   (ss->sender->num_secrets > MAX_SECRETS) ))
   {
@@ -1835,6 +1932,10 @@ decrypt_box (const struct UDPBox *box,
                             "# bytes decrypted with BOX",
                             sizeof(out_buf),
                             GNUNET_NO);
+  GNUNET_STATISTICS_update (stats,
+                            "# messages decrypted with BOX",
+                            1,
+                            GNUNET_NO);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "decrypted UDPBox with kid %s\n",
               GNUNET_sh2s (&box->kid));
@@ -1842,19 +1943,22 @@ decrypt_box (const struct UDPBox *box,
   if ((GNUNET_NO == box->rekeying) && (GNUNET_YES == ss->sender->rekeying))
   {
     ss->sender->rekeying = GNUNET_NO;
+    ss->sender->ss_rekey = NULL;
     // destroy_all_secrets (ss, GNUNET_NO);
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Receiver stopped rekeying.\n");
   }
   else if (GNUNET_NO == box->rekeying)
-    consider_ss_ack (ss, GNUNET_YES);
-  else{
+    consider_ss_ack (ss, GNUNET_NO);
+  else
+  {
     ss->sender->rekeying = GNUNET_YES;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Receiver started rekeying.\n");
+                "Got Box: Receiver doing rekeying.\n");
   }
 }
 
+
 /**
  * We received a @a rekey with matching @a kce.  Decrypt and process it.
  *
@@ -1921,6 +2025,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
   /* GNUNET_assert (ss_rekey->prev == NULL && sender->ss_head != ss_rekey); */
   /* GNUNET_assert (ss_rekey->next == NULL && sender->ss_tail != ss_rekey); */
   GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
+  sender->ss_rekey = ss_rekey;
   sender->num_secrets++;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received secret with cmac %s\n",
@@ -1941,6 +2046,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
 
 }
 
+
 /**
  * Closure for #find_sender_by_address()
  */
@@ -2151,20 +2257,26 @@ sock_read (void *cls)
     box = (const struct UDPBox *) buf;
     kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);
 
-    if ((GNUNET_YES == box->rekeying)||(GNUNET_NO == box->rekeying))
+    if ((GNUNET_YES == box->rekeying) || (GNUNET_NO == box->rekeying))
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "UDPRekey has rekeying %u\n",
                   box->rekeying);
     else
       do_decrypt = GNUNET_YES;
-    if ((GNUNET_YES == do_decrypt)&& (NULL != kce) && (GNUNET_YES ==
-                                                       kce->ss->sender->rekeying))
+
+    if ((GNUNET_YES == do_decrypt) && (NULL != kce) && (GNUNET_YES ==
+                                                        kce->ss->sender->
+                                                        rekeying))
     {
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "UDPRekey with kid %s\n",
                   GNUNET_sh2s (&rekey->kid));
       sender = setup_sender (&rekey->sender, (const struct sockaddr *) &sa,
                              salen);
+
+      if (NULL != sender->ss_rekey)
+        return;
+
       decrypt_rekey (rekey, (size_t) rcvd, kce, sender);
       return;
     }
@@ -2290,16 +2402,18 @@ sock_read (void *cls)
     if ((GNUNET_NO == kx->rekeying) && (GNUNET_YES == ss->sender->rekeying))
     {
       ss->sender->rekeying = GNUNET_NO;
+      sender->ss_rekey = NULL;
       // destroy_all_secrets (ss, GNUNET_NO);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Receiver stopped rekeying.\n");
     }
     else if (GNUNET_NO == kx->rekeying)
       consider_ss_ack (ss, GNUNET_YES);
-    else{
+    else
+    {
       ss->sender->rekeying = GNUNET_YES;
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Receiver started rekeying.\n");
+                  "Got KX: Receiver doing rekeying.\n");
     }
     /*if (sender->num_secrets > MAX_SECRETS)
       secret_destroy (sender->ss_tail);*/
@@ -2560,6 +2674,7 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
   GNUNET_MQ_impl_send_continue (mq);
 }
 
+
 static void
 check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
 {
@@ -2583,13 +2698,13 @@ check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
                 rt.rel_value_us,
                 receiver->rekey_timeout.abs_value_us);
 
-    if ((0 == rt.rel_value_us)||(receiver->rekey_send_bytes >
-                                 REKEY_MAX_BYTES) )
+    if ((0 == rt.rel_value_us) || (receiver->rekey_send_bytes >
+                                   rekey_max_bytes) )
     {
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Bytes send %lu greater than %llu max bytes\n.",
                   receiver->rekey_send_bytes,
-                  REKEY_MAX_BYTES);
+                  rekey_max_bytes);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Relative time is %lu and timeout is %lu\n.",
                   rt.rel_value_us,
@@ -2612,6 +2727,7 @@ check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
   }
 }
 
+
 static void
 send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
 {
@@ -2631,9 +2747,14 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
                  - (receiver->rekey_acks_available % 3)) / 3;
     is_ss_rekey_sequence_allowed_zero = (0 ==
                                          receiver->ss_rekey->sequence_allowed);
-    is_acks_available_below = (receiver->acks_available > not_below);
+    is_acks_available_below = (receiver->acks_available >= not_below);
     send_rekey = (0 == (receiver->acks_available - not_below) % not_below) &&
                  is_acks_available_below && is_ss_rekey_sequence_allowed_zero;
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "send_rekey: %u, %u, %u\n",
+                send_rekey,
+                receiver->rekey_acks_available,
+                receiver->acks_available);
   }
   else if (NULL == receiver->ss_rekey)
   {
@@ -2641,6 +2762,7 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
     GNUNET_CRYPTO_ecdhe_key_create (&epriv);
     receiver->ss_rekey = setup_shared_secret_enc (&epriv, receiver,
                                                   GNUNET_NO);
+    receiver->ss_rekey->sequence_allowed = 0;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Setup secret with cmac %s\n",
                 GNUNET_h2s (&(receiver->ss_rekey->cmac)));
@@ -2700,6 +2822,9 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Sending rekey with cmac %s\n",
                   GNUNET_h2s (&(receiver->ss_rekey->cmac)));
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "%u rekey kces left.\n",
+                  receiver->number_rekeying_kce);
 
       if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
                                               rekey_dgram,
@@ -2708,6 +2833,10 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
                                               receiver->address_len))
         GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
 
+      receiver->acks_available--;
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "%u receiver->acks_available 1\n",
+                  receiver->acks_available);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Sending UDPRekey to %s\n", GNUNET_a2s (receiver->address,
                                                           receiver->
@@ -2737,6 +2866,12 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
   if ((msize > receiver->d_mtu) ||
       (0 == receiver->acks_available))
   {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "msize: %u, mtu: %lu, acks: %u\n",
+                msize,
+                receiver->d_mtu,
+                receiver->acks_available);
+
     GNUNET_break (0);
     if (GNUNET_YES != receiver->receiver_destroy_called)
       receiver_destroy (receiver);
@@ -2789,8 +2924,6 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
     else
       box->rekeying = GNUNET_YES;
 
-    check_for_rekeying (receiver, box);
-
     if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
                                             dgram,
                                             sizeof(dgram),
@@ -2798,11 +2931,15 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
                                             receiver->address_len))
       GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Sending UDPBox to %s\n", GNUNET_a2s (receiver->address,
-                                                      receiver->address_len));
+                "Sending UDPBox %u acks left\n",
+                receiver->acks_available);
     GNUNET_MQ_impl_send_continue (mq);
     receiver->acks_available--;
-    if (0 == receiver->acks_available)
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "%u receiver->acks_available 2\n",
+                receiver->acks_available);
+    check_for_rekeying (receiver, box);
+    if (0 == receiver->acks_available - receiver->number_rekeying_kce)
     {
       /* We have no more ACKs */
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2810,6 +2947,8 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
       if (GNUNET_YES == receiver->rekeying)
       {
         receiver->rekeying = GNUNET_NO;
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "Sender stopped rekeying\n");
 
         if ((NULL != receiver->ss_rekey) && (0 <
                                              receiver->ss_rekey->
@@ -3120,6 +3259,8 @@ get_sender_delete_it (void *cls,
 static void
 do_shutdown (void *cls)
 {
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "do_shutdown\n");
   if (NULL != nat)
   {
     GNUNET_NAT_unregister (nat);
@@ -3154,18 +3295,26 @@ do_shutdown (void *cls)
   }
   if (NULL != udp_sock)
   {
-    GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (udp_sock));
+    GNUNET_break (GNUNET_OK ==
+                  GNUNET_NETWORK_socket_close (udp_sock));
     udp_sock = NULL;
   }
   GNUNET_CONTAINER_multipeermap_iterate (receivers,
                                          &get_receiver_delete_it,
                                          NULL);
   GNUNET_CONTAINER_multipeermap_destroy (receivers);
-  GNUNET_CONTAINER_multipeermap_iterate (senders, &get_sender_delete_it, NULL);
+  GNUNET_CONTAINER_multipeermap_iterate (senders,
+                                         &get_sender_delete_it,
+                                         NULL);
   GNUNET_CONTAINER_multipeermap_destroy (senders);
   GNUNET_CONTAINER_multishortmap_destroy (key_cache);
   GNUNET_CONTAINER_heap_destroy (senders_heap);
   GNUNET_CONTAINER_heap_destroy (receivers_heap);
+  if (NULL != timeout_task)
+  {
+    GNUNET_SCHEDULER_cancel (timeout_task);
+    timeout_task = NULL;
+  }
   if (NULL != ch)
   {
     GNUNET_TRANSPORT_communicator_disconnect (ch);
@@ -3191,6 +3340,8 @@ do_shutdown (void *cls)
     GNUNET_NT_scanner_done (is);
     is = NULL;
   }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "do_shutdown finished\n");
 }
 
 
@@ -3302,25 +3453,29 @@ ifc_broadcast (void *cls)
       static int no = 0;
       ssize_t sent;
 
-      if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
-                                                         SOL_SOCKET,
-                                                         SO_BROADCAST,
-                                                         &yes,
-                                                         sizeof(int)))
-        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
+      if (GNUNET_OK !=
+          GNUNET_NETWORK_socket_setsockopt (udp_sock,
+                                            SOL_SOCKET,
+                                            SO_BROADCAST,
+                                            &yes,
+                                            sizeof(int)))
+        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                             "setsockopt");
       sent = GNUNET_NETWORK_socket_sendto (udp_sock,
                                            &bi->bcm,
                                            sizeof(bi->bcm),
                                            bi->ba,
                                            bi->salen);
       if (-1 == sent)
-        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "sendto");
+        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                             "sendto");
       if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
                                                          SOL_SOCKET,
                                                          SO_BROADCAST,
                                                          &no,
                                                          sizeof(int)))
-        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
+        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                             "setsockopt");
       break;
     }
 
@@ -3402,9 +3557,18 @@ iface_proc (void *cls,
     return GNUNET_OK; /* not using IPv6 */
 
   bi = GNUNET_new (struct BroadcastInterface);
-  bi->sa = GNUNET_memdup (addr, addrlen);
-  if (NULL != broadcast_addr)
-    bi->ba = GNUNET_memdup (broadcast_addr, addrlen);
+  bi->sa = GNUNET_memdup (addr,
+                          addrlen);
+  if ( (NULL != broadcast_addr) &&
+       (addrlen == sizeof (struct sockaddr_in)) )
+  {
+    struct sockaddr_in *ba;
+
+    ba = GNUNET_memdup (broadcast_addr,
+                        addrlen);
+    ba->sin_port = htons (2086); /* always GNUnet port, ignore configuration! */
+    bi->ba = (struct sockaddr *) ba;
+  }
   bi->salen = addrlen;
   bi->found = GNUNET_YES;
   bi->bcm.sender = my_identity;
@@ -3415,7 +3579,7 @@ iface_proc (void *cls,
   GNUNET_CRYPTO_eddsa_sign (my_private_key,
                             &ubs,
                             &bi->bcm.sender_sig);
-  if (NULL != broadcast_addr)
+  if (NULL != bi->ba)
   {
     bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi);
     GNUNET_CONTAINER_DLL_insert (bi_head, bi_tail, bi);
@@ -3522,6 +3686,13 @@ run (void *cls,
                                            &rekey_interval))
     rekey_interval = DEFAULT_REKEY_TIME_INTERVAL;
 
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_size (cfg,
+                                           COMMUNICATOR_CONFIG_SECTION,
+                                           "REKEY_MAX_BYTES",
+                                           &rekey_max_bytes))
+    rekey_max_bytes = DEFAULT_REKEY_MAX_BYTES;
+
   in = udp_address_to_sockaddr (bindto, &in_len);
   if (NULL == in)
   {
@@ -3532,7 +3703,9 @@ run (void *cls,
     return;
   }
   udp_sock =
-    GNUNET_NETWORK_socket_create (in->sa_family, SOCK_DGRAM, IPPROTO_UDP);
+    GNUNET_NETWORK_socket_create (in->sa_family,
+                                  SOCK_DGRAM,
+                                  IPPROTO_UDP);
   if (NULL == udp_sock)
   {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
@@ -3542,9 +3715,14 @@ run (void *cls,
   }
   if (AF_INET6 == in->sa_family)
     have_v6_socket = GNUNET_YES;
-  if (GNUNET_OK != GNUNET_NETWORK_socket_bind (udp_sock, in, in_len))
+  if (GNUNET_OK !=
+      GNUNET_NETWORK_socket_bind (udp_sock,
+                                  in,
+                                  in_len))
   {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "bind", bindto);
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                              "bind",
+                              bindto);
     GNUNET_NETWORK_socket_close (udp_sock);
     udp_sock = NULL;
     GNUNET_free (in);
diff --git a/src/transport/test_communicator_basic.c b/src/transport/test_communicator_basic.c
index 7ea04afdb..ea1a7b1fb 100644
--- a/src/transport/test_communicator_basic.c
+++ b/src/transport/test_communicator_basic.c
@@ -73,6 +73,10 @@ static struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *my_tc;
 
 static char *test_name;
 
+static struct GNUNET_STATISTICS_GetHandle *box_stats;
+
+static struct GNUNET_STATISTICS_GetHandle *rekey_stats;
+
 #define SHORT_MESSAGE_SIZE 128
 
 #define LONG_MESSAGE_SIZE 32000 /* FIXME */
@@ -90,7 +94,7 @@ static unsigned int iterations_left = TOTAL_ITERATIONS;
 #define TIMEOUT_MULTIPLIER 1
 
 #define DELAY \
-  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,50)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,200)
 
 #define SHORT_BURST_WINDOW \
   GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,2)
@@ -129,12 +133,12 @@ static struct GNUNET_TIME_Relative duration;
 
 
 static void
-communicator_available_cb (void *cls,
-                           struct
-                           GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
-                           *tc_h,
-                           enum GNUNET_TRANSPORT_CommunicatorCharacteristics cc,
-                           char *address_prefix)
+communicator_available_cb (
+  void *cls,
+  struct
+  GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  enum GNUNET_TRANSPORT_CommunicatorCharacteristics cc,
+  char *address_prefix)
 {
   LOG (GNUNET_ERROR_TYPE_INFO,
        "Communicator available. (cc: %u, prefix: %s)\n",
@@ -142,10 +146,11 @@ communicator_available_cb (void *cls,
        address_prefix);
 }
 
+
 static void
 open_queue (void *cls)
 {
-  char *address = cls;
+  const char *address = cls;
 
   if (NULL != tc_hs[PEER_A]->c_mq)
   {
@@ -158,30 +163,32 @@ open_queue (void *cls)
   {
     GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
                                   &open_queue,
-                                  address);
+                                  (void *) address);
   }
 }
 
+
 static void
-add_address_cb (void *cls,
-                struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *
-                tc_h,
-                const char *address,
-                struct GNUNET_TIME_Relative expiration,
-                uint32_t aid,
-                enum GNUNET_NetworkType nt)
+add_address_cb (
+  void *cls,
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  const char *address,
+  struct GNUNET_TIME_Relative expiration,
+  uint32_t aid,
+  enum GNUNET_NetworkType nt)
 {
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "New address. (addr: %s, expir: %" PRIu32 ", ID: %" PRIu32 ", nt: %u\n",
+       "New address. (addr: %s, expir: %s, ID: %" PRIu32 ", nt: %u\n",
        address,
-       expiration.rel_value_us,
+       GNUNET_STRINGS_relative_time_to_string (expiration,
+                                               GNUNET_NO),
        aid,
-       nt);
+       (int) nt);
   // addresses[1] = GNUNET_strdup (address);
   if ((0 == strcmp ((char*) cls, cfg_peers_name[PEER_B])) &&
       (GNUNET_NO == queue_est))
   {
-    open_queue (address);
+    open_queue ((void *) address);
   }
 }
 
@@ -198,12 +205,13 @@ add_address_cb (void *cls,
  *                #GNUNET_NO if queue will not be established (bogous address)
  */
 static void
-queue_create_reply_cb (void *cls,
-                       struct
-                       GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *
-                       tc_h,
-                       int will_try)
+queue_create_reply_cb (
+  void *cls,
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  int will_try)
 {
+  (void) cls;
+  (void) tc_h;
   if (GNUNET_YES == will_try)
     LOG (GNUNET_ERROR_TYPE_DEBUG,
          "Queue will be established!\n");
@@ -219,6 +227,9 @@ handle_backchannel_cb (void *cls,
                        struct GNUNET_PeerIdentity *pid)
 {
   struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h = cls;
+
+  (void) tc_h;
+  (void) msg;
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Handling BC message...\n");
   if (0 == memcmp (&peer_id[PEER_A], pid, sizeof (*pid)))
     return tc_hs[PEER_A];
@@ -260,9 +271,11 @@ latency_timeout (void *cls)
                                        NULL);
     return;
   }
-
   switch (phase)
   {
+  case TP_INIT:
+    GNUNET_assert (0);
+    break;
   case TP_BURST_SHORT:
     num_sent = num_sent_short;
     num_received = num_received_short;
@@ -283,6 +296,7 @@ latency_timeout (void *cls)
   GNUNET_SCHEDULER_shutdown ();
 }
 
+
 /*static void
   size_test (void *cls);*/
 
@@ -294,7 +308,7 @@ size_test (void *cls)
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "size_test_cb %u\n",
-       num_sent_size);
+       (unsigned int) num_sent_size);
   GNUNET_assert (TP_SIZE_CHECK == phase);
   if (LONG_MESSAGE_SIZE != long_message_size)
     max_size = long_message_size;
@@ -316,13 +330,6 @@ size_test (void *cls)
                                                 TIMEOUT_MULTIPLIER));
 }
 
-/*static void
-size_test (void *cls)
-{
-  GNUNET_SCHEDULER_add_delayed (DELAY,
-                                &size_test_cb,
-                                NULL);
-                                }*/
 
 static void
 long_test (void *cls);
@@ -334,27 +341,27 @@ long_test_cb (void *cls)
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "long_test_cb %u/%u\n",
-       num_sent_long,
-       num_received_long);
+       (unsigned int) num_sent_long,
+       (unsigned int) num_received_long);
   payload = make_payload (long_message_size);
   num_sent_long++;
-  GNUNET_TRANSPORT_TESTING_transport_communicator_send (my_tc,
-                                                        ((BURST_PACKETS
-                                                          * 0.91 ==
-                                                          num_received_long) ||
-                                                         (BURST_PACKETS ==
-                                                          num_sent_long))
-                                                        ? NULL
-                                                        : &long_test,
-                                                        NULL,
-                                                        payload,
-                                                        long_message_size);
+  GNUNET_TRANSPORT_TESTING_transport_communicator_send (
+    my_tc,
+    ((BURST_PACKETS * 0.91 == num_received_long) ||
+     (BURST_PACKETS == num_sent_long))
+    ? NULL
+    : &long_test,
+    NULL,
+    payload,
+    long_message_size);
   GNUNET_free (payload);
-  timeout = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (
-                                                GNUNET_TIME_UNIT_SECONDS,
-                                                TIMEOUT_MULTIPLIER));
+  timeout = GNUNET_TIME_relative_to_absolute (
+    GNUNET_TIME_relative_multiply (
+      GNUNET_TIME_UNIT_SECONDS,
+      TIMEOUT_MULTIPLIER));
 }
 
+
 static void
 long_test (void *cls)
 {
@@ -366,9 +373,11 @@ long_test (void *cls)
                                 NULL);
 }
 
+
 static void
 short_test (void *cls);
 
+
 static void
 short_test_cb (void *cls)
 {
@@ -376,27 +385,26 @@ short_test_cb (void *cls)
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "short_test_cb %u/%u\n",
-       num_sent_short,
-       num_received_short);
+       (unsigned int) num_sent_short,
+       (unsigned int) num_received_short);
   payload = make_payload (SHORT_MESSAGE_SIZE);
   num_sent_short++;
-  GNUNET_TRANSPORT_TESTING_transport_communicator_send (my_tc,
-                                                        ((BURST_PACKETS
-                                                          * 0.91 ==
-                                                          num_received_short) ||
-                                                         (BURST_PACKETS ==
-                                                          num_sent_short))
-                                                        ? NULL
-                                                        : &short_test,
-                                                        NULL,
-                                                        payload,
-                                                        SHORT_MESSAGE_SIZE);
+  GNUNET_TRANSPORT_TESTING_transport_communicator_send (
+    my_tc,
+    ( (BURST_PACKETS * 0.91 == num_received_short) ||
+      (BURST_PACKETS == num_sent_short) )
+    ? NULL
+    : &short_test,
+    NULL,
+    payload,
+    SHORT_MESSAGE_SIZE);
   GNUNET_free (payload);
   timeout = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (
                                                 GNUNET_TIME_UNIT_SECONDS,
                                                 TIMEOUT_MULTIPLIER));
 }
 
+
 static void
 short_test (void *cls)
 {
@@ -492,10 +500,14 @@ update_avg_latency (const char*payload)
   ts = GNUNET_TIME_absolute_ntoh (*ts_n);
   latency = GNUNET_TIME_absolute_get_duration (ts);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Latency of received packet: %u\n",
-       latency);
+       "Latency of received packet: %s\n",
+       GNUNET_STRINGS_relative_time_to_string (latency,
+                                               GNUNET_YES));
   switch (phase)
   {
+  case TP_INIT:
+    GNUNET_assert (0);
+    break;
   case TP_BURST_SHORT:
     num_received = num_received_short;
     break;
@@ -514,6 +526,35 @@ update_avg_latency (const char*payload)
 
 }
 
+
+static void
+process_statistics_box_done (void *cls, int success)
+{
+  if (NULL != box_stats)
+    box_stats = NULL;
+  if (NULL == rekey_stats)
+  {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "Finished\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+}
+
+
+static void
+process_statistics_rekey_done (void *cls, int success)
+{
+  if (NULL != rekey_stats)
+    rekey_stats = NULL;
+  if (NULL == box_stats)
+  {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "Finished\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+}
+
+
 static int
 process_statistics (void *cls,
                     const char *subsystem,
@@ -521,9 +562,45 @@ process_statistics (void *cls,
                     uint64_t value,
                     int is_persistent)
 {
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Statistic: Name %s and value %lu\n",
+              name,
+              value);
+  if ((0 == strcmp ("rekey", test_name)) && (0 == strcmp (
+                                               "# rekeying successful",
+                                               name)) && (0 == value))
+  {
+    ret = 2;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "No successful rekeying!\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+  if ((0 == strcmp ("backchannel", test_name)) &&
+      (0 == strcmp (
+         "# messages decrypted with BOX",
+         name))
+      && (9000 > value))
+  {
+    ret = 2;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Not enough BOX messages!\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+  if ((0 == strcmp ("rekey", test_name)) &&
+      (0 == strcmp (
+         "# messages decrypted with BOX",
+         name))
+      && (6000 > value))
+  {
+    ret = 2;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Not enough BOX messages!\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
   return GNUNET_OK;
 }
 
+
 /**
  * @brief Handle an incoming message
  *
@@ -534,14 +611,14 @@ process_statistics (void *cls,
  * @param msg Received message
  */
 static void
-incoming_message_cb (void *cls,
-                     struct
-                     GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
-                     *tc_h,
-                     const char*payload,
-                     size_t payload_len)
+incoming_message_cb (
+  void *cls,
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  const char *payload,
+  size_t payload_len)
 {
-  if (0 != strcmp ((char*) cls, cfg_peers_name[NUM_PEERS - 1]))
+  if (0 != strcmp ((char*) cls,
+                   cfg_peers_name[NUM_PEERS - 1]))
   {
     LOG (GNUNET_ERROR_TYPE_WARNING,
          "unexpected receiver...\n");
@@ -566,11 +643,9 @@ incoming_message_cb (void *cls,
       {
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "Short size packet test done.\n");
-        char *goodput = GNUNET_STRINGS_byte_size_fancy ((SHORT_MESSAGE_SIZE
-                                                         * num_received_short
-                                                         * 1000
-                                                         * 1000)
-                                                        / duration.rel_value_us);
+        char *goodput = GNUNET_STRINGS_byte_size_fancy (
+          (SHORT_MESSAGE_SIZE * num_received_short * 1000 * 1000)
+          / duration.rel_value_us);
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "%lu/%lu packets in %llu us (%s/s) -- avg latency: %llu us\n",
              (unsigned long) num_received_short,
@@ -603,12 +678,10 @@ incoming_message_cb (void *cls,
       {
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "Long size packet test done.\n");
-        char *goodput = GNUNET_STRINGS_byte_size_fancy ((long_message_size
-                                                         * num_received_long
-                                                         * 1000
-                                                         * 1000)
-                                                        / duration.
-                                                        rel_value_us);
+        char *goodput = GNUNET_STRINGS_byte_size_fancy (
+          (long_message_size * num_received_long * 1000 * 1000)
+          / duration.
+          rel_value_us);
 
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "%lu/%lu packets in %llu us (%s/s) -- avg latency: %llu us\n",
@@ -660,18 +733,32 @@ incoming_message_cb (void *cls,
           short_test (NULL);
           break;
         }
-        /* if (("rekey" == test_name) || ("backchannel" == test_name)) */
-        /* { */
-        /*   GNUNET_STATISTICS_get (stats[1], */
-        /*                          "C-UDP", */
-        /*                          "# bytes decrypted with Rekey", */
-        /*                          NULL, */
-        /*                          &process_statistics, */
-        /*                          NULL); */
-        /* } */
-        LOG (GNUNET_ERROR_TYPE_DEBUG,
-             "Finished\n");
-        GNUNET_SCHEDULER_shutdown ();
+        if ( (0 == strcmp ("rekey", test_name)) ||
+             (0 == strcmp ("backchannel", test_name)) )
+        {
+          if (NULL != box_stats)
+            GNUNET_STATISTICS_get_cancel (box_stats);
+          box_stats = GNUNET_STATISTICS_get (stats[1],
+                                             "C-UDP",
+                                             "# messages decrypted with BOX",
+                                             process_statistics_box_done,
+                                             &process_statistics,
+                                             NULL);
+          if (NULL != rekey_stats)
+            GNUNET_STATISTICS_get_cancel (rekey_stats);
+          rekey_stats = GNUNET_STATISTICS_get (stats[0],
+                                               "C-UDP",
+                                               "# rekeying successful",
+                                               process_statistics_rekey_done,
+                                               &process_statistics,
+                                               NULL);
+        }
+        else
+        {
+          LOG (GNUNET_ERROR_TYPE_DEBUG,
+               "Finished\n");
+          GNUNET_SCHEDULER_shutdown ();
+        }
       }
       break;
     }
@@ -682,6 +769,19 @@ incoming_message_cb (void *cls,
 static void
 do_shutdown (void *cls)
 {
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "shuting down test.\n");
+
+  if (NULL != box_stats)
+  {
+    GNUNET_STATISTICS_get_cancel (box_stats);
+    box_stats = NULL;
+  }
+  if (NULL != rekey_stats)
+  {
+    GNUNET_STATISTICS_get_cancel (rekey_stats);
+    rekey_stats = NULL;
+  }
   if (NULL != to_task)
   {
     GNUNET_SCHEDULER_cancel (to_task);
@@ -690,6 +790,7 @@ do_shutdown (void *cls)
   for (unsigned int i = 0; i < NUM_PEERS; i++)
   {
     GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop (tc_hs[i]);
+    GNUNET_STATISTICS_destroy (stats[i], GNUNET_NO);
   }
 }
 
@@ -697,7 +798,7 @@ do_shutdown (void *cls)
 /**
  * @brief Main function called by the scheduler
  *
- * @param cls Closure - Handle to configuration
+ * @param cls Closure - Handle to confiation
  */
 static void
 run (void *cls)
@@ -720,11 +821,12 @@ run (void *cls)
       &handle_backchannel_cb,
       cfg_peers_name[i]);   /* cls */
 
-    /* if (("rekey" == test_name) || ("backchannel" == test_name)) */
-    /* { */
-    /*   stats[i] = GNUNET_STATISTICS_create ("C-UDP", */
-    /*                                        cfg_peers[i]); */
-    /* } */
+    if ((0 == strcmp ("rekey", test_name)) || (0 == strcmp ("backchannel",
+                                                            test_name)) )
+    {
+      stats[i] = GNUNET_STATISTICS_create ("C-UDP",
+                                           cfg_peers[i]);
+    }
   }
   GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
                                  NULL);
@@ -816,15 +918,12 @@ main (int argc,
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "test_name: %s\n",
        test_name);
-
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "communicator_name: %s\n",
        communicator_name);
-
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "communicator_binary: %s\n",
        communicator_binary);
-
   GNUNET_SCHEDULER_run (&run,
                         NULL);
   return ret;
diff --git a/src/transport/test_communicator_tcp_basic_peer1.conf b/src/transport/test_communicator_tcp_basic_peer1.conf
index c08737b7b..2411f485b 100644
--- a/src/transport/test_communicator_tcp_basic_peer1.conf
+++ b/src/transport/test_communicator_tcp_basic_peer1.conf
@@ -22,6 +22,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [communicator-unix]
 UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
 
diff --git a/src/transport/test_communicator_tcp_basic_peer2.conf b/src/transport/test_communicator_tcp_basic_peer2.conf
index 45b7e7844..8005718bf 100644
--- a/src/transport/test_communicator_tcp_basic_peer2.conf
+++ b/src/transport/test_communicator_tcp_basic_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [communicator-unix]
 UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
 
diff --git a/src/transport/test_communicator_tcp_rekey_peer1.conf b/src/transport/test_communicator_tcp_rekey_peer1.conf
index 901f415ef..82fbf353a 100644
--- a/src/transport/test_communicator_tcp_rekey_peer1.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
diff --git a/src/transport/test_communicator_tcp_rekey_peer2.conf b/src/transport/test_communicator_tcp_rekey_peer2.conf
index 643b037b2..1036039c4 100644
--- a/src/transport/test_communicator_tcp_rekey_peer2.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
diff --git a/src/transport/test_communicator_udp_backchannel_peer1.conf b/src/transport/test_communicator_udp_backchannel_peer1.conf
index b99a76d6c..59e6d68e3 100644
--- a/src/transport/test_communicator_udp_backchannel_peer1.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
@@ -35,6 +39,7 @@ BINDTO = 60002
 DISABLE_V6 = YES
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60002
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_backchannel_peer2.conf b/src/transport/test_communicator_udp_backchannel_peer2.conf
index 48bd54c8b..3abf7999b 100644
--- a/src/transport/test_communicator_udp_backchannel_peer2.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
@@ -35,6 +39,7 @@ BINDTO = 60003
 DISABLE_V6 = YES
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60003
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_basic_peer1.conf b/src/transport/test_communicator_udp_basic_peer1.conf
index d53a55210..c6ff024ee 100644
--- a/src/transport/test_communicator_udp_basic_peer1.conf
+++ b/src/transport/test_communicator_udp_basic_peer1.conf
@@ -23,11 +23,16 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60002
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_basic_peer2.conf b/src/transport/test_communicator_udp_basic_peer2.conf
index f05ebc5cb..b353b03e9 100644
--- a/src/transport/test_communicator_udp_basic_peer2.conf
+++ b/src/transport/test_communicator_udp_basic_peer2.conf
@@ -24,11 +24,16 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60003
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_rekey_peer1.conf b/src/transport/test_communicator_udp_rekey_peer1.conf
index 8fede6f8c..6bfeafe33 100644
--- a/src/transport/test_communicator_udp_rekey_peer1.conf
+++ b/src/transport/test_communicator_udp_rekey_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
@@ -41,7 +45,7 @@ REKEY_INTERVAL = 100ms
 BINDTO = 60002
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
-REKEY_INTERVAL = 1s
+REKEY_MAX_BYTES=9MiB
 
 [communicator-test]
 BACKCHANNEL_ENABLED = YES
diff --git a/src/transport/test_communicator_udp_rekey_peer2.conf b/src/transport/test_communicator_udp_rekey_peer2.conf
index f545ba07a..474ca0c15 100644
--- a/src/transport/test_communicator_udp_rekey_peer2.conf
+++ b/src/transport/test_communicator_udp_rekey_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
@@ -41,7 +45,7 @@ REKEY_INTERVAL = 100ms
 BINDTO = 60003
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
-REKEY_INTERVAL = 1s
+REKEY_MAX_BYTES=9MiB
 
 [communicator-test]
 BACKCHANNEL_ENABLED = YES
diff --git a/src/transport/test_communicator_unix_basic_peer1.conf b/src/transport/test_communicator_unix_basic_peer1.conf
index 8e9700108..13ba2d16b 100644
--- a/src/transport/test_communicator_unix_basic_peer1.conf
+++ b/src/transport/test_communicator_unix_basic_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
diff --git a/src/transport/test_communicator_unix_basic_peer2.conf b/src/transport/test_communicator_unix_basic_peer2.conf
index c12cc9111..727e844a7 100644
--- a/src/transport/test_communicator_unix_basic_peer2.conf
+++ b/src/transport/test_communicator_unix_basic_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
diff --git a/src/transport/transport-testing-communicator.c b/src/transport/transport-testing-communicator.c
index 6d74b12e8..56240864c 100644
--- a/src/transport/transport-testing-communicator.c
+++ b/src/transport/transport-testing-communicator.c
@@ -766,6 +766,23 @@ shutdown_process (struct GNUNET_OS_Process *proc)
   GNUNET_OS_process_destroy (proc);
 }
 
+/**
+ * @brief Task run at shutdown to kill the statistics process
+ *
+ * @param cls Closure - Process of communicator
+ */
+static void
+shutdown_statistics (void *cls)
+{
+  struct GNUNET_OS_Process *proc = cls;
+  shutdown_process (proc);
+}
+
+/**
+ * @brief Task run at shutdown to kill the peerstore process
+ *
+ * @param cls Closure - Process of communicator
+ */
 static void
 shutdown_peerstore (void *cls)
 {
@@ -773,6 +790,11 @@ shutdown_peerstore (void *cls)
   shutdown_process (proc);
 }
 
+/**
+ * @brief Task run at shutdown to kill a communicator process
+ *
+ * @param cls Closure - Process of communicator
+ */
 static void
 shutdown_communicator (void *cls)
 {
@@ -852,6 +874,10 @@ shutdown_resolver (void *cls)
 }
 
 
+/**
+ * @brief Start Resolver
+ *
+ */
 static void
 resolver_start (struct
                 GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
@@ -881,6 +907,34 @@ resolver_start (struct
 
 }
 
+/**
+ * @brief Start Statistics
+ *
+ */
+static void
+statistics_start (
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
+{
+  char *binary;
+
+  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-statistics");
+  tc_h->stat_proc = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR,
+                                             NULL,
+                                             NULL,
+                                             NULL,
+                                             binary,
+                                             "gnunet-service-statistics",
+                                             "-c",
+                                             tc_h->cfg_filename,
+                                             NULL);
+  if (NULL == tc_h->stat_proc)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start Statistics!");
+    return;
+  }
+  LOG (GNUNET_ERROR_TYPE_INFO, "started Statistics\n");
+  GNUNET_free (binary);
+}
 
 /**
  * @brief Start Peerstore
@@ -1009,6 +1063,8 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_start (
   resolver_start (tc_h);
   /* Start peerstore service */
   peerstore_start (tc_h);
+  /* Start statistic service */
+  statistics_start (tc_h);
   /* Schedule start communicator */
   communicator_start (tc_h,
                       binary_name);
@@ -1025,6 +1081,7 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop (
   shutdown_nat (tc_h->nat_proc);
   shutdown_resolver (tc_h->resolver_proc);
   shutdown_peerstore (tc_h->ps_proc);
+  shutdown_statistics (tc_h->stat_proc);
   GNUNET_CONFIGURATION_destroy (tc_h->cfg);
   GNUNET_free (tc_h);
 }
diff --git a/src/transport/transport-testing-communicator.h b/src/transport/transport-testing-communicator.h
index 693e61515..1875258b4 100644
--- a/src/transport/transport-testing-communicator.h
+++ b/src/transport/transport-testing-communicator.h
@@ -200,6 +200,11 @@ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
   struct GNUNET_OS_Process *resolver_proc;
 
   /**
+   * statistics service process
+   */
+  struct GNUNET_OS_Process *stat_proc;
+
+  /**
    * peerstore service process
    */
   struct GNUNET_OS_Process *ps_proc;
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index d2e4b4d1a..33fe26e34 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -138,7 +138,7 @@ libgnunetutil_la_LIBADD = \
 
 libgnunetutil_la_LDFLAGS = \
   $(GN_LIB_LDFLAGS) \
-  -version-info 13:2:1
+  -version-info 14:0:0
 
 if HAVE_TESTING
   GNUNET_ECC = gnunet-ecc
diff --git a/src/util/configuration.c b/src/util/configuration.c
index e5c01f81f..ecdcb3d53 100644
--- a/src/util/configuration.c
+++ b/src/util/configuration.c
@@ -93,7 +93,7 @@ struct GNUNET_CONFIGURATION_Handle
    * #GNUNET_NO if clean, #GNUNET_YES if dirty,
    * #GNUNET_SYSERR on error (i.e. last save failed)
    */
-  int dirty;
+  enum GNUNET_GenericReturnValue dirty;
 };
 
 
@@ -109,11 +109,6 @@ struct DiffHandle
 };
 
 
-/**
- * Create a GNUNET_CONFIGURATION_Handle.
- *
- * @return fresh configuration object
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_create ()
 {
@@ -199,11 +194,6 @@ GNUNET_CONFIGURATION_create ()
 }
 
 
-/**
- * Destroy configuration object.
- *
- * @param cfg configuration to destroy
- */
 void
 GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg)
 {
@@ -215,24 +205,13 @@ GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg)
 }
 
 
-/**
- * Parse a configuration file @a filename and run the function
- * @a cb with the resulting configuration object. Then free the
- * configuration object and return the status value from @a cb.
- *
- * @param filename configuration to parse, NULL for "default"
- * @param cb function to run
- * @param cb_cls closure for @a cb
- * @return #GNUNET_SYSERR if parsing the configuration failed,
- *   otherwise return value from @a cb.
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse_and_run (const char *filename,
                                     GNUNET_CONFIGURATION_Callback cb,
                                     void *cb_cls)
 {
   struct GNUNET_CONFIGURATION_Handle *cfg;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   cfg = GNUNET_CONFIGURATION_create ();
   if (GNUNET_OK != GNUNET_CONFIGURATION_load (cfg, filename))
@@ -247,18 +226,7 @@ GNUNET_CONFIGURATION_parse_and_run (const char *filename,
 }
 
 
-/**
- * De-serializes configuration
- *
- * @param cfg configuration to update
- * @param mem the memory block of serialized configuration
- * @param size the size of the memory block
- * @param basedir set to path from which we recursively load configuration
- *          from inlined configurations; NULL if not and raise warnings
- *          when we come across them
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
                                   const char *mem,
                                   size_t size,
@@ -273,7 +241,7 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
   size_t to_read;
   size_t i;
   int emptyline;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
   char *section;
   char *eq;
   char *tag;
@@ -411,15 +379,7 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Parse a configuration file, add all of the options in the
- * file to the configuration environment.
- *
- * @param cfg configuration to update
- * @param filename name of the configuration file
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename)
 {
@@ -429,7 +389,7 @@ GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
   char *mem;
   char *endsep;
   int dirty;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
   ssize_t sret;
 
   fn = GNUNET_STRINGS_filename_expand (filename);
@@ -476,28 +436,13 @@ GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Test if there are configuration options that were
- * changed since the last save.
- *
- * @param cfg configuration to inspect
- * @return #GNUNET_NO if clean, #GNUNET_YES if dirty, #GNUNET_SYSERR on error (i.e. last save failed)
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_is_dirty (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   return cfg->dirty;
 }
 
 
-/**
- * Serializes the given configuration.
- *
- * @param cfg configuration to serialize
- * @param size will be set to the size of the serialized memory block
- * @return the memory block where the serialized configuration is
- *           present. This memory should be freed by the caller
- */
 char *
 GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                 size_t *size)
@@ -580,21 +525,13 @@ GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Write configuration file.
- *
- * @param cfg configuration to write
- * @param filename where to write the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename)
 {
   char *fn;
   char *cfg_buf;
   size_t size;
-  ssize_t sret;
 
   fn = GNUNET_STRINGS_filename_expand (filename);
   if (fn == NULL)
@@ -604,15 +541,17 @@ GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
     GNUNET_free (fn);
     return GNUNET_SYSERR;
   }
-  cfg_buf = GNUNET_CONFIGURATION_serialize (cfg, &size);
-  sret = GNUNET_DISK_fn_write (fn,
-                               cfg_buf,
-                               size,
-                               GNUNET_DISK_PERM_USER_READ
-                               | GNUNET_DISK_PERM_USER_WRITE
-                               | GNUNET_DISK_PERM_GROUP_READ
-                               | GNUNET_DISK_PERM_GROUP_WRITE);
-  if ((sret < 0) || (size != (size_t) sret))
+  cfg_buf = GNUNET_CONFIGURATION_serialize (cfg,
+                                            &size);
+  (void) GNUNET_DISK_directory_remove (fn);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (fn,
+                            cfg_buf,
+                            size,
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE
+                            | GNUNET_DISK_PERM_GROUP_READ
+                            | GNUNET_DISK_PERM_GROUP_WRITE))
   {
     GNUNET_free (fn);
     GNUNET_free (cfg_buf);
@@ -629,36 +568,25 @@ GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Iterate over all options in the configuration.
- *
- * @param cfg configuration to inspect
- * @param iter function to call on each option
- * @param iter_cls closure for @a iter
- */
 void
 GNUNET_CONFIGURATION_iterate (const struct GNUNET_CONFIGURATION_Handle *cfg,
                               GNUNET_CONFIGURATION_Iterator iter,
                               void *iter_cls)
 {
-  struct ConfigSection *spos;
-  struct ConfigEntry *epos;
-
-  for (spos = cfg->sections; NULL != spos; spos = spos->next)
-    for (epos = spos->entries; NULL != epos; epos = epos->next)
+  for (struct ConfigSection *spos = cfg->sections;
+       NULL != spos;
+       spos = spos->next)
+    for (struct ConfigEntry *epos = spos->entries;
+         NULL != epos;
+         epos = epos->next)
       if (NULL != epos->val)
-        iter (iter_cls, spos->name, epos->key, epos->val);
+        iter (iter_cls,
+              spos->name,
+              epos->key,
+              epos->val);
 }
 
 
-/**
- * Iterate over values of a section in the configuration.
- *
- * @param cfg configuration to inspect
- * @param section the section
- * @param iter function to call on each option
- * @param iter_cls closure for @a iter
- */
 void
 GNUNET_CONFIGURATION_iterate_section_values (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -680,13 +608,6 @@ GNUNET_CONFIGURATION_iterate_section_values (
 }
 
 
-/**
- * Iterate over all sections in the configuration.
- *
- * @param cfg configuration to inspect
- * @param iter function to call on each section
- * @param iter_cls closure for @a iter
- */
 void
 GNUNET_CONFIGURATION_iterate_sections (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -706,12 +627,6 @@ GNUNET_CONFIGURATION_iterate_sections (
 }
 
 
-/**
- * Remove the given section and all options in it.
- *
- * @param cfg configuration to inspect
- * @param section name of the section to remove
- */
 void
 GNUNET_CONFIGURATION_remove_section (struct GNUNET_CONFIGURATION_Handle *cfg,
                                      const char *section)
@@ -769,12 +684,6 @@ copy_entry (void *cls,
 }
 
 
-/**
- * Duplicate an existing configuration object.
- *
- * @param cfg configuration to duplicate
- * @return duplicate configuration
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_dup (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
@@ -858,13 +767,6 @@ compare_entries (void *cls,
 }
 
 
-/**
- * Compute configuration with only entries that have been changed
- *
- * @param cfg_default original configuration
- * @param cfg_new new configuration
- * @return configuration with only the differences, never NULL
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_get_diff (
   const struct GNUNET_CONFIGURATION_Handle *cfg_default,
@@ -879,15 +781,7 @@ GNUNET_CONFIGURATION_get_diff (
 }
 
 
-/**
- * Write only configuration entries that have been changed to configuration file
- *
- * @param cfg_default default configuration
- * @param cfg_new new configuration
- * @param filename where to write the configuration diff between default and new
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write_diffs (
   const struct GNUNET_CONFIGURATION_Handle *cfg_default,
   const struct GNUNET_CONFIGURATION_Handle *cfg_new,
@@ -903,14 +797,6 @@ GNUNET_CONFIGURATION_write_diffs (
 }
 
 
-/**
- * Set a configuration value that should be a string.
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param value value to set
- */
 void
 GNUNET_CONFIGURATION_set_value_string (struct GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -953,14 +839,6 @@ GNUNET_CONFIGURATION_set_value_string (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Set a configuration value that should be a number.
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param number value to set
- */
 void
 GNUNET_CONFIGURATION_set_value_number (struct GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -974,16 +852,7 @@ GNUNET_CONFIGURATION_set_value_number (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Get a configuration value that should be a number.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param number where to store the numeric value of the option
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_number (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1003,16 +872,7 @@ GNUNET_CONFIGURATION_get_value_number (
 }
 
 
-/**
- * Get a configuration value that should be a floating point number.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param number where to store the floating value of the option
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_float (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1032,16 +892,7 @@ GNUNET_CONFIGURATION_get_value_float (
 }
 
 
-/**
- * Get a configuration value that should be a relative time.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param time set to the time value stored in the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_time (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1065,16 +916,7 @@ GNUNET_CONFIGURATION_get_value_time (
 }
 
 
-/**
- * Get a configuration value that should be a size in bytes.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param size set to the size in bytes as stored in the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_size (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1101,7 +943,7 @@ GNUNET_CONFIGURATION_get_value_size (
  *        value, or NULL if option is not specified
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_string (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1120,19 +962,7 @@ GNUNET_CONFIGURATION_get_value_string (
 }
 
 
-/**
- * Get a configuration value that should be in a set of
- * predefined strings
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param choices NULL-terminated list of legal values
- * @param value will be set to an entry in the legal list,
- *        or NULL if option is not specified and no default given
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_choice (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1163,19 +993,7 @@ GNUNET_CONFIGURATION_get_value_choice (
 }
 
 
-/**
- * Get crockford32-encoded fixed-size binary data from a configuration.
- *
- * @param cfg configuration to access
- * @param section section to access
- * @param option option to access
- * @param buf where to store the decoded binary result
- * @param buf_size exact number of bytes to store in @a buf
- * @return #GNUNET_OK on success
- *         #GNUNET_NO is the value does not exist
- *         #GNUNET_SYSERR on decoding error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                const char *section,
                                const char *option,
@@ -1207,15 +1025,7 @@ GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Test if we have a value for a particular option
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @return #GNUNET_YES if so, #GNUNET_NO if not.
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_have_value (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                  const char *section,
                                  const char *option)
@@ -1390,22 +1200,6 @@ expand_dollar (const struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Expand an expression of the form "$FOO/BAR" to "DIRECTORY/BAR"
- * where either in the "PATHS" section or the environment "FOO" is
- * set to "DIRECTORY".  We also support default expansion,
- * i.e. ${VARIABLE:-default} will expand to $VARIABLE if VARIABLE is
- * set in PATHS or the environment, and otherwise to "default".  Note
- * that "default" itself can also be a $-expression, thus
- * "${VAR1:-{$VAR2}}" will expand to VAR1 and if that is not defined
- * to VAR2.
- *
- * @param cfg configuration to use for path expansion
- * @param orig string to $-expand (will be freed!).  Note that multiple
- *          $-expressions can be present in this string.  They will all be
- *          $-expanded.
- * @return $-expanded string
- */
 char *
 GNUNET_CONFIGURATION_expand_dollar (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -1431,17 +1225,7 @@ GNUNET_CONFIGURATION_expand_dollar (
 }
 
 
-/**
- * Get a configuration value that should be a string.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param value will be set to a freshly allocated configuration
- *        value, or NULL if option is not specified
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_filename (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1466,16 +1250,7 @@ GNUNET_CONFIGURATION_get_value_filename (
 }
 
 
-/**
- * Get a configuration value that should be in a set of
- * "YES" or "NO".
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @return #GNUNET_YES, #GNUNET_NO or #GNUNET_SYSERR
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_yesno (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1495,16 +1270,6 @@ GNUNET_CONFIGURATION_get_value_yesno (
 }
 
 
-/**
- * Iterate over the set of filenames stored in a configuration value.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param cb function to call on each filename
- * @param cb_cls closure for @a cb
- * @return number of filenames iterated over, -1 on error
- */
 int
 GNUNET_CONFIGURATION_iterate_value_filenames (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -1618,7 +1383,7 @@ escape_name (const char *value)
  * @param fn filename we are currently looking at
  * @return #GNUNET_OK if the names do not match, #GNUNET_SYSERR if they do
  */
-static int
+static enum GNUNET_GenericReturnValue
 test_match (void *cls, const char *fn)
 {
   const char *of = cls;
@@ -1627,19 +1392,7 @@ test_match (void *cls, const char *fn)
 }
 
 
-/**
- * Append a filename to a configuration value that
- * represents a list of filenames
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param value filename to append
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if the filename already in the list
- *         #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_append_value_filename (
   struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1674,19 +1427,7 @@ GNUNET_CONFIGURATION_append_value_filename (
 }
 
 
-/**
- * Remove a filename from a configuration value that
- * represents a list of filenames
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param value filename to remove
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if the filename is not in the list,
- *         #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_remove_value_filename (
   struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1771,12 +1512,11 @@ GNUNET_CONFIGURATION_remove_value_filename (
  * @param filename file to parse
  * @return #GNUNET_OK on success
  */
-static int
+static enum GNUNET_GenericReturnValue
 parse_configuration_file (void *cls, const char *filename)
 {
   struct GNUNET_CONFIGURATION_Handle *cfg = cls;
   char *ext;
-  int ret;
 
   /* Examine file extension */
   ext = strrchr (filename, '.');
@@ -1786,20 +1526,11 @@ parse_configuration_file (void *cls, const char *filename)
     return GNUNET_OK;
   }
 
-  ret = GNUNET_CONFIGURATION_parse (cfg, filename);
-  return ret;
+  return GNUNET_CONFIGURATION_parse (cfg, filename);
 }
 
 
-/**
- * Load default configuration.  This function will parse the
- * defaults from the given defaults_d directory.
- *
- * @param cfg configuration to update
- * @param defaults_d directory with the defaults
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_load_from (struct GNUNET_CONFIGURATION_Handle *cfg,
                                 const char *defaults_d)
 {
@@ -1810,43 +1541,31 @@ GNUNET_CONFIGURATION_load_from (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Return GNUnet's default configuration.  A new configuration is allocated
- * each time and it's up to the caller to destroy it when done.  This function
- * returns GNUnet's configuration even when #GNUNET_OS_init has been called
- * with a value different from #GNUNET_OS_project_data_default.
- *
- * @return a freshly allocated configuration
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_default (void)
 {
   const struct GNUNET_OS_ProjectData *pd = GNUNET_OS_project_data_get ();
   const struct GNUNET_OS_ProjectData *dpd = GNUNET_OS_project_data_default ();
-
-  GNUNET_OS_init (dpd);
-
-  struct GNUNET_CONFIGURATION_Handle *cfg = GNUNET_CONFIGURATION_create ();
   const char *xdg = getenv ("XDG_CONFIG_HOME");
   char *cfgname = NULL;
+  struct GNUNET_CONFIGURATION_Handle *cfg;
 
+  GNUNET_OS_init (dpd);
+  cfg = GNUNET_CONFIGURATION_create ();
   if (NULL != xdg)
     GNUNET_asprintf (&cfgname, "%s/%s", xdg, pd->config_file);
   else
     cfgname = GNUNET_strdup (pd->user_config_file);
-
-  if (GNUNET_OK != GNUNET_CONFIGURATION_load (cfg, cfgname))
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_load (cfg, cfgname))
   {
     GNUNET_OS_init (pd);
     GNUNET_CONFIGURATION_destroy (cfg);
     GNUNET_free (cfgname);
     return NULL;
   }
-
   GNUNET_free (cfgname);
-
   GNUNET_OS_init (pd);
-
   return cfg;
 }
 
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 019dbe94e..bc58142c2 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -166,12 +166,6 @@ decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 }
 
 
-/**
- * Extract the public key for the given private key.
- *
- * @param priv the private key
- * @param pub where to write the public key
- */
 void
 GNUNET_CRYPTO_ecdsa_key_get_public (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
@@ -183,12 +177,6 @@ GNUNET_CRYPTO_ecdsa_key_get_public (
 }
 
 
-/**
- * Extract the public key for the given private key.
- *
- * @param priv the private key
- * @param pub where to write the public key
- */
 void
 GNUNET_CRYPTO_eddsa_key_get_public (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
@@ -205,12 +193,6 @@ GNUNET_CRYPTO_eddsa_key_get_public (
 }
 
 
-/**
- * Extract the public key for the given private key.
- *
- * @param priv the private key
- * @param pub where to write the public key
- */
 void
 GNUNET_CRYPTO_ecdhe_key_get_public (
   const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
@@ -222,12 +204,6 @@ GNUNET_CRYPTO_ecdhe_key_get_public (
 }
 
 
-/**
- * Convert a public key to a string.
- *
- * @param pub key to convert
- * @return string representing @a pub
- */
 char *
 GNUNET_CRYPTO_ecdsa_public_key_to_string (
   const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
@@ -255,12 +231,6 @@ GNUNET_CRYPTO_ecdsa_public_key_to_string (
 }
 
 
-/**
- * Convert a public key to a string.
- *
- * @param pub key to convert
- * @return string representing @a pub
- */
 char *
 GNUNET_CRYPTO_eddsa_public_key_to_string (
   const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
@@ -288,12 +258,6 @@ GNUNET_CRYPTO_eddsa_public_key_to_string (
 }
 
 
-/**
- * Convert a private key to a string.
- *
- * @param priv key to convert
- * @return string representing @a pub
- */
 char *
 GNUNET_CRYPTO_eddsa_private_key_to_string (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
@@ -321,12 +285,6 @@ GNUNET_CRYPTO_eddsa_private_key_to_string (
 }
 
 
-/**
- * Convert a private key to a string.
- *
- * @param priv key to convert
- * @return string representing @a priv
- */
 char *
 GNUNET_CRYPTO_ecdsa_private_key_to_string (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
@@ -354,15 +312,7 @@ GNUNET_CRYPTO_ecdsa_private_key_to_string (
 }
 
 
-/**
- * Convert a string representing a public key to a public key.
- *
- * @param enc encoded public key
- * @param enclen number of bytes in @a enc (without 0-terminator)
- * @param pub where to store the public key
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -387,15 +337,7 @@ GNUNET_CRYPTO_ecdsa_public_key_from_string (
 }
 
 
-/**
- * Convert a string representing a public key to a public key.
- *
- * @param enc encoded public key
- * @param enclen number of bytes in @a enc (without 0-terminator)
- * @param pub where to store the public key
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -420,15 +362,7 @@ GNUNET_CRYPTO_eddsa_public_key_from_string (
 }
 
 
-/**
- * Convert a string representing a private key to a private key.
- *
- * @param enc encoded public key
- * @param enclen number of bytes in @a enc (without 0-terminator)
- * @param priv where to store the private key
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_private_key_from_string (
   const char *enc,
   size_t enclen,
@@ -460,12 +394,6 @@ GNUNET_CRYPTO_eddsa_private_key_from_string (
 }
 
 
-/**
- * @ingroup crypto
- * Clear memory that was used to store a private key.
- *
- * @param pk location of the key
- */
 void
 GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 {
@@ -473,12 +401,6 @@ GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 }
 
 
-/**
- * @ingroup crypto
- * Clear memory that was used to store a private key.
- *
- * @param pk location of the key
- */
 void
 GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 {
@@ -486,12 +408,6 @@ GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 }
 
 
-/**
- * @ingroup crypto
- * Clear memory that was used to store a private key.
- *
- * @param pk location of the key
- */
 void
 GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
@@ -499,11 +415,6 @@ GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 }
 
 
-/**
- * Create a new private key.
- *
- * @param[out] pk fresh private key
- */
 void
 GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 {
@@ -515,11 +426,6 @@ GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 }
 
 
-/**
- * Create a new private key.
- *
- * @param[out] pk private key to initialize
- */
 void
 GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 {
@@ -535,11 +441,6 @@ GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 }
 
 
-/**
- * Create a new private key.
- *
- * @param[out] pk set to fresh private key
- */
 void
 GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
@@ -560,11 +461,6 @@ GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 }
 
 
-/**
- * Get the shared private key we use for anonymous users.
- *
- * @return "anonymous" private key
- */
 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
 GNUNET_CRYPTO_ecdsa_key_get_anonymous ()
 {
@@ -629,19 +525,7 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
 }
 
 
-/**
- * Sign a given block.  The @a purpose data is the
- * beginning of the data of which the signature is to be
- * created. The `size` field in @a purpose must correctly
- * indicate the number of bytes of the data structure, including
- * its header.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -691,19 +575,7 @@ GNUNET_CRYPTO_ecdsa_sign_ (
 }
 
 
-/**
- * Sign a given block. The @a purpose data is the
- * beginning of the data of which the signature is to be
- * created. The `size` field in @a purpose must correctly
- * indicate the number of bytes of the data structure, including
- * its header.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_sign_ (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -727,21 +599,7 @@ GNUNET_CRYPTO_eddsa_sign_ (
 }
 
 
-/**
- * Verify signature.   The @a validate data is the
- * beginning of the data of which the signature is to be
- * verified. The `size` field in @a validate must correctly
- * indicate the number of bytes of the data structure, including
- * its header.  If @a purpose does not match the purpose given
- * in @a validate (the latter
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
@@ -800,22 +658,7 @@ GNUNET_CRYPTO_ecdsa_verify_ (
 }
 
 
-/**
- * Verify signature. The @a validate data is the
- * beginning of the data of which the signature is to be
- * verified. The `size` field in @a validate must correctly
- * indicate the number of bytes of the data structure, including
- * its header.  If @a purpose does not match the purpose given
- * in @a validate (the latter must be in big endian), signature
- * verification fails.
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
@@ -838,15 +681,7 @@ GNUNET_CRYPTO_eddsa_verify_ (
 }
 
 
-/**
- * Derive key material from a public and a private ECDHE key.
- *
- * @param priv private key to use for the ECDH (x)
- * @param pub public key to use for the ECDH (yG)
- * @param key_material where to write the key material (xyG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                         const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                         struct GNUNET_HashCode *key_material)
@@ -895,18 +730,6 @@ derive_h (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
 }
 
 
-/**
- * Derive a private key from a given private key and a label.
- * Essentially calculates a private key 'd = H(l,P) * x mod n'
- * where n is the size of the ECC group and P is the public
- * key associated with the private key 'd'.
- *
- * @param priv original private key
- * @param label label to use for key deriviation
- * @param context additional context to use for HKDF of 'h';
- *        typically the name of the subsystem/application
- * @return derived private key
- */
 struct GNUNET_CRYPTO_EcdsaPrivateKey *
 GNUNET_CRYPTO_ecdsa_private_key_derive (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
@@ -949,16 +772,6 @@ GNUNET_CRYPTO_ecdsa_private_key_derive (
 }
 
 
-/**
- * Derive a public key from a given public key and a label.
- * Essentially calculates a public key 'V = H(l,P) * P'.
- *
- * @param pub original public key
- * @param label label to use for key derivation
- * @param context additional context to use for HKDF of 'h';
- *        typically the name of the subsystem/application
- * @param result where to write the derived public key
- */
 void
 GNUNET_CRYPTO_ecdsa_public_key_derive (
   const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
@@ -1010,17 +823,7 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a ECDH public key and a private EdDSA key.
- * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
- *
- * @param priv private key from EdDSA to use for the ECDH (x)
- * @param pub public key to use for the ECDH (yG)
- * @param key_material where to write the key material H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material)
@@ -1042,17 +845,7 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a ECDH public key and a private ECDSA key.
- * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
- *
- * @param priv private key from ECDSA to use for the ECDH (x)
- * @param pub public key to use for the ECDH (yG)
- * @param key_material where to write the key material H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material)
@@ -1070,17 +863,7 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a EdDSA public key and a private ECDH key.
- * Dual to #GNUNET_CRRYPTO_eddsa_ecdh.
- *
- * @param priv private key to use for the ECDH (y)
- * @param pub public key from EdDSA to use for the ECDH (X=h(x)G)
- * @param key_material where to write the key material H(yX)=H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material)
@@ -1097,17 +880,7 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a ECDSA public key and a private ECDH key.
- * Dual to #GNUNET_CRYPTO_ecdsa_ecdh.
- *
- * @param priv private key to use for the ECDH (y)
- * @param pub public key from ECDSA to use for the ECDH (X=h(x)G)
- * @param key_material where to write the key material H(yX)=H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material)
diff --git a/src/util/crypto_ecc_setup.c b/src/util/crypto_ecc_setup.c
index 6c71030b2..f7cd8c6d9 100644
--- a/src/util/crypto_ecc_setup.c
+++ b/src/util/crypto_ecc_setup.c
@@ -61,7 +61,7 @@
  * @param buf_size number of bytes in @a buf
  * @return #GNUNET_OK on success
  */
-static int
+static enum GNUNET_GenericReturnValue
 read_from_file (const char *filename,
                 void *buf,
                 size_t buf_size)
@@ -123,104 +123,6 @@ read_from_file (const char *filename,
 
 
 /**
- * Write contents of @a buf atomically to @a filename.
- * Fail if @a filename already exists or if not exactly
- * @a buf with @a buf_size bytes could be written to
- * @a filename.
- *
- * @param filename where to write
- * @param buf buffer to write
- * @param buf_size number of bytes in @a buf to write
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if a file existed under @a filename
- *         #GNUNET_SYSERR on failure
- */
-static int
-atomic_write_to_file (const char *filename,
-                      const void *buf,
-                      size_t buf_size)
-{
-  char *tmpl;
-  int fd;
-
-  if (GNUNET_OK !=
-      GNUNET_DISK_directory_create_for_file (filename))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "mkstemp",
-                              filename);
-    return GNUNET_SYSERR;
-  }
-  {
-    char *dname;
-
-    dname = GNUNET_strdup (filename);
-    GNUNET_asprintf (&tmpl,
-                     "%s/XXXXXX",
-                     dirname (dname));
-    GNUNET_free (dname);
-  }
-  fd = mkstemp (tmpl);
-  if (-1 == fd)
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "mkstemp",
-                              tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_SYSERR;
-  }
-  if (0 != fchmod (fd,
-                   S_IRUSR))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "chmod",
-                              tmpl);
-    GNUNET_assert (0 == close (fd));
-    if (0 != unlink (tmpl))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                                "unlink",
-                                tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_SYSERR;
-  }
-  if (buf_size !=
-      write (fd,
-             buf,
-             buf_size))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "write",
-                              tmpl);
-    GNUNET_assert (0 == close (fd));
-    if (0 != unlink (tmpl))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                                "unlink",
-                                tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_SYSERR;
-  }
-  GNUNET_assert (0 == close (fd));
-
-  if (0 != link (tmpl,
-                 filename))
-  {
-    if (0 != unlink (tmpl))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                                "unlink",
-                                tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_NO;
-  }
-  if (0 != unlink (tmpl))
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                              "unlink",
-                              tmpl);
-  GNUNET_free (tmpl);
-  return GNUNET_OK;
-}
-
-
-/**
  * @ingroup crypto
  * @brief Create a new private key by reading it from a file.
  *
@@ -235,12 +137,12 @@ atomic_write_to_file (const char *filename,
  * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
  *         we found an existing file, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
                                    int do_create,
                                    struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 {
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   if (GNUNET_OK ==
       read_from_file (filename,
@@ -251,9 +153,10 @@ GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
     return (do_create) ? GNUNET_NO : GNUNET_OK;
   }
   GNUNET_CRYPTO_eddsa_key_create (pkey);
-  ret = atomic_write_to_file (filename,
+  ret = GNUNET_DISK_fn_write (filename,
                               pkey,
-                              sizeof (*pkey));
+                              sizeof (*pkey),
+                              GNUNET_DISK_PERM_USER_READ);
   if ( (GNUNET_OK == ret) ||
        (GNUNET_SYSERR == ret) )
     return ret;
@@ -286,7 +189,7 @@ GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
  * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
  *         we found an existing file, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
                                    int do_create,
                                    struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
@@ -301,9 +204,10 @@ GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
   }
   GNUNET_CRYPTO_ecdsa_key_create (pkey);
   if (GNUNET_OK ==
-      atomic_write_to_file (filename,
+      GNUNET_DISK_fn_write (filename,
                             pkey,
-                            sizeof (*pkey)))
+                            sizeof (*pkey),
+                            GNUNET_DISK_PERM_USER_READ))
     return GNUNET_OK;
   /* maybe another process succeeded in the meantime, try reading one more time */
   if (GNUNET_OK ==
@@ -357,7 +261,7 @@ GNUNET_CRYPTO_eddsa_key_create_from_configuration (
  * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
  *         could not be retrieved
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                  struct GNUNET_PeerIdentity *dst)
 {
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index fec4d13db..63232cab6 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -139,12 +139,6 @@ key_from_sexp (gcry_mpi_t *array,
 }
 
 
-/**
- * Create a new private key. Caller must free return value.
- *
- * @param len length of the key in bits (i.e. 2048)
- * @return fresh private key
- */
 struct GNUNET_CRYPTO_RsaPrivateKey *
 GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 {
@@ -174,11 +168,6 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 }
 
 
-/**
- * Free memory occupied by the private key.
- *
- * @param key pointer to the memory to free
- */
 void
 GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 {
@@ -187,14 +176,6 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 }
 
 
-/**
- * Encode the private key in a format suitable for
- * storing it into a file.
- *
- * @param key the private key
- * @param[out] buffer set to a buffer with the encoded key
- * @return size of memory allocated in @a buffer
- */
 size_t
 GNUNET_CRYPTO_rsa_private_key_encode (const struct
                                       GNUNET_CRYPTO_RsaPrivateKey *key,
@@ -218,14 +199,6 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct
 }
 
 
-/**
- * Decode the private key from the data-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the private key data is stored
- * @param buf_size the size of the data in @a buf
- * @return NULL on error
- */
 struct GNUNET_CRYPTO_RsaPrivateKey *
 GNUNET_CRYPTO_rsa_private_key_decode (const void *buf,
                                       size_t buf_size)
@@ -255,12 +228,6 @@ GNUNET_CRYPTO_rsa_private_key_decode (const void *buf,
 }
 
 
-/**
- * Extract the public key of the given private key.
- *
- * @param priv the private key
- * @return NULL on error, otherwise the public key
- */
 struct GNUNET_CRYPTO_RsaPublicKey *
 GNUNET_CRYPTO_rsa_private_key_get_public (
   const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
@@ -296,11 +263,6 @@ GNUNET_CRYPTO_rsa_private_key_get_public (
 }
 
 
-/**
- * Free memory occupied by the public key.
- *
- * @param key pointer to the memory to free
- */
 void
 GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 {
@@ -334,14 +296,6 @@ struct GNUNET_CRYPTO_RsaPublicKeyHeaderP
 GNUNET_NETWORK_STRUCT_END
 
 
-/**
- * Encode the public key in a format suitable for
- * storing it into a file.
- *
- * @param key the private key
- * @param[out] buffer set to a buffer with the encoded key
- * @return size of memory allocated in @a buffer
- */
 size_t
 GNUNET_CRYPTO_rsa_public_key_encode (
   const struct GNUNET_CRYPTO_RsaPublicKey *key,
@@ -409,12 +363,6 @@ GNUNET_CRYPTO_rsa_public_key_encode (
 }
 
 
-/**
- * Compute hash over the public key.
- *
- * @param key public key to hash
- * @param hc where to store the hash code
- */
 void
 GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
                                    struct GNUNET_HashCode *hc)
@@ -431,14 +379,6 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
 }
 
 
-/**
- * Decode the public key from the data-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the public key data is stored
- * @param len the length of the data in @a buf
- * @return NULL on error
- */
 struct GNUNET_CRYPTO_RsaPublicKey *
 GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
                                      size_t len)
@@ -612,13 +552,6 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
  */
 
 
-/**
- * Compare the values of two signatures.
- *
- * @param s1 one signature
- * @param s2 the other signature
- * @return 0 if the two are equal
- */
 int
 GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1,
                                  const struct GNUNET_CRYPTO_RsaSignature *s2)
@@ -645,13 +578,6 @@ GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1,
 }
 
 
-/**
- * Compare the values of two public keys.
- *
- * @param p1 one public key
- * @param p2 the other public key
- * @return 0 if the two are equal
- */
 int
 GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1,
                                   const struct GNUNET_CRYPTO_RsaPublicKey *p2)
@@ -678,13 +604,6 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1,
 }
 
 
-/**
- * Compare the values of two private keys.
- *
- * @param p1 one private key
- * @param p2 the other private key
- * @return 0 if the two are equal
- */
 int
 GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1,
                                    const struct GNUNET_CRYPTO_RsaPrivateKey *p2)
@@ -711,12 +630,6 @@ GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1,
 }
 
 
-/**
- * Obtain the length of the RSA key in bits.
- *
- * @param key the public key to introspect
- * @return length of the key in bits
- */
 unsigned int
 GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 {
@@ -827,17 +740,7 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
 }
 
 
-/**
- * Blinds the given message with the given blinding key
- *
- * @param hash hash of the message to sign
- * @param bkey the blinding key
- * @param pkey the public key of the signer
- * @param[out] buf set to a buffer with the blinded message to be signed
- * @param[out] buf_size number of bytes stored in @a buf
- * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
                          const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
                          struct GNUNET_CRYPTO_RsaPublicKey *pkey,
@@ -863,7 +766,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
     GNUNET_break (0);
     *buf = NULL;
     *buf_size = 0;
-    return 0;
+    return GNUNET_NO;
   }
 
   data = rsa_full_domain_hash (pkey, hash);
@@ -993,14 +896,6 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 }
 
 
-/**
- * Sign a blinded value, which must be a full domain hash of a message.
- *
- * @param key private key to use for the signing
- * @param msg the message to sign
- * @param msg_len number of bytes in @a msg to sign
- * @return NULL on error, signature on success
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
                                 const void *msg,
@@ -1025,13 +920,6 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 }
 
 
-/**
- * Create and sign a full domain hash of a message.
- *
- * @param key private key to use for the signing
- * @param hash the hash of the message to sign
- * @return NULL on error, including a malicious RSA key, signature on success
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
                             const struct GNUNET_HashCode *hash)
@@ -1052,11 +940,6 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 }
 
 
-/**
- * Free memory occupied by signature.
- *
- * @param sig memory to free
- */
 void
 GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 {
@@ -1065,13 +948,6 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 }
 
 
-/**
- * Encode the given signature in a format suitable for storing it into a file.
- *
- * @param sig the signature
- * @param[out] buffer set to a buffer with the encoded key
- * @return size of memory allocated in @a buffer
- */
 size_t
 GNUNET_CRYPTO_rsa_signature_encode (
   const struct GNUNET_CRYPTO_RsaSignature *sig,
@@ -1112,14 +988,6 @@ GNUNET_CRYPTO_rsa_signature_encode (
 }
 
 
-/**
- * Decode the signature from the data-format back to the "normal", internal
- * format.
- *
- * @param buf the buffer where the public key data is stored
- * @param buf_size the size of the data in @a buf
- * @return NULL on error
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
                                     size_t buf_size)
@@ -1156,12 +1024,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
 }
 
 
-/**
- * Duplicate the given public key
- *
- * @param key the public key to duplicate
- * @return the duplicate key; NULL upon error
- */
 struct GNUNET_CRYPTO_RsaPublicKey *
 GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 {
@@ -1181,16 +1043,6 @@ GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 }
 
 
-/**
- * Unblind a blind-signed signature.  The signature should have been generated
- * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
- * #GNUNET_CRYPTO_rsa_blind().
- *
- * @param sig the signature made on the blinded signature purpose
- * @param bks the blinding key secret used to blind the signature purpose
- * @param pkey the public key of the signer
- * @return unblinded signature on success, NULL if RSA key is bad or malicious.
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
                            const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
@@ -1272,16 +1124,7 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
 }
 
 
-/**
- * Verify whether the given hash corresponds to the given signature and
- * the signature is valid with respect to the given public key.
- *
- * @param hash hash of the message to verify to match the @a sig
- * @param sig signature that is being validated
- * @param pkey public key of the signer
- * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
                           const struct GNUNET_CRYPTO_RsaSignature *sig,
                           const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
@@ -1319,23 +1162,17 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
          __FILE__,
          __LINE__,
          gcry_strerror (rc));
-    return GNUNET_SYSERR;
     BENCHMARK_END (rsa_verify);
+    return GNUNET_SYSERR;
   }
   BENCHMARK_END (rsa_verify);
   return GNUNET_OK;
 }
 
 
-/**
- * Duplicate the given private key
- *
- * @param key the private key to duplicate
- * @return the duplicate key; NULL upon error
- */
 struct GNUNET_CRYPTO_RsaPrivateKey *
-GNUNET_CRYPTO_rsa_private_key_dup (const struct
-                                   GNUNET_CRYPTO_RsaPrivateKey *key)
+GNUNET_CRYPTO_rsa_private_key_dup (
+  const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 {
   struct GNUNET_CRYPTO_RsaPrivateKey *dup;
   gcry_sexp_t dup_sexp;
@@ -1353,12 +1190,6 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct
 }
 
 
-/**
- * Duplicate the given private key
- *
- * @param key the private key to duplicate
- * @return the duplicate key; NULL upon error
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 {
diff --git a/src/util/disk.c b/src/util/disk.c
index c95e9753c..3bafe311d 100644
--- a/src/util/disk.c
+++ b/src/util/disk.c
@@ -92,7 +92,7 @@ struct GetFileSizeData
   int include_sym_links;
 
   /**
-   * GNUNET_YES if mode is file-only (return total == -1 for directories).
+   * #GNUNET_YES if mode is file-only (return total == -1 for directories).
    */
   int single_file_mode;
 };
@@ -142,8 +142,8 @@ translate_unix_perms (enum GNUNET_DISK_AccessPermissions perm)
  * @param fn current filename we are looking at
  * @return #GNUNET_SYSERR on serious errors, otherwise #GNUNET_OK
  */
-static int
-getSizeRec (void *cls, const char *fn)
+static enum GNUNET_GenericReturnValue
+get_size_rec (void *cls, const char *fn)
 {
   struct GetFileSizeData *gfsd = cls;
 
@@ -175,35 +175,23 @@ getSizeRec (void *cls, const char *fn)
   if ((S_ISDIR (buf.st_mode)) && (0 == access (fn, X_OK)) &&
       ((! S_ISLNK (buf.st_mode)) || (gfsd->include_sym_links == GNUNET_YES)))
   {
-    if (GNUNET_SYSERR == GNUNET_DISK_directory_scan (fn, &getSizeRec, gfsd))
+    if (GNUNET_SYSERR == GNUNET_DISK_directory_scan (fn, &get_size_rec, gfsd))
       return GNUNET_SYSERR;
   }
   return GNUNET_OK;
 }
 
 
-/**
- * Checks whether a handle is invalid
- *
- * @param h handle to check
- * @return #GNUNET_YES if invalid, #GNUNET_NO if valid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h)
 {
   return ((! h) || (h->fd == -1)) ? GNUNET_YES : GNUNET_NO;
 }
 
 
-/**
- * Get the size of an open file.
- *
- * @param fh open file handle
- * @param size where to write size of the file
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh, off_t *size)
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh,
+                              off_t *size)
 {
   struct stat sbuf;
 
@@ -214,80 +202,42 @@ GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh, off_t *size)
 }
 
 
-/**
- * Move the read/write pointer in a file
- *
- * @param h handle of an open file
- * @param offset position to move to
- * @param whence specification to which position the offset parameter relates to
- * @return the new position on success, #GNUNET_SYSERR otherwise
- */
 off_t
 GNUNET_DISK_file_seek (const struct GNUNET_DISK_FileHandle *h,
                        off_t offset,
                        enum GNUNET_DISK_Seek whence)
 {
+  static int t[] = { SEEK_SET, SEEK_CUR, SEEK_END };
+
   if (h == NULL)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
-  static int t[] = { SEEK_SET, SEEK_CUR, SEEK_END };
-
   return lseek (h->fd, offset, t[whence]);
 }
 
 
-/**
- * Get the size of the file (or directory) of the given file (in
- * bytes).
- *
- * @param filename name of the file or directory
- * @param size set to the size of the file (or,
- *             in the case of directories, the sum
- *             of all sizes of files in the directory)
- * @param include_symbolic_links should symbolic links be
- *        included?
- * @param single_file_mode #GNUNET_YES to only get size of one file
- *        and return #GNUNET_SYSERR for directories.
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_size (const char *filename,
                        uint64_t *size,
                        int include_symbolic_links,
                        int single_file_mode)
 {
   struct GetFileSizeData gfsd;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   GNUNET_assert (size != NULL);
   gfsd.total = 0;
   gfsd.include_sym_links = include_symbolic_links;
   gfsd.single_file_mode = single_file_mode;
-  ret = getSizeRec (&gfsd, filename);
+  ret = get_size_rec (&gfsd, filename);
   *size = gfsd.total;
   return ret;
 }
 
 
-/**
- * Obtain some unique identifiers for the given file
- * that can be used to identify it in the local system.
- * This function is used between GNUnet processes to
- * quickly check if two files with the same absolute path
- * are actually identical.  The two processes represent
- * the same peer but may communicate over the network
- * (and the file may be on an NFS volume).  This function
- * may not be supported on all operating systems.
- *
- * @param filename name of the file
- * @param dev set to the device ID
- * @param ino set to the inode ID
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_get_identifiers (const char *filename,
                                   uint64_t *dev,
                                   uint64_t *ino)
@@ -367,14 +317,6 @@ mktemp_name (const char *t)
 }
 
 
-/**
- * Update POSIX permissions mask of a file on disk.  If both argumets
- * are #GNUNET_NO, the file is made world-read-write-executable (777).
- *
- * @param fn name of the file to update
- * @param require_uid_match #GNUNET_YES means 700
- * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match is set
- */
 void
 GNUNET_DISK_fix_permissions (const char *fn,
                              int require_uid_match,
@@ -394,17 +336,6 @@ GNUNET_DISK_fix_permissions (const char *fn,
 }
 
 
-/**
- * Create an (empty) temporary directory on disk.  If the given name is not
- * an absolute path, the current 'TMPDIR' will be prepended.  In any case,
- * 6 random characters will be appended to the name to create a unique
- * filename.
- *
- * @param t component to use for the name;
- *        does NOT contain "XXXXXX" or "/tmp/".
- * @return NULL on error, otherwise name of fresh
- *         file on disk in directory for temporary files
- */
 char *
 GNUNET_DISK_mkdtemp (const char *t)
 {
@@ -425,13 +356,6 @@ GNUNET_DISK_mkdtemp (const char *t)
 }
 
 
-/**
- * Move a file out of the way (create a backup) by
- * renaming it to "orig.NUM~" where NUM is the smallest
- * number that is not used yet.
- *
- * @param fil name of the file to back up
- */
 void
 GNUNET_DISK_file_backup (const char *fil)
 {
@@ -453,17 +377,6 @@ GNUNET_DISK_file_backup (const char *fil)
 }
 
 
-/**
- * Create an (empty) temporary file on disk.  If the given name is not
- * an absolute path, the current 'TMPDIR' will be prepended.  In any case,
- * 6 random characters will be appended to the name to create a unique
- * filename.
- *
- * @param t component to use for the name;
- *        does NOT contain "XXXXXX" or "/tmp/".
- * @return NULL on error, otherwise name of fresh
- *         file on disk in directory for temporary files
- */
 char *
 GNUNET_DISK_mktemp (const char *t)
 {
@@ -487,19 +400,7 @@ GNUNET_DISK_mktemp (const char *t)
 }
 
 
-/**
- * Test if @a fil is a directory and listable. Optionally, also check if the
- * directory is readable.  Will not print an error message if the directory does
- * not exist.  Will log errors if #GNUNET_SYSERR is returned (i.e., a file exists
- * with the same name).
- *
- * @param fil filename to test
- * @param is_readable #GNUNET_YES to additionally check if @a fil is readable;
- *          #GNUNET_NO to disable this check
- * @return #GNUNET_YES if yes, #GNUNET_NO if not; #GNUNET_SYSERR if it
- *           does not exist or stat'ed
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_test (const char *fil, int is_readable)
 {
   struct stat filestat;
@@ -532,15 +433,7 @@ GNUNET_DISK_directory_test (const char *fil, int is_readable)
 }
 
 
-/**
- * Check that fil corresponds to a filename
- * (of a file that exists and that is not a directory).
- *
- * @param fil filename to check
- * @return #GNUNET_YES if yes, #GNUNET_NO if not a file, #GNUNET_SYSERR if something
- * else (will print an error message in that case, too).
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_test (const char *fil)
 {
   struct stat filestat;
@@ -552,7 +445,7 @@ GNUNET_DISK_file_test (const char *fil)
     return GNUNET_SYSERR;
 
   ret = stat (rdir, &filestat);
-  if (ret != 0)
+  if (0 != ret)
   {
     if (errno != ENOENT)
     {
@@ -579,13 +472,7 @@ GNUNET_DISK_file_test (const char *fil)
 }
 
 
-/**
- * Implementation of "mkdir -p"
- *
- * @param dir the directory to create
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create (const char *dir)
 {
   char *rdir;
@@ -671,22 +558,13 @@ GNUNET_DISK_directory_create (const char *dir)
 }
 
 
-/**
- * Create the directory structure for storing a file.
- *
- * @param filename name of a file in the directory
- * @returns #GNUNET_OK on success,
- *          #GNUNET_SYSERR on failure,
- *          #GNUNET_NO if the directory
- *          exists but is not writeable for us
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create_for_file (const char *filename)
 {
   char *rdir;
   size_t len;
-  int ret;
   int eno;
+  enum GNUNET_GenericReturnValue res;
 
   rdir = GNUNET_STRINGS_filename_expand (filename);
   if (NULL == rdir)
@@ -699,7 +577,6 @@ GNUNET_DISK_directory_create_for_file (const char *filename)
     GNUNET_free (rdir);
     return GNUNET_OK;
   }
-
   len = strlen (rdir);
   while ((len > 0) && (rdir[len] != DIR_SEPARATOR))
     len--;
@@ -710,24 +587,17 @@ GNUNET_DISK_directory_create_for_file (const char *filename)
     GNUNET_free (rdir);
     rdir = GNUNET_strdup ("/");
   }
-  ret = GNUNET_DISK_directory_create (rdir);
-  if ((GNUNET_OK == ret) && (0 != access (rdir, W_OK)))
-    ret = GNUNET_NO;
+  res = GNUNET_DISK_directory_create (rdir);
+  if ( (GNUNET_OK == res) &&
+       (0 != access (rdir, W_OK)) )
+    res = GNUNET_NO;
   eno = errno;
   GNUNET_free (rdir);
   errno = eno;
-  return ret;
+  return res;
 }
 
 
-/**
- * Read the contents of a binary file into a buffer.
- *
- * @param h handle to an open file
- * @param result the buffer to write the result to
- * @param len the maximum number of bytes to read
- * @return the number of bytes read on success, #GNUNET_SYSERR on failure
- */
 ssize_t
 GNUNET_DISK_file_read (const struct GNUNET_DISK_FileHandle *h,
                        void *result,
@@ -738,35 +608,23 @@ GNUNET_DISK_file_read (const struct GNUNET_DISK_FileHandle *h,
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
   return read (h->fd, result, len);
 }
 
 
-/**
- * Read the contents of a binary file into a buffer.
- * Guarantees not to block (returns GNUNET_SYSERR and sets errno to EAGAIN
- * when no data can be read).
- *
- * @param h handle to an open file
- * @param result the buffer to write the result to
- * @param len the maximum number of bytes to read
- * @return the number of bytes read on success, #GNUNET_SYSERR on failure
- */
 ssize_t
 GNUNET_DISK_file_read_non_blocking (const struct GNUNET_DISK_FileHandle *h,
                                     void *result,
                                     size_t len)
 {
+  int flags;
+  ssize_t ret;
+
   if (NULL == h)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
-  int flags;
-  ssize_t ret;
-
   /* set to non-blocking, read, then set back */
   flags = fcntl (h->fd, F_GETFL);
   if (0 == (flags & O_NONBLOCK))
@@ -782,22 +640,18 @@ GNUNET_DISK_file_read_non_blocking (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Read the contents of a binary file into a buffer.
- *
- * @param fn file name
- * @param result the buffer to write the result to
- * @param len the maximum number of bytes to read
- * @return number of bytes read, #GNUNET_SYSERR on failure
- */
 ssize_t
-GNUNET_DISK_fn_read (const char *fn, void *result, size_t len)
+GNUNET_DISK_fn_read (const char *fn,
+                     void *result,
+                     size_t len)
 {
   struct GNUNET_DISK_FileHandle *fh;
   ssize_t ret;
   int eno;
 
-  fh = GNUNET_DISK_file_open (fn, GNUNET_DISK_OPEN_READ, GNUNET_DISK_PERM_NONE);
+  fh = GNUNET_DISK_file_open (fn,
+                              GNUNET_DISK_OPEN_READ,
+                              GNUNET_DISK_PERM_NONE);
   if (NULL == fh)
     return GNUNET_SYSERR;
   ret = GNUNET_DISK_file_read (fh, result, len);
@@ -808,14 +662,6 @@ GNUNET_DISK_fn_read (const char *fn, void *result, size_t len)
 }
 
 
-/**
- * Write a buffer to a file.
- *
- * @param h handle to open file
- * @param buffer the data to write
- * @param n number of bytes to write
- * @return number of bytes written on success, #GNUNET_SYSERR on error
- */
 ssize_t
 GNUNET_DISK_file_write (const struct GNUNET_DISK_FileHandle *h,
                         const void *buffer,
@@ -831,29 +677,19 @@ GNUNET_DISK_file_write (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Write a buffer to a file, blocking, if necessary.
- *
- * @param h handle to open file
- * @param buffer the data to write
- * @param n number of bytes to write
- * @return number of bytes written on success, #GNUNET_SYSERR on error
- */
 ssize_t
 GNUNET_DISK_file_write_blocking (const struct GNUNET_DISK_FileHandle *h,
                                  const void *buffer,
                                  size_t n)
 {
+  int flags;
+  ssize_t ret;
+
   if (NULL == h)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
-
-  int flags;
-  ssize_t ret;
-
   /* set to blocking, write, then set back */
   flags = fcntl (h->fd, F_GETFL);
   if (0 != (flags & O_NONBLOCK))
@@ -865,48 +701,95 @@ GNUNET_DISK_file_write_blocking (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Write a buffer to a file.  If the file is longer than the
- * number of bytes that will be written, it will be truncated.
- *
- * @param fn file name
- * @param buffer the data to write
- * @param n number of bytes to write
- * @param mode file permissions
- * @return number of bytes written on success, #GNUNET_SYSERR on error
- */
-ssize_t
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_fn_write (const char *fn,
-                      const void *buffer,
-                      size_t n,
+                      const void *buf,
+                      size_t buf_size,
                       enum GNUNET_DISK_AccessPermissions mode)
 {
-  struct GNUNET_DISK_FileHandle *fh;
-  ssize_t ret;
+  char *tmpl;
+  int fd;
 
-  fh =
-    GNUNET_DISK_file_open (fn,
-                           GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_TRUNCATE
-                           | GNUNET_DISK_OPEN_CREATE,
-                           mode);
-  if (! fh)
+  if (GNUNET_OK !=
+      GNUNET_DISK_directory_create_for_file (fn))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "mkstemp",
+                              fn);
     return GNUNET_SYSERR;
-  ret = GNUNET_DISK_file_write (fh, buffer, n);
-  GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fh));
-  return ret;
+  }
+  {
+    char *dname;
+
+    dname = GNUNET_strdup (fn);
+    GNUNET_asprintf (&tmpl,
+                     "%s/XXXXXX",
+                     dirname (dname));
+    GNUNET_free (dname);
+  }
+  fd = mkstemp (tmpl);
+  if (-1 == fd)
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "mkstemp",
+                              tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_SYSERR;
+  }
+
+  if (0 != fchmod (fd,
+                   translate_unix_perms (mode)))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "chmod",
+                              tmpl);
+    GNUNET_assert (0 == close (fd));
+    if (0 != unlink (tmpl))
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "unlink",
+                                tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_SYSERR;
+  }
+  if (buf_size !=
+      write (fd,
+             buf,
+             buf_size))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "write",
+                              tmpl);
+    GNUNET_assert (0 == close (fd));
+    if (0 != unlink (tmpl))
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "unlink",
+                                tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_assert (0 == close (fd));
+
+  if (0 != link (tmpl,
+                 fn))
+  {
+    if (0 != unlink (tmpl))
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "unlink",
+                                tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_NO;
+  }
+  if (0 != unlink (tmpl))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                              "unlink",
+                              tmpl);
+  GNUNET_free (tmpl);
+  return GNUNET_OK;
+
+
 }
 
 
-/**
- * Scan a directory for files.
- *
- * @param dir_name the name of the directory
- * @param callback the method to call for each file,
- *        can be NULL, in that case, we only count
- * @param callback_cls closure for @a callback
- * @return the number of files found, #GNUNET_SYSERR on error or
- *         ieration aborted by callback returning #GNUNET_SYSERR
- */
 int
 GNUNET_DISK_directory_scan (const char *dir_name,
                             GNUNET_FileNameCallback callback,
@@ -916,7 +799,7 @@ GNUNET_DISK_directory_scan (const char *dir_name,
   struct dirent *finfo;
   struct stat istat;
   int count = 0;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
   char *name;
   char *dname;
   unsigned int name_len;
@@ -1008,8 +891,9 @@ GNUNET_DISK_directory_scan (const char *dir_name,
  * @param fn directory to remove
  * @return #GNUNET_OK
  */
-static int
-remove_helper (void *unused, const char *fn)
+static enum GNUNET_GenericReturnValue
+remove_helper (void *unused,
+               const char *fn)
 {
   (void) unused;
   (void) GNUNET_DISK_directory_remove (fn);
@@ -1017,14 +901,7 @@ remove_helper (void *unused, const char *fn)
 }
 
 
-/**
- * Remove all files in a directory (rm -r). Call with
- * caution.
- *
- * @param filename the file to remove
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_remove (const char *filename)
 {
   struct stat istat;
@@ -1036,14 +913,17 @@ GNUNET_DISK_directory_remove (const char *filename)
   }
   if (0 != lstat (filename, &istat))
     return GNUNET_NO; /* file may not exist... */
-  (void) chmod (filename, S_IWUSR | S_IRUSR | S_IXUSR);
+  (void) chmod (filename,
+                S_IWUSR | S_IRUSR | S_IXUSR);
   if (0 == unlink (filename))
     return GNUNET_OK;
-  if ((errno != EISDIR) &&
-      /* EISDIR is not sufficient in all cases, e.g.
-      * sticky /tmp directory may result in EPERM on BSD.
-      * So we also explicitly check "isDirectory" */
-      (GNUNET_YES != GNUNET_DISK_directory_test (filename, GNUNET_YES)))
+  if ( (errno != EISDIR) &&
+       /* EISDIR is not sufficient in all cases, e.g.
+        * sticky /tmp directory may result in EPERM on BSD.
+        * So we also explicitly check "isDirectory" */
+       (GNUNET_YES !=
+        GNUNET_DISK_directory_test (filename,
+                                    GNUNET_YES)) )
   {
     LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "rmdir", filename);
     return GNUNET_SYSERR;
@@ -1060,15 +940,9 @@ GNUNET_DISK_directory_remove (const char *filename)
 }
 
 
-/**
- * Copy a file.
- *
- * @param src file to copy
- * @param dst destination file name
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-GNUNET_DISK_file_copy (const char *src, const char *dst)
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_file_copy (const char *src,
+                       const char *dst)
 {
   char *buf;
   uint64_t pos;
@@ -1131,10 +1005,6 @@ FAIL:
 }
 
 
-/**
- * @brief Removes special characters as ':' from a filename.
- * @param fn the filename to canonicalize
- */
 void
 GNUNET_DISK_filename_canonicalize (char *fn)
 {
@@ -1157,15 +1027,9 @@ GNUNET_DISK_filename_canonicalize (char *fn)
 }
 
 
-/**
- * @brief Change owner of a file
- *
- * @param filename name of file to change the owner of
- * @param user name of the new owner
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
- */
-int
-GNUNET_DISK_file_change_owner (const char *filename, const char *user)
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_file_change_owner (const char *filename,
+                               const char *user)
 {
   struct passwd *pws;
 
@@ -1187,18 +1051,6 @@ GNUNET_DISK_file_change_owner (const char *filename, const char *user)
 }
 
 
-/**
- * Open a file.  Note that the access permissions will only be
- * used if a new file is created and if the underlying operating
- * system supports the given permissions.
- *
- * @param fn file name to be opened
- * @param flags opening flags, a combination of GNUNET_DISK_OPEN_xxx bit flags
- * @param perm permissions for the newly created file, use
- *             #GNUNET_DISK_PERM_NONE if a file could not be created by this
- *             call (because of flags)
- * @return IO handle on success, NULL on error
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_file_open (const char *fn,
                        enum GNUNET_DISK_OpenFlags flags,
@@ -1270,42 +1122,28 @@ GNUNET_DISK_file_open (const char *fn,
 }
 
 
-/**
- * Close an open file.
- *
- * @param h file handle
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_close (struct GNUNET_DISK_FileHandle *h)
 {
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
-  if (h == NULL)
+  if (NULL == h)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
 
   ret = GNUNET_OK;
-
-  if (close (h->fd) != 0)
+  if (0 != close (h->fd))
   {
     LOG_STRERROR (GNUNET_ERROR_TYPE_WARNING, "close");
     ret = GNUNET_SYSERR;
   }
-
   GNUNET_free (h);
   return ret;
 }
 
 
-/**
- * Get a handle from a native integer FD.
- *
- * @param fno native integer file descriptor
- * @return file handle corresponding to the descriptor, NULL on error
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_get_handle_from_int_fd (int fno)
 {
@@ -1322,12 +1160,6 @@ GNUNET_DISK_get_handle_from_int_fd (int fno)
 }
 
 
-/**
- * Get a handle from a native streaming FD.
- *
- * @param fd native streaming file descriptor
- * @return file handle corresponding to the descriptor
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_get_handle_from_native (FILE *fd)
 {
@@ -1336,7 +1168,6 @@ GNUNET_DISK_get_handle_from_native (FILE *fd)
   fno = fileno (fd);
   if (-1 == fno)
     return NULL;
-
   return GNUNET_DISK_get_handle_from_int_fd (fno);
 }
 
@@ -1362,15 +1193,7 @@ struct GNUNET_DISK_MapHandle
 #define MAP_FAILED ((void *) -1)
 #endif
 
-/**
- * Map a file into memory
- *
- * @param h open file handle
- * @param m handle to the new mapping
- * @param access access specification, GNUNET_DISK_MAP_TYPE_xxx
- * @param len size of the mapping
- * @return pointer to the mapped memory region, NULL on failure
- */
+
 void *
 GNUNET_DISK_file_map (const struct GNUNET_DISK_FileHandle *h,
                       struct GNUNET_DISK_MapHandle **m,
@@ -1402,16 +1225,10 @@ GNUNET_DISK_file_map (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Unmap a file
- *
- * @param h mapping handle
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h)
 {
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   if (NULL == h)
   {
@@ -1424,12 +1241,7 @@ GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h)
 }
 
 
-/**
- * Write file changes to disk
- * @param h handle to an open file
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_sync (const struct GNUNET_DISK_FileHandle *h)
 {
   if (h == NULL)
@@ -1446,12 +1258,6 @@ GNUNET_DISK_file_sync (const struct GNUNET_DISK_FileHandle *h)
 }
 
 
-/**
- * Creates an interprocess channel
- *
- * @param pf how to configure the pipe
- * @return handle to the new pipe, NULL on error
- */
 struct GNUNET_DISK_PipeHandle *
 GNUNET_DISK_pipe (enum GNUNET_DISK_PipeFlags pf)
 {
@@ -1469,15 +1275,6 @@ GNUNET_DISK_pipe (enum GNUNET_DISK_PipeFlags pf)
 }
 
 
-/**
- * Creates a pipe object from a couple of file descriptors.
- * Useful for wrapping existing pipe FDs.
- *
- * @param pf how to configure the pipe
- * @param fd an array of two fd values. One of them may be -1 for read-only or write-only pipes
- *
- * @return handle to the new pipe, NULL on error
- */
 struct GNUNET_DISK_PipeHandle *
 GNUNET_DISK_pipe_from_fd (enum GNUNET_DISK_PipeFlags pf,
                           int fd[2])
@@ -1551,18 +1348,11 @@ GNUNET_DISK_pipe_from_fd (enum GNUNET_DISK_PipeFlags pf,
 }
 
 
-/**
- * Closes an interprocess channel
- *
- * @param p pipe to close
- * @param end which end of the pipe to close
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close_end (struct GNUNET_DISK_PipeHandle *p,
                             enum GNUNET_DISK_PipeEnd end)
 {
-  int ret = GNUNET_OK;
+  enum GNUNET_GenericReturnValue ret = GNUNET_OK;
 
   if (end == GNUNET_DISK_PIPE_END_READ)
   {
@@ -1580,23 +1370,10 @@ GNUNET_DISK_pipe_close_end (struct GNUNET_DISK_PipeHandle *p,
       p->fd[1] = NULL;
     }
   }
-
   return ret;
 }
 
 
-/**
- * Detaches one of the ends from the pipe.
- * Detached end is a fully-functional FileHandle, it will
- * not be affected by anything you do with the pipe afterwards.
- * Each end of a pipe can only be detched from it once (i.e.
- * it is not duplicated).
- *
- * @param p pipe to detach an end from
- * @param end which end of the pipe to detach
- * @return Detached end on success, NULL on failure
- * (or if that end is not present or is closed).
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_pipe_detach_end (struct GNUNET_DISK_PipeHandle *p,
                              enum GNUNET_DISK_PipeEnd end)
@@ -1624,13 +1401,7 @@ GNUNET_DISK_pipe_detach_end (struct GNUNET_DISK_PipeHandle *p,
 }
 
 
-/**
- * Closes an interprocess channel
- *
- * @param p pipe to close
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p)
 {
   int ret = GNUNET_OK;
@@ -1661,13 +1432,6 @@ GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p)
 }
 
 
-/**
- * Get the handle to a particular pipe end
- *
- * @param p pipe
- * @param n end to access
- * @return handle for the respective end
- */
 const struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_pipe_handle (const struct GNUNET_DISK_PipeHandle *p,
                          enum GNUNET_DISK_PipeEnd n)
@@ -1685,26 +1449,16 @@ GNUNET_DISK_pipe_handle (const struct GNUNET_DISK_PipeHandle *p,
 }
 
 
-/**
- * Retrieve OS file handle
- * @internal
- * @param fh GNUnet file descriptor
- * @param dst destination buffer
- * @param dst_len length of dst
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_internal_file_handle_ (const struct GNUNET_DISK_FileHandle *fh,
                                    void *dst,
                                    size_t dst_len)
 {
   if (NULL == fh)
     return GNUNET_SYSERR;
-
   if (dst_len < sizeof(int))
     return GNUNET_SYSERR;
   *((int *) dst) = fh->fd;
-
   return GNUNET_OK;
 }
 
@@ -1716,8 +1470,9 @@ GNUNET_DISK_internal_file_handle_ (const struct GNUNET_DISK_FileHandle *fh,
  * @param cfg our configuration
  * @return #GNUNET_OK on success
  */
-static int
-purge_cfg_dir (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg)
+static enum GNUNET_GenericReturnValue
+purge_cfg_dir (void *cls,
+               const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   const char *option = cls;
   char *tmpname;
@@ -1739,15 +1494,9 @@ purge_cfg_dir (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg)
 }
 
 
-/**
- * Remove the directory given under @a option in
- * section [PATHS] in configuration under @a cfg_filename
- *
- * @param cfg_filename configuration file to parse
- * @param option option with the dir name to purge
- */
 void
-GNUNET_DISK_purge_cfg_dir (const char *cfg_filename, const char *option)
+GNUNET_DISK_purge_cfg_dir (const char *cfg_filename,
+                           const char *option)
 {
   GNUNET_break (GNUNET_OK ==
                 GNUNET_CONFIGURATION_parse_and_run (cfg_filename,
diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c
index 136c6debb..5c3dfc12e 100644
--- a/src/util/gnunet-scrypt.c
+++ b/src/util/gnunet-scrypt.c
@@ -65,12 +65,15 @@ static void
 shutdown_task (void *cls)
 {
   (void) cls;
-  if (sizeof(proof) != GNUNET_DISK_fn_write (pwfn,
-                                             &proof,
-                                             sizeof(proof),
-                                             GNUNET_DISK_PERM_USER_READ
-                                             | GNUNET_DISK_PERM_USER_WRITE))
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "write", pwfn);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (pwfn,
+                            &proof,
+                            sizeof(proof),
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "write",
+                              pwfn);
 }
 
 
diff --git a/src/util/network.c b/src/util/network.c
index b18030fcd..c4adefb8f 100644
--- a/src/util/network.c
+++ b/src/util/network.c
@@ -757,21 +757,17 @@ GNUNET_NETWORK_socket_recvfrom (const struct GNUNET_NETWORK_Handle *desc,
                                 struct sockaddr *src_addr,
                                 socklen_t *addrlen)
 {
-  int ret;
-  int flags;
-
-  flags = 0;
+  int flags = 0;
 
 #ifdef MSG_DONTWAIT
   flags |= MSG_DONTWAIT;
 #endif
-  ret = recvfrom (desc->fd,
-                  buffer,
-                  length,
-                  flags,
-                  src_addr,
-                  addrlen);
-  return ret;
+  return recvfrom (desc->fd,
+                   buffer,
+                   length,
+                   flags,
+                   src_addr,
+                   addrlen);
 }
 
 
@@ -853,10 +849,7 @@ GNUNET_NETWORK_socket_sendto (const struct GNUNET_NETWORK_Handle *desc,
                               const struct sockaddr *dest_addr,
                               socklen_t dest_len)
 {
-  int ret;
-  int flags;
-
-  flags = 0;
+  int flags = 0;
 
 #ifdef MSG_DONTWAIT
   flags |= MSG_DONTWAIT;
@@ -864,8 +857,12 @@ GNUNET_NETWORK_socket_sendto (const struct GNUNET_NETWORK_Handle *desc,
 #ifdef MSG_NOSIGNAL
   flags |= MSG_NOSIGNAL;
 #endif
-  ret = sendto (desc->fd, message, length, flags, dest_addr, dest_len);
-  return ret;
+  return sendto (desc->fd,
+                 message,
+                 length,
+                 flags,
+                 dest_addr,
+                 dest_len);
 }
 
 
diff --git a/src/util/test_disk.c b/src/util/test_disk.c
index 6969e49e6..12bde8107 100644
--- a/src/util/test_disk.c
+++ b/src/util/test_disk.c
@@ -30,12 +30,12 @@
 
 
 static int
-testReadWrite ()
+testReadWrite (void)
 {
   char tmp[100 + 1];
   int ret;
 
-  if (strlen (TESTSTRING) !=
+  if (GNUNET_OK !=
       GNUNET_DISK_fn_write (".testfile", TESTSTRING, strlen (TESTSTRING),
                             GNUNET_DISK_PERM_USER_READ
                             | GNUNET_DISK_PERM_USER_WRITE))