Merge branch 'master' of ssh://gnunet.org/gnunet

48 files changed, 1036 insertions, 1640 deletions

diff --git a/src/fs/gnunet-search.c b/src/fs/gnunet-search.c
index d25ae55e6..e49609b18 100644
--- a/src/fs/gnunet-search.c
+++ b/src/fs/gnunet-search.c
@@ -111,17 +111,20 @@ clean_task (void *cls)
   ctx = NULL;
   if (output_filename == NULL)
     return;
-  if (GNUNET_OK != GNUNET_FS_directory_builder_finish (db, &dsize, &ddata))
+  if (GNUNET_OK !=
+      GNUNET_FS_directory_builder_finish (db, &dsize, &ddata))
   {
     GNUNET_break (0);
     GNUNET_free (output_filename);
     return;
   }
-  if (dsize != GNUNET_DISK_fn_write (output_filename,
-                                     ddata,
-                                     dsize,
-                                     GNUNET_DISK_PERM_USER_READ
-                                     | GNUNET_DISK_PERM_USER_WRITE))
+  (void) GNUNET_DISK_directory_remove (output_filename);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (output_filename,
+                            ddata,
+                            dsize,
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE))
   {
     fprintf (stderr,
              _ ("Failed to write directory with search results to `%s'\n"),
diff --git a/src/fs/test_fs_download.c b/src/fs/test_fs_download.c
index 2be2e7f6a..2fe0da77c 100644
--- a/src/fs/test_fs_download.c
+++ b/src/fs/test_fs_download.c
@@ -299,8 +299,11 @@ run (void *cls,
                                             "USE_INDEX"))
   {
     fn1 = GNUNET_DISK_mktemp ("gnunet-download-indexed-test");
-    GNUNET_assert (FILESIZE ==
-                   GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
+    (void) GNUNET_DISK_directory_remove (fn1);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_DISK_fn_write (fn1,
+                                         buf,
+                                         FILESIZE,
                                          GNUNET_DISK_PERM_USER_READ
                                          | GNUNET_DISK_PERM_USER_WRITE));
     GNUNET_free (buf);
diff --git a/src/fs/test_fs_file_information.c b/src/fs/test_fs_file_information.c
index 9305471d6..9d0978e06 100644
--- a/src/fs/test_fs_file_information.c
+++ b/src/fs/test_fs_file_information.c
@@ -82,7 +82,8 @@ run (void *cls, char *const *args, const char *cfgfile,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -92,7 +93,8 @@ run (void *cls, char *const *args, const char *cfgfile,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_list_indexed.c b/src/fs/test_fs_list_indexed.c
index 93367883f..2f04a017a 100644
--- a/src/fs/test_fs_list_indexed.c
+++ b/src/fs/test_fs_list_indexed.c
@@ -198,7 +198,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -208,7 +209,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_publish.c b/src/fs/test_fs_publish.c
index c42e546e3..2ffc722da 100644
--- a/src/fs/test_fs_publish.c
+++ b/src/fs/test_fs_publish.c
@@ -184,7 +184,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -194,7 +195,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_publish_persistence.c b/src/fs/test_fs_publish_persistence.c
index 4ec39d06e..da0209793 100644
--- a/src/fs/test_fs_publish_persistence.c
+++ b/src/fs/test_fs_publish_persistence.c
@@ -258,7 +258,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn1);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn1, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
@@ -268,7 +269,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn2);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn2, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_unindex.c b/src/fs/test_fs_unindex.c
index a11c574c1..992672244 100644
--- a/src/fs/test_fs_unindex.c
+++ b/src/fs/test_fs_unindex.c
@@ -197,7 +197,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/fs/test_fs_unindex_persistence.c b/src/fs/test_fs_unindex_persistence.c
index c3668f4e0..802aaf7ca 100644
--- a/src/fs/test_fs_unindex_persistence.c
+++ b/src/fs/test_fs_unindex_persistence.c
@@ -267,7 +267,8 @@ run (void *cls,
   buf = GNUNET_malloc (FILESIZE);
   for (i = 0; i < FILESIZE; i++)
     buf[i] = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 256);
-  GNUNET_assert (FILESIZE ==
+  (void) GNUNET_DISK_directory_remove (fn);
+  GNUNET_assert (GNUNET_OK ==
                  GNUNET_DISK_fn_write (fn, buf, FILESIZE,
                                        GNUNET_DISK_PERM_USER_READ
                                        | GNUNET_DISK_PERM_USER_WRITE));
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index 6cdb1c2f7..2bb4b0897 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -697,8 +697,7 @@ check_create_message (void *cls,
 
 
 /**
- * Handler for CREATE message from client, creates
- * new identity.
+ * Handler for CREATE message from client, creates new identity.
  *
  * @param cls unused
  * @param client who sent the message
@@ -737,8 +736,7 @@ handle_create_message (void *cls,
                                ego);
   send_result_code (client, 0, NULL);
   fn = get_ego_filename (ego);
-  (void) GNUNET_DISK_directory_create_for_file (fn);
-  if (sizeof(struct GNUNET_IDENTITY_PrivateKey) !=
+  if (GNUNET_OK !=
       GNUNET_DISK_fn_write (fn,
                             &crm->private_key,
                             sizeof(struct GNUNET_IDENTITY_PrivateKey),
diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h
index bc2055709..b5af1146d 100644
--- a/src/include/gnunet_common.h
+++ b/src/include/gnunet_common.h
@@ -345,7 +345,7 @@ struct GNUNET_AsyncScopeSave
  *  #GNUNET_NO to stop iteration with no error,
  *  #GNUNET_SYSERR to abort iteration with error!
  */
-typedef int
+typedef enum GNUNET_GenericReturnValue
 (*GNUNET_FileNameCallback) (void *cls,
                             const char *filename);
 
diff --git a/src/include/gnunet_configuration_lib.h b/src/include/gnunet_configuration_lib.h
index b4e7f7d8f..ad55c1b9a 100644
--- a/src/include/gnunet_configuration_lib.h
+++ b/src/include/gnunet_configuration_lib.h
@@ -82,7 +82,7 @@ GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg);
  * @param filename name of the configuration file, NULL to load defaults
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_load (struct GNUNET_CONFIGURATION_Handle *cfg,
                            const char *filename);
 
@@ -95,7 +95,7 @@ GNUNET_CONFIGURATION_load (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param defaults_d directory with the defaults
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_load_from (struct GNUNET_CONFIGURATION_Handle *cfg,
                                 const char *defaults_d);
 
@@ -120,7 +120,7 @@ GNUNET_CONFIGURATION_default (void);
  * @param filename name of the configuration file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename);
 
@@ -149,7 +149,7 @@ GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg,
  *          when we come across them
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
                                   const char *mem,
                                   size_t size,
@@ -163,19 +163,20 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param filename where to write the configuration
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename);
 
 
 /**
  * Write only configuration entries that have been changed to configuration file
+ *
  * @param cfg_default default configuration
  * @param cfg_new new configuration
  * @param filename where to write the configuration diff between default and new
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write_diffs (const struct
                                   GNUNET_CONFIGURATION_Handle *cfg_default,
                                   const struct
@@ -204,7 +205,7 @@ GNUNET_CONFIGURATION_get_diff (const struct
  * @param cfg configuration to inspect
  * @return #GNUNET_NO if clean, #GNUNET_YES if dirty, #GNUNET_SYSERR on error (i.e. last save failed)
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_is_dirty (const struct GNUNET_CONFIGURATION_Handle *cfg);
 
 
@@ -215,7 +216,7 @@ GNUNET_CONFIGURATION_is_dirty (const struct GNUNET_CONFIGURATION_Handle *cfg);
  * @param cfg the configuration
  * @return status code
  */
-typedef int
+typedef enum GNUNET_GenericReturnValue
 (*GNUNET_CONFIGURATION_Callback)(void *cls,
                                  const struct GNUNET_CONFIGURATION_Handle *cfg);
 
@@ -231,7 +232,7 @@ typedef int
  * @return #GNUNET_SYSERR if parsing the configuration failed,
  *   otherwise return value from @a cb.
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse_and_run (const char *filename,
                                     GNUNET_CONFIGURATION_Callback cb,
                                     void *cb_cls);
@@ -311,7 +312,7 @@ GNUNET_CONFIGURATION_remove_section (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param number where to store the numeric value of the option
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_number (const struct
                                        GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -328,7 +329,7 @@ GNUNET_CONFIGURATION_get_value_number (const struct
  * @param number where to store the floating value of the option
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_float (const struct
                                       GNUNET_CONFIGURATION_Handle *cfg,
                                       const char *section,
@@ -345,7 +346,7 @@ GNUNET_CONFIGURATION_get_value_float (const struct
  * @param time set to the time value stored in the configuration
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_time (const struct
                                      GNUNET_CONFIGURATION_Handle *cfg,
                                      const char *section,
@@ -362,7 +363,7 @@ GNUNET_CONFIGURATION_get_value_time (const struct
  * @param size set to the size in bytes as stored in the configuration
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_size (const struct
                                      GNUNET_CONFIGURATION_Handle *cfg,
                                      const char *section,
@@ -378,7 +379,7 @@ GNUNET_CONFIGURATION_get_value_size (const struct
  * @param option option of interest
  * @return #GNUNET_YES if so, #GNUNET_NO if not.
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_have_value (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                  const char *section,
                                  const char *option);
@@ -394,12 +395,12 @@ GNUNET_CONFIGURATION_have_value (const struct GNUNET_CONFIGURATION_Handle *cfg,
  *        value, or NULL if option is not specified
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
-GNUNET_CONFIGURATION_get_value_string (const struct
-                                       GNUNET_CONFIGURATION_Handle *cfg,
-                                       const char *section,
-                                       const char *option,
-                                       char **value);
+enum GNUNET_GenericReturnValue
+GNUNET_CONFIGURATION_get_value_string (
+  const struct GNUNET_CONFIGURATION_Handle *cfg,
+  const char *section,
+  const char *option,
+  char **value);
 
 
 /**
@@ -413,7 +414,7 @@ GNUNET_CONFIGURATION_get_value_string (const struct
  *        value, or NULL if option is not specified
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_filename (const struct
                                          GNUNET_CONFIGURATION_Handle *cfg,
                                          const char *section,
@@ -466,7 +467,7 @@ GNUNET_CONFIGURATION_iterate_section_values (const struct
  *        or NULL if option is not specified and no default given
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_choice (const struct
                                        GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -483,7 +484,7 @@ GNUNET_CONFIGURATION_get_value_choice (const struct
  * @param option option of interest
  * @return #GNUNET_YES, #GNUNET_NO or if option has no valid value, #GNUNET_SYSERR
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_yesno (const struct
                                       GNUNET_CONFIGURATION_Handle *cfg,
                                       const char *section,
@@ -502,7 +503,7 @@ GNUNET_CONFIGURATION_get_value_yesno (const struct
  *         #GNUNET_NO is the value does not exist
  *         #GNUNET_SYSERR on decoding error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                const char *section,
                                const char *option,
@@ -527,9 +528,9 @@ GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
  * @return $-expanded string
  */
 char *
-GNUNET_CONFIGURATION_expand_dollar (const struct
-                                    GNUNET_CONFIGURATION_Handle *cfg,
-                                    char *orig);
+GNUNET_CONFIGURATION_expand_dollar (
+  const struct GNUNET_CONFIGURATION_Handle *cfg,
+  char *orig);
 
 
 /**
@@ -573,7 +574,7 @@ GNUNET_CONFIGURATION_set_value_string (struct GNUNET_CONFIGURATION_Handle *cfg,
  * @return #GNUNET_OK on success,
  *         #GNUNET_SYSERR if the filename is not in the list
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_remove_value_filename (struct
                                             GNUNET_CONFIGURATION_Handle *cfg,
                                             const char *section,
@@ -592,7 +593,7 @@ GNUNET_CONFIGURATION_remove_value_filename (struct
  * @return #GNUNET_OK on success,
  *         #GNUNET_SYSERR if the filename already in the list
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_append_value_filename (struct
                                             GNUNET_CONFIGURATION_Handle *cfg,
                                             const char *section,
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 6dc56f0e4..5521dad3c 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1023,7 +1023,7 @@ GNUNET_CRYPTO_hmac_derive_key (
  * @param ... pair of void * & size_t for context chunks, terminated by NULL
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_hkdf (void *result,
                     size_t out_len,
                     int xtr_algo,
@@ -1049,7 +1049,7 @@ GNUNET_CRYPTO_hkdf (void *result,
  * @param argp va_list of void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_hkdf_v (void *result,
                       size_t out_len,
                       int xtr_algo,
@@ -1072,7 +1072,7 @@ GNUNET_CRYPTO_hkdf_v (void *result,
  * @param argp va_list of void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_kdf_v (void *result,
                      size_t out_len,
                      const void *xts,
@@ -1116,7 +1116,7 @@ GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
  * @param ... void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_kdf (void *result,
                    size_t out_len,
                    const void *xts,
@@ -1215,7 +1215,7 @@ GNUNET_CRYPTO_eddsa_public_key_to_string (
  * @param pub where to store the public key
  * @return #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -1245,7 +1245,7 @@ GNUNET_CRYPTO_eddsa_private_key_from_string (
  * @param pub where to store the public key
  * @return #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -1267,7 +1267,7 @@ GNUNET_CRYPTO_eddsa_public_key_from_string (
  * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
  *         we found an existing file, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
                                    int do_create,
                                    struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey);
@@ -1606,7 +1606,7 @@ GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
  * @param key_material where to write the key material (xyG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                         const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                         struct GNUNET_HashCode *key_material);
@@ -1622,7 +1622,7 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  * @param key_material where to write the key material H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1637,7 +1637,7 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
  * @param key_material where to write the key material H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1653,7 +1653,7 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
  * @param key_material where to write the key material H(yX)=H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1668,7 +1668,7 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  * @param key_material where to write the key material H(yX)=H(h(x)yG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material);
@@ -1689,7 +1689,7 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
  * @param[out] sig where to write the signature
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_sign_ (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -1736,7 +1736,7 @@ GNUNET_CRYPTO_eddsa_sign_ (
  * @param[out] sig where to write the signature
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -2333,7 +2333,7 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
  * @param public_key public key of the signer
  * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
                           const struct GNUNET_CRYPTO_RsaSignature *sig,
                           const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
diff --git a/src/include/gnunet_disk_lib.h b/src/include/gnunet_disk_lib.h
index 3f29dc2e4..e45ab84f4 100644
--- a/src/include/gnunet_disk_lib.h
+++ b/src/include/gnunet_disk_lib.h
@@ -251,7 +251,7 @@ enum GNUNET_DISK_PipeEnd
  * @param h handle to check
  * @return #GNUNET_YES if invalid, #GNUNET_NO if valid
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h);
 
 
@@ -263,7 +263,7 @@ GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h);
  * @return #GNUNET_YES if yes, #GNUNET_NO if not a file, #GNUNET_SYSERR if something
  * else (will print an error message in that case, too).
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_test (const char *fil);
 
 
@@ -304,7 +304,7 @@ GNUNET_DISK_file_seek (const struct GNUNET_DISK_FileHandle *h,
  *        and return #GNUNET_SYSERR for directories.
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_size (const char *filename,
                        uint64_t *size,
                        int include_symbolic_links,
@@ -326,7 +326,7 @@ GNUNET_DISK_file_size (const char *filename,
  * @param ino set to the inode ID
  * @return #GNUNET_OK on success
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_get_identifiers (const char *filename,
                                   uint64_t *dev,
                                   uint64_t *ino);
@@ -385,7 +385,7 @@ GNUNET_DISK_file_open (const char *fn,
  * @param size where to write size of the file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh,
                               off_t *size);
 
@@ -447,7 +447,7 @@ GNUNET_DISK_pipe_from_fd (enum GNUNET_DISK_PipeFlags pf,
  * @param p pipe
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p);
 
 
@@ -458,7 +458,7 @@ GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p);
  * @param end which end of the pipe to close
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close_end (struct GNUNET_DISK_PipeHandle *p,
                             enum GNUNET_DISK_PipeEnd end);
 
@@ -485,7 +485,7 @@ GNUNET_DISK_pipe_detach_end (struct GNUNET_DISK_PipeHandle *p,
  * @param h file handle
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_close (struct GNUNET_DISK_FileHandle *h);
 
 
@@ -609,19 +609,22 @@ GNUNET_DISK_file_write_blocking (const struct GNUNET_DISK_FileHandle *h,
 
 
 /**
- * Write a buffer to a file.  If the file is longer than
- * the given buffer size, it will be truncated.
+ * Write a buffer to a file atomically.  The directory is created if
+ * necessary.  Fail if @a filename already exists or if not exactly @a buf
+ * with @a buf_size bytes could be written to @a filename.
  *
  * @param fn file name
- * @param buffer the data to write
- * @param n number of bytes to write
+ * @param buf the data to write
+ * @param buf_size number of bytes to write from @a buf
  * @param mode file permissions
- * @return number of bytes written on success, #GNUNET_SYSERR on error
+ * @return #GNUNET_OK on success,
+ *         #GNUNET_NO if a file existed under @a filename
+ *         #GNUNET_SYSERR on failure
  */
-ssize_t
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_fn_write (const char *fn,
-                      const void *buffer,
-                      size_t n,
+                      const void *buf,
+                      size_t buf_size,
                       enum GNUNET_DISK_AccessPermissions mode);
 
 
@@ -632,7 +635,7 @@ GNUNET_DISK_fn_write (const char *fn,
  * @param dst destination file name
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_copy (const char *src,
                        const char *dst);
 
@@ -659,7 +662,7 @@ GNUNET_DISK_directory_scan (const char *dir_name,
  * @returns #GNUNET_OK on success, #GNUNET_SYSERR on failure,
  *          #GNUNET_NO if directory exists but is not writeable
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create_for_file (const char *filename);
 
 
@@ -675,8 +678,9 @@ GNUNET_DISK_directory_create_for_file (const char *filename);
  * @return #GNUNET_YES if yes, #GNUNET_NO if not; #GNUNET_SYSERR if it
  *           does not exist or `stat`ed
  */
-int
-GNUNET_DISK_directory_test (const char *fil, int is_readable);
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_directory_test (const char *fil,
+                            int is_readable);
 
 
 /**
@@ -685,7 +689,7 @@ GNUNET_DISK_directory_test (const char *fil, int is_readable);
  * @param filename the file to remove
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_remove (const char *filename);
 
 
@@ -707,7 +711,7 @@ GNUNET_DISK_purge_cfg_dir (const char *cfg_filename,
  * @param dir the directory to create
  * @returns #GNUNET_SYSERR on failure, #GNUNET_OK otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create (const char *dir);
 
 
@@ -725,7 +729,7 @@ GNUNET_DISK_filename_canonicalize (char *fn);
  * @param user new owner of the file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_change_owner (const char *filename,
                                const char *user);
 
@@ -758,7 +762,7 @@ GNUNET_DISK_file_map (const struct GNUNET_DISK_FileHandle *h,
  * @param h mapping handle
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h);
 
 
@@ -768,7 +772,7 @@ GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h);
  * @param h handle to an open file
  * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_sync (const struct GNUNET_DISK_FileHandle *h);
 
 
diff --git a/src/include/gnunet_scheduler_lib.h b/src/include/gnunet_scheduler_lib.h
index b828e2db7..158f1d83b 100644
--- a/src/include/gnunet_scheduler_lib.h
+++ b/src/include/gnunet_scheduler_lib.h
@@ -497,13 +497,11 @@ GNUNET_SCHEDULER_cancel (struct GNUNET_SCHEDULER_Task *task);
  * @param priority priority to use for the task
  */
 void
-GNUNET_SCHEDULER_add_with_reason_and_priority (GNUNET_SCHEDULER_TaskCallback
-                                               task,
-                                               void *task_cls,
-                                               enum GNUNET_SCHEDULER_Reason
-                                               reason,
-                                               enum GNUNET_SCHEDULER_Priority
-                                               priority);
+GNUNET_SCHEDULER_add_with_reason_and_priority (
+  GNUNET_SCHEDULER_TaskCallback task,
+  void *task_cls,
+  enum GNUNET_SCHEDULER_Reason reason,
+  enum GNUNET_SCHEDULER_Priority priority);
 
 
 /**
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index dfd71e57a..8e9cd0c9d 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -824,19 +824,26 @@ check_proof_of_work (const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
  * Write our current proof to disk.
  */
 static void
-write_proof ()
+write_proof (void)
 {
   char *proof;
 
   if (GNUNET_OK !=
-      GNUNET_CONFIGURATION_get_value_filename (cfg, "NSE", "PROOFFILE", &proof))
+      GNUNET_CONFIGURATION_get_value_filename (cfg,
+                                               "NSE",
+                                               "PROOFFILE",
+                                               &proof))
     return;
-  if (sizeof(my_proof) != GNUNET_DISK_fn_write (proof,
-                                                &my_proof,
-                                                sizeof(my_proof),
-                                                GNUNET_DISK_PERM_USER_READ
-                                                | GNUNET_DISK_PERM_USER_WRITE))
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "write", proof);
+  (void) GNUNET_DISK_directory_remove (proof);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (proof,
+                            &my_proof,
+                            sizeof(my_proof),
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "write",
+                              proof);
   GNUNET_free (proof);
 }
 
diff --git a/src/peerinfo-tool/gnunet-peerinfo.c b/src/peerinfo-tool/gnunet-peerinfo.c
index 987c7c3a0..8b149c98e 100644
--- a/src/peerinfo-tool/gnunet-peerinfo.c
+++ b/src/peerinfo-tool/gnunet-peerinfo.c
@@ -451,13 +451,14 @@ dump_my_hello ()
     fprintf (stderr, _ ("Failure: Received invalid %s\n"), "HELLO");
     return;
   }
-  if (GNUNET_SYSERR == GNUNET_DISK_fn_write (dump_hello,
-                                             my_hello,
-                                             size,
-                                             GNUNET_DISK_PERM_USER_READ
-                                             | GNUNET_DISK_PERM_USER_WRITE
-                                             | GNUNET_DISK_PERM_GROUP_READ
-                                             | GNUNET_DISK_PERM_OTHER_READ))
+  if (GNUNET_SYSERR ==
+      GNUNET_DISK_fn_write (dump_hello,
+                            my_hello,
+                            size,
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE
+                            | GNUNET_DISK_PERM_GROUP_READ
+                            | GNUNET_DISK_PERM_OTHER_READ))
   {
     fprintf (stderr,
              _ ("Failed to write HELLO with %u bytes to file `%s'\n"),
diff --git a/src/peerinfo/gnunet-service-peerinfo.c b/src/peerinfo/gnunet-service-peerinfo.c
index 79af90dd4..1b1232ecb 100644
--- a/src/peerinfo/gnunet-service-peerinfo.c
+++ b/src/peerinfo/gnunet-service-peerinfo.c
@@ -807,13 +807,14 @@ update_hello (const struct GNUNET_PeerIdentity *peer,
       }
       GNUNET_assert (pos == size);
 
-      if (GNUNET_SYSERR == GNUNET_DISK_fn_write (fn,
-                                                 buffer,
-                                                 size,
-                                                 GNUNET_DISK_PERM_USER_READ
-                                                 | GNUNET_DISK_PERM_USER_WRITE
-                                                 | GNUNET_DISK_PERM_GROUP_READ
-                                                 | GNUNET_DISK_PERM_OTHER_READ))
+      if (GNUNET_SYSERR ==
+          GNUNET_DISK_fn_write (fn,
+                                buffer,
+                                size,
+                                GNUNET_DISK_PERM_USER_READ
+                                | GNUNET_DISK_PERM_USER_WRITE
+                                | GNUNET_DISK_PERM_GROUP_READ
+                                | GNUNET_DISK_PERM_OTHER_READ))
         GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "write", fn);
       else
         GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -987,13 +988,15 @@ discard_hosts_helper (void *cls, const char *fn)
 
   if (0 < write_pos)
   {
-    GNUNET_DISK_fn_write (fn,
-                          writebuffer,
-                          write_pos,
-                          GNUNET_DISK_PERM_USER_READ
-                          | GNUNET_DISK_PERM_USER_WRITE
-                          | GNUNET_DISK_PERM_GROUP_READ
-                          | GNUNET_DISK_PERM_OTHER_READ);
+    (void) GNUNET_DISK_directory_remove (fn);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_DISK_fn_write (fn,
+                                         writebuffer,
+                                         write_pos,
+                                         GNUNET_DISK_PERM_USER_READ
+                                         | GNUNET_DISK_PERM_USER_WRITE
+                                         | GNUNET_DISK_PERM_GROUP_READ
+                                         | GNUNET_DISK_PERM_OTHER_READ));
   }
   else if (0 != unlink (fn))
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING
diff --git a/src/pq/pq_connect.c b/src/pq/pq_connect.c
index 22230cf5c..fd73cf0d8 100644
--- a/src/pq/pq_connect.c
+++ b/src/pq/pq_connect.c
@@ -190,7 +190,7 @@ apply_patch (struct GNUNET_PQ_Context *db,
   if ( (GNUNET_OS_PROCESS_EXITED != type) ||
        (0 != code) )
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                 "Could not run PSQL on file %s: %d\n",
                 buf,
                 (int) code);
@@ -419,7 +419,7 @@ GNUNET_PQ_reconnect (struct GNUNET_PQ_Context *db)
         GNUNET_PQ_run_sql (db,
                            db->load_path))
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                   "Failed to load SQL statements from `%s*'\n",
                   db->load_path);
       PQfinish (db->conn);
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 40cc5751e..a90d02d68 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -694,7 +694,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience,
   // cmp code_challenge code_verifier
   code_challenge_len = ntohl (params->code_challenge_len);
   code_challenge = ((char *) &params[1]);
-  if (!(opts & OIDC_VERIFICATION_NO_CODE_VERIFIER))
+  if (! (opts & OIDC_VERIFICATION_NO_CODE_VERIFIER))
   {
     if (GNUNET_OK != check_code_challenge (code_challenge,
                                            code_challenge_len,
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c
index d59ea7c81..b5737158b 100644
--- a/src/revocation/gnunet-revocation.c
+++ b/src/revocation/gnunet-revocation.c
@@ -230,7 +230,7 @@ sync_pow ()
 {
   size_t psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
   if ((NULL != filename) &&
-      (psize !=
+      (GNUNET_OK !=
        GNUNET_DISK_fn_write (filename,
                              proof_of_work,
                              psize,
@@ -280,14 +280,17 @@ calculate_pow (void *cls)
   if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph))
   {
     psize = GNUNET_REVOCATION_proof_get_size (proof_of_work);
-    if ((NULL != filename) &&
-        (psize !=
-         GNUNET_DISK_fn_write (filename,
-                               proof_of_work,
-                               psize,
-                               GNUNET_DISK_PERM_USER_READ
-                               | GNUNET_DISK_PERM_USER_WRITE)))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename);
+    if (NULL != filename)
+    {
+      (void) GNUNET_DISK_directory_remove (filename);
+      if (GNUNET_OK !=
+          GNUNET_DISK_fn_write (filename,
+                                proof_of_work,
+                                psize,
+                                GNUNET_DISK_PERM_USER_READ
+                                | GNUNET_DISK_PERM_USER_WRITE))
+        GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename);
+    }
     if (perform)
     {
       perform_revocation ();
diff --git a/src/testbed/gnunet_mpi_test.c b/src/testbed/gnunet_mpi_test.c
index e0caf9676..2ee707fe6 100644
--- a/src/testbed/gnunet_mpi_test.c
+++ b/src/testbed/gnunet_mpi_test.c
@@ -49,7 +49,8 @@ main (int argc, char *argv[])
   (void) GNUNET_asprintf (&filename, "%d-%d.mpiout", (int) pid, rank);
   msg_size = GNUNET_asprintf (&msg, "My rank is: %d\n", rank);
   printf ("%s", msg);
-  if (msg_size ==
+  (void) GNUNET_DISK_directory_remove (filename);
+  if (GNUNET_OK ==
       GNUNET_DISK_fn_write (filename, msg, msg_size,
                             GNUNET_DISK_PERM_USER_READ
                             | GNUNET_DISK_PERM_GROUP_READ
diff --git a/src/topology/friends.c b/src/topology/friends.c
index a3b15d8f7..65c7e81d7 100644
--- a/src/topology/friends.c
+++ b/src/topology/friends.c
@@ -59,15 +59,6 @@ GNUNET_FRIENDS_parse (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                "FRIENDS");
     return GNUNET_SYSERR;
   }
-  if (GNUNET_SYSERR ==
-      GNUNET_DISK_directory_create_for_file (fn))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "mkdir",
-                              fn);
-    GNUNET_free (fn);
-    return GNUNET_SYSERR;
-  }
   if ((GNUNET_OK !=
        GNUNET_DISK_file_test (fn)) &&
       (GNUNET_OK !=
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 800a27aa2..0f9d40e13 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -813,42 +813,48 @@ test_communicator_basic_unix_SOURCES = \
 test_communicator_basic_unix_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_basic_tcp_SOURCES = \
  test_communicator_basic.c
 test_communicator_basic_tcp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_basic_udp_SOURCES = \
  test_communicator_basic.c
 test_communicator_basic_udp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_rekey_tcp_SOURCES = \
  test_communicator_basic.c
 test_communicator_rekey_tcp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_rekey_udp_SOURCES = \
  test_communicator_basic.c
 test_communicator_rekey_udp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 
 test_communicator_backchannel_udp_SOURCES = \
  test_communicator_basic.c
 test_communicator_backchannel_udp_LDADD = \
  libgnunettransporttesting2.la \
  $(top_builddir)/src/testing/libgnunettesting.la \
- $(top_builddir)/src/util/libgnunetutil.la
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la
 endif
 
 test_plugin_unix_SOURCES = \
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index 073b1ea02..018da8f0e 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -137,10 +137,10 @@
 #define MAX_SECRETS 128000
 
 /**
- * How often do we rekey based on number of bytes transmitted?
+ * Default value for how often we do rekey based on number of bytes transmitted?
  * (additionally randomized).
  */
-#define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
+#define DEFAULT_REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
 
 /**
  * Address prefix used by the communicator.
@@ -510,6 +510,11 @@ struct SharedSecret
 struct SenderAddress
 {
   /**
+   * Shared secret we use with @e target for rekeying.
+   */
+  struct SharedSecret *ss_rekey;
+
+  /**
    * Flag indicating sender is initiated rekeying for this receiver.
    */
   int rekeying;
@@ -760,6 +765,10 @@ struct BroadcastInterface
 static struct GNUNET_TIME_Relative rekey_interval;
 
 /**
+ * How often we do rekey based on number of bytes transmitted
+ */
+static unsigned long long rekey_max_bytes;
+/**
  * Shared secret we finished the last kce working queue for.
  */
 struct SharedSecret *ss_finished;
@@ -1056,14 +1065,14 @@ secret_destroy (struct SharedSecret *ss, int withoutKce)
   struct ReceiverAddress *receiver;
   struct KeyCacheEntry *kce;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "secret destroy %u %u\n",
-              withoutKce,
-              ss->sequence_allowed);
-
   if (withoutKce && (ss->sequence_allowed > 0))
     return GNUNET_NO;
 
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "secret %s destroy %u %u\n",
+              GNUNET_h2s (&ss->master),
+              withoutKce,
+              ss->sequence_allowed);
   if (NULL != (sender = ss->sender))
   {
     GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss);
@@ -1075,6 +1084,9 @@ secret_destroy (struct SharedSecret *ss, int withoutKce)
     receiver->num_secrets--;
     // Uncomment this for alternativ 1 of backchannel functionality
     receiver->acks_available -= (ss->sequence_allowed - ss->sequence_used);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "%u receiver->acks_available 3\n",
+                receiver->acks_available);
     // Until here for alternativ 1
   }
   while (NULL != (kce = ss->kce_head))
@@ -1194,15 +1206,15 @@ check_timeouts (void *cls)
   rt = GNUNET_TIME_UNIT_FOREVER_REL;
   while (NULL != (receiver = GNUNET_CONTAINER_heap_peek (receivers_heap)))
   {
-    if (GNUNET_YES != receiver->receiver_destroy_called)
-    {
-      rt = GNUNET_TIME_absolute_get_remaining (receiver->timeout);
-      if (0 != rt.rel_value_us)
-        break;
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Receiver timed out\n");
-      receiver_destroy (receiver);
-    }
+    /* if (GNUNET_YES != receiver->receiver_destroy_called) */
+    /* { */
+    rt = GNUNET_TIME_absolute_get_remaining (receiver->timeout);
+    if (0 != rt.rel_value_us)
+      break;
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Receiver timed out\n");
+    receiver_destroy (receiver);
+    // }
   }
   st = GNUNET_TIME_UNIT_FOREVER_REL;
   while (NULL != (sender = GNUNET_CONTAINER_heap_peek (senders_heap)))
@@ -1433,7 +1445,8 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
   int at_least_one_destroyed = GNUNET_NO;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Starting destroy all.\n");
+              "Starting destroy all withoutKce: %u.\n",
+              withoutKce);
 
   if (NULL != (sender = ss->sender))
   {
@@ -1451,7 +1464,7 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
   }
 
   pos = ss_start;
-  while ( NULL != pos)
+  while (NULL != pos)
   {
     ss_to_destroy = pos;
     pos = pos->next;
@@ -1462,6 +1475,8 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
 
   if ((ss != ss_start) && ! at_least_one_destroyed)
   {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Really destroying all.\n");
     destroy_all_secrets (ss_start, GNUNET_NO);
   }
 
@@ -1469,8 +1484,9 @@ destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
               "Finished destroy all.\n");
 }
 
+
 static void
-add_acks (struct SharedSecret *ss, int acks_to_add, int remove_from_receiver)
+add_acks (struct SharedSecret *ss, int acks_to_add)
 {
 
   struct ReceiverAddress *receiver = ss->receiver;
@@ -1489,6 +1505,9 @@ add_acks (struct SharedSecret *ss, int acks_to_add, int remove_from_receiver)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Tell transport we have %u more acks!\n",
               acks_to_add);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u kce for rekeying.\n",
+              receiver->number_rekeying_kce);
   GNUNET_TRANSPORT_communicator_mq_update (ch,
                                            receiver->d_qh,
                                            acks_to_add,
@@ -1496,35 +1515,70 @@ add_acks (struct SharedSecret *ss, int acks_to_add, int remove_from_receiver)
   // Until here for alternativ 1
 
   /* move ss to head to avoid discarding it anytime soon! */
-  if (remove_from_receiver)
-    GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
+
+  GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
   GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
   destroy_all_secrets (ss, GNUNET_YES);
+}
 
 
-  // Uncomment this for alternativ 2 of backchannel functionality
-  /*if (receiver->acks_available != ack->acks_available)
+static uint32_t
+reset_rekey_kces (struct ReceiverAddress *receiver,
+                  uint32_t acks_to_add)
+{
+  int needed_for_rekeying;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u kce for rekeying and %u acks_to_add\n",
+              receiver->number_rekeying_kce,
+              acks_to_add);
+
+  needed_for_rekeying = (3 - receiver->number_rekeying_kce);
+  if (acks_to_add <= needed_for_rekeying)
   {
-    receiver->acks_available = ack->acks_available;
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Tell transport we have different number of acks!\n");
-    GNUNET_TRANSPORT_communicator_mq_update (ch,
-                                             receiver->d_qh,
-                                             receiver->acks_available,
-                                             1);
-                                             }*/
-  // Until here for alternativ 2
+    receiver->number_rekeying_kce += acks_to_add;
+    acks_to_add = 0;
+  }
+  else
+  {
+    acks_to_add -= (3 - receiver->number_rekeying_kce);
+    receiver->number_rekeying_kce = 3;
+  }
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u kce for rekeying and %u acks_to_add\n",
+              receiver->number_rekeying_kce,
+              acks_to_add);
+  return acks_to_add;
 }
 
+
 static void
 add_acks_rekey (struct ReceiverAddress *receiver)
 {
-  add_acks (receiver->ss_rekey, receiver->ss_rekey->sequence_allowed - 3,
-            GNUNET_NO);
+  uint32_t acks_to_add = receiver->ss_rekey->sequence_allowed;
+
+  if (receiver->number_rekeying_kce < 3)
+    acks_to_add = reset_rekey_kces (receiver, acks_to_add);
   receiver->acks_available = receiver->ss_rekey->sequence_allowed;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "%u receiver->acks_available 4\n",
+              receiver->acks_available);
+  /* add_acks (receiver->ss_rekey, acks_to_add - 3); */
+  if (0 != acks_to_add)
+  {
+    add_acks (receiver->ss_rekey, acks_to_add);
+  }
   receiver->ss_rekey = NULL;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "# rekeying successful\n");
+  GNUNET_STATISTICS_update (stats,
+                            "# rekeying successful",
+                            1,
+                            GNUNET_NO);
 }
 
+
 /**
  * We received an ACK for @a pid. Check if it is for
  * the receiver in @a value and if so, handle it and
@@ -1540,15 +1594,17 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
 {
   const struct UDPAck *ack = cls;
   struct ReceiverAddress *receiver = value;
-  int acks_to_add;
+  uint32_t acks_to_add;
   uint32_t allowed;
+  // int needed_for_rekeying;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "in handle ack\n");
+              "in handle ack with cmac %s\n",
+              GNUNET_h2s (&ack->cmac));
 
   if (NULL != receiver->ss_rekey)
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Received secret with cmac %s \n",
+                "We have rekey secret with cmac %s \n",
                 GNUNET_h2s (&receiver->ss_rekey->cmac));
 
   if ((NULL != receiver->ss_rekey) && (0 == memcmp (&ack->cmac,
@@ -1598,16 +1654,37 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
         // Uncomment this for alternativ 1 of backchannel functionality
         acks_to_add = (allowed - ss->sequence_allowed);
         if ((GNUNET_NO == receiver->rekeying) &&
-            (receiver->number_rekeying_kce <
-             3) )
+            (receiver->number_rekeying_kce < 3) )
+          acks_to_add = reset_rekey_kces (receiver, acks_to_add);
+        /* if ((GNUNET_NO == receiver->rekeying) && */
+        /*     (receiver->number_rekeying_kce < */
+        /*      3) ) */
+        /* { */
+        /*   needed_for_rekeying = (3 - receiver->number_rekeying_kce); */
+        /*   if (acks_to_add <= needed_for_rekeying) */
+        /*   { */
+        /*     receiver->number_rekeying_kce += acks_to_add; */
+        /*     acks_to_add = 0; */
+        /*   } */
+        /*   else */
+        /*   { */
+        /*     acks_to_add -= (3 - receiver->number_rekeying_kce); */
+        /*     receiver->number_rekeying_kce = 3; */
+        /*   } */
+        /* } */
+        /* GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, */
+        /*             "%u kce for rekeying\n", */
+        /*             receiver->number_rekeying_kce); */
+
+        if ((0 != acks_to_add) && (GNUNET_NO == receiver->rekeying))
         {
-          acks_to_add -= (3 - receiver->number_rekeying_kce);
-          receiver->number_rekeying_kce = 3;
+          receiver->acks_available += (allowed - ss->sequence_allowed);
+          ss->sequence_allowed = allowed;
+          GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                      "%u receiver->acks_available 5\n",
+                      receiver->acks_available);
+          add_acks (ss, acks_to_add);
         }
-        receiver->acks_available += (allowed - ss->sequence_allowed);
-        ss->sequence_allowed = allowed;
-
-        add_acks (ss, acks_to_add, GNUNET_YES);
       }
       return GNUNET_NO;
     }
@@ -1663,18 +1740,21 @@ try_handle_plaintext (struct SenderAddress *sender,
 }
 
 
-
 static void
 kce_generate_cb (void *cls)
 {
   struct SharedSecret *ss = cls;
   kce_task = NULL;
 
-  if (ss->sender->acks_available < KCN_TARGET)
+  if (((GNUNET_NO == ss->sender->rekeying) && (ss->sender->acks_available <
+                                               KCN_TARGET) ) ||
+      ((ss->sender->ss_rekey == ss) && (GNUNET_YES == ss->sender->rekeying) &&
+       (ss->sender->acks_available < 128)))
   {
 
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Precomputing keys\n");
+                "Precomputing keys for master %s\n",
+                GNUNET_h2s (&(ss->master)));
 
     for (int i = 0; i < GENERATE_AT_ONCE; i++)
       kce_generate (ss, ++ss->sequence_allowed);
@@ -1694,6 +1774,7 @@ kce_generate_cb (void *cls)
 
 }
 
+
 static void
 kce_generate_rekey_cb (void *cls)
 {
@@ -1702,6 +1783,11 @@ kce_generate_rekey_cb (void *cls)
 
   if (NULL == kce_task)
   {
+
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Precomputing keys for rekey master %s\n",
+                GNUNET_h2s (&(ss->master)));
+
     for (int i = 0; i < GENERATE_AT_ONCE; i++)
       kce_generate (ss, ++ss->sequence_allowed);
 
@@ -1760,25 +1846,36 @@ consider_ss_ack (struct SharedSecret *ss, int initial)
   if (((NULL != kce_task) && kce_task_finished) || (GNUNET_NO == initial))
   {
     struct UDPAck ack;
+    struct SharedSecret *ss_tell;
+
+    if (GNUNET_NO != initial)
+      ss_tell = ss_finished;
+    else
+      ss_tell = ss;
 
     ack.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK);
     ack.header.size = htons (sizeof(ack));
-    ack.sequence_max = htonl (ss_finished->sequence_allowed);
+    ack.sequence_max = htonl (ss_tell->sequence_allowed);
     ack.acks_available = ss->sender->acks_available;
-    ack.cmac = ss_finished->cmac;
+    ack.cmac = ss_tell->cmac;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Notifying transport of UDPAck %s with intial %u\n",
-                GNUNET_i2s_full (&ss_finished->sender->target),
-                initial);
+                "Notifying transport of UDPAck %s with intial %u and master %s\n",
+                GNUNET_i2s_full (&ss_tell->sender->target),
+                initial,
+                GNUNET_h2s (&(ss_tell->master)));
     GNUNET_TRANSPORT_communicator_notify (ch,
-                                          &ss_finished->sender->target,
+                                          &ss_tell->sender->target,
                                           COMMUNICATOR_ADDRESS_PREFIX,
                                           &ack.header);
-    destroy_all_secrets (ss, GNUNET_YES);
-    kce_task = NULL;
-    kce_task_finished = GNUNET_NO;
+    if (GNUNET_NO != initial)
+    {
+      destroy_all_secrets (ss, GNUNET_YES);
+      kce_task = NULL;
+      kce_task_finished = GNUNET_NO;
+    }
   }
-  else if ((NULL == kce_task) && ((KCN_THRESHOLD > ss->sender->acks_available)||
+  else if ((NULL == kce_task) && ((KCN_THRESHOLD >
+                                   ss->sender->acks_available) ||
                                   (GNUNET_YES == ss->sender->rekeying) ||
                                   (ss->sender->num_secrets > MAX_SECRETS) ))
   {
@@ -1835,6 +1932,10 @@ decrypt_box (const struct UDPBox *box,
                             "# bytes decrypted with BOX",
                             sizeof(out_buf),
                             GNUNET_NO);
+  GNUNET_STATISTICS_update (stats,
+                            "# messages decrypted with BOX",
+                            1,
+                            GNUNET_NO);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "decrypted UDPBox with kid %s\n",
               GNUNET_sh2s (&box->kid));
@@ -1842,19 +1943,22 @@ decrypt_box (const struct UDPBox *box,
   if ((GNUNET_NO == box->rekeying) && (GNUNET_YES == ss->sender->rekeying))
   {
     ss->sender->rekeying = GNUNET_NO;
+    ss->sender->ss_rekey = NULL;
     // destroy_all_secrets (ss, GNUNET_NO);
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Receiver stopped rekeying.\n");
   }
   else if (GNUNET_NO == box->rekeying)
-    consider_ss_ack (ss, GNUNET_YES);
-  else{
+    consider_ss_ack (ss, GNUNET_NO);
+  else
+  {
     ss->sender->rekeying = GNUNET_YES;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Receiver started rekeying.\n");
+                "Got Box: Receiver doing rekeying.\n");
   }
 }
 
+
 /**
  * We received a @a rekey with matching @a kce.  Decrypt and process it.
  *
@@ -1921,6 +2025,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
   /* GNUNET_assert (ss_rekey->prev == NULL && sender->ss_head != ss_rekey); */
   /* GNUNET_assert (ss_rekey->next == NULL && sender->ss_tail != ss_rekey); */
   GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
+  sender->ss_rekey = ss_rekey;
   sender->num_secrets++;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received secret with cmac %s\n",
@@ -1941,6 +2046,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
 
 }
 
+
 /**
  * Closure for #find_sender_by_address()
  */
@@ -2151,20 +2257,26 @@ sock_read (void *cls)
     box = (const struct UDPBox *) buf;
     kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);
 
-    if ((GNUNET_YES == box->rekeying)||(GNUNET_NO == box->rekeying))
+    if ((GNUNET_YES == box->rekeying) || (GNUNET_NO == box->rekeying))
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "UDPRekey has rekeying %u\n",
                   box->rekeying);
     else
       do_decrypt = GNUNET_YES;
-    if ((GNUNET_YES == do_decrypt)&& (NULL != kce) && (GNUNET_YES ==
-                                                       kce->ss->sender->rekeying))
+
+    if ((GNUNET_YES == do_decrypt) && (NULL != kce) && (GNUNET_YES ==
+                                                        kce->ss->sender->
+                                                        rekeying))
     {
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "UDPRekey with kid %s\n",
                   GNUNET_sh2s (&rekey->kid));
       sender = setup_sender (&rekey->sender, (const struct sockaddr *) &sa,
                              salen);
+
+      if (NULL != sender->ss_rekey)
+        return;
+
       decrypt_rekey (rekey, (size_t) rcvd, kce, sender);
       return;
     }
@@ -2290,16 +2402,18 @@ sock_read (void *cls)
     if ((GNUNET_NO == kx->rekeying) && (GNUNET_YES == ss->sender->rekeying))
     {
       ss->sender->rekeying = GNUNET_NO;
+      sender->ss_rekey = NULL;
       // destroy_all_secrets (ss, GNUNET_NO);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Receiver stopped rekeying.\n");
     }
     else if (GNUNET_NO == kx->rekeying)
       consider_ss_ack (ss, GNUNET_YES);
-    else{
+    else
+    {
       ss->sender->rekeying = GNUNET_YES;
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Receiver started rekeying.\n");
+                  "Got KX: Receiver doing rekeying.\n");
     }
     /*if (sender->num_secrets > MAX_SECRETS)
       secret_destroy (sender->ss_tail);*/
@@ -2560,6 +2674,7 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
   GNUNET_MQ_impl_send_continue (mq);
 }
 
+
 static void
 check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
 {
@@ -2583,13 +2698,13 @@ check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
                 rt.rel_value_us,
                 receiver->rekey_timeout.abs_value_us);
 
-    if ((0 == rt.rel_value_us)||(receiver->rekey_send_bytes >
-                                 REKEY_MAX_BYTES) )
+    if ((0 == rt.rel_value_us) || (receiver->rekey_send_bytes >
+                                   rekey_max_bytes) )
     {
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Bytes send %lu greater than %llu max bytes\n.",
                   receiver->rekey_send_bytes,
-                  REKEY_MAX_BYTES);
+                  rekey_max_bytes);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Relative time is %lu and timeout is %lu\n.",
                   rt.rel_value_us,
@@ -2612,6 +2727,7 @@ check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
   }
 }
 
+
 static void
 send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
 {
@@ -2631,9 +2747,14 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
                  - (receiver->rekey_acks_available % 3)) / 3;
     is_ss_rekey_sequence_allowed_zero = (0 ==
                                          receiver->ss_rekey->sequence_allowed);
-    is_acks_available_below = (receiver->acks_available > not_below);
+    is_acks_available_below = (receiver->acks_available >= not_below);
     send_rekey = (0 == (receiver->acks_available - not_below) % not_below) &&
                  is_acks_available_below && is_ss_rekey_sequence_allowed_zero;
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "send_rekey: %u, %u, %u\n",
+                send_rekey,
+                receiver->rekey_acks_available,
+                receiver->acks_available);
   }
   else if (NULL == receiver->ss_rekey)
   {
@@ -2641,6 +2762,7 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
     GNUNET_CRYPTO_ecdhe_key_create (&epriv);
     receiver->ss_rekey = setup_shared_secret_enc (&epriv, receiver,
                                                   GNUNET_NO);
+    receiver->ss_rekey->sequence_allowed = 0;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Setup secret with cmac %s\n",
                 GNUNET_h2s (&(receiver->ss_rekey->cmac)));
@@ -2700,6 +2822,9 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Sending rekey with cmac %s\n",
                   GNUNET_h2s (&(receiver->ss_rekey->cmac)));
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "%u rekey kces left.\n",
+                  receiver->number_rekeying_kce);
 
       if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
                                               rekey_dgram,
@@ -2708,6 +2833,10 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
                                               receiver->address_len))
         GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
 
+      receiver->acks_available--;
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "%u receiver->acks_available 1\n",
+                  receiver->acks_available);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Sending UDPRekey to %s\n", GNUNET_a2s (receiver->address,
                                                           receiver->
@@ -2737,6 +2866,12 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
   if ((msize > receiver->d_mtu) ||
       (0 == receiver->acks_available))
   {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "msize: %u, mtu: %lu, acks: %u\n",
+                msize,
+                receiver->d_mtu,
+                receiver->acks_available);
+
     GNUNET_break (0);
     if (GNUNET_YES != receiver->receiver_destroy_called)
       receiver_destroy (receiver);
@@ -2789,8 +2924,6 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
     else
       box->rekeying = GNUNET_YES;
 
-    check_for_rekeying (receiver, box);
-
     if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
                                             dgram,
                                             sizeof(dgram),
@@ -2798,11 +2931,15 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
                                             receiver->address_len))
       GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Sending UDPBox to %s\n", GNUNET_a2s (receiver->address,
-                                                      receiver->address_len));
+                "Sending UDPBox %u acks left\n",
+                receiver->acks_available);
     GNUNET_MQ_impl_send_continue (mq);
     receiver->acks_available--;
-    if (0 == receiver->acks_available)
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "%u receiver->acks_available 2\n",
+                receiver->acks_available);
+    check_for_rekeying (receiver, box);
+    if (0 == receiver->acks_available - receiver->number_rekeying_kce)
     {
       /* We have no more ACKs */
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2810,6 +2947,8 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
       if (GNUNET_YES == receiver->rekeying)
       {
         receiver->rekeying = GNUNET_NO;
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "Sender stopped rekeying\n");
 
         if ((NULL != receiver->ss_rekey) && (0 <
                                              receiver->ss_rekey->
@@ -3120,6 +3259,8 @@ get_sender_delete_it (void *cls,
 static void
 do_shutdown (void *cls)
 {
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "do_shutdown\n");
   if (NULL != nat)
   {
     GNUNET_NAT_unregister (nat);
@@ -3154,18 +3295,26 @@ do_shutdown (void *cls)
   }
   if (NULL != udp_sock)
   {
-    GNUNET_break (GNUNET_OK == GNUNET_NETWORK_socket_close (udp_sock));
+    GNUNET_break (GNUNET_OK ==
+                  GNUNET_NETWORK_socket_close (udp_sock));
     udp_sock = NULL;
   }
   GNUNET_CONTAINER_multipeermap_iterate (receivers,
                                          &get_receiver_delete_it,
                                          NULL);
   GNUNET_CONTAINER_multipeermap_destroy (receivers);
-  GNUNET_CONTAINER_multipeermap_iterate (senders, &get_sender_delete_it, NULL);
+  GNUNET_CONTAINER_multipeermap_iterate (senders,
+                                         &get_sender_delete_it,
+                                         NULL);
   GNUNET_CONTAINER_multipeermap_destroy (senders);
   GNUNET_CONTAINER_multishortmap_destroy (key_cache);
   GNUNET_CONTAINER_heap_destroy (senders_heap);
   GNUNET_CONTAINER_heap_destroy (receivers_heap);
+  if (NULL != timeout_task)
+  {
+    GNUNET_SCHEDULER_cancel (timeout_task);
+    timeout_task = NULL;
+  }
   if (NULL != ch)
   {
     GNUNET_TRANSPORT_communicator_disconnect (ch);
@@ -3191,6 +3340,8 @@ do_shutdown (void *cls)
     GNUNET_NT_scanner_done (is);
     is = NULL;
   }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "do_shutdown finished\n");
 }
 
 
@@ -3302,25 +3453,29 @@ ifc_broadcast (void *cls)
       static int no = 0;
       ssize_t sent;
 
-      if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
-                                                         SOL_SOCKET,
-                                                         SO_BROADCAST,
-                                                         &yes,
-                                                         sizeof(int)))
-        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
+      if (GNUNET_OK !=
+          GNUNET_NETWORK_socket_setsockopt (udp_sock,
+                                            SOL_SOCKET,
+                                            SO_BROADCAST,
+                                            &yes,
+                                            sizeof(int)))
+        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                             "setsockopt");
       sent = GNUNET_NETWORK_socket_sendto (udp_sock,
                                            &bi->bcm,
                                            sizeof(bi->bcm),
                                            bi->ba,
                                            bi->salen);
       if (-1 == sent)
-        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "sendto");
+        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                             "sendto");
       if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
                                                          SOL_SOCKET,
                                                          SO_BROADCAST,
                                                          &no,
                                                          sizeof(int)))
-        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
+        GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                             "setsockopt");
       break;
     }
 
@@ -3402,9 +3557,18 @@ iface_proc (void *cls,
     return GNUNET_OK; /* not using IPv6 */
 
   bi = GNUNET_new (struct BroadcastInterface);
-  bi->sa = GNUNET_memdup (addr, addrlen);
-  if (NULL != broadcast_addr)
-    bi->ba = GNUNET_memdup (broadcast_addr, addrlen);
+  bi->sa = GNUNET_memdup (addr,
+                          addrlen);
+  if ( (NULL != broadcast_addr) &&
+       (addrlen == sizeof (struct sockaddr_in)) )
+  {
+    struct sockaddr_in *ba;
+
+    ba = GNUNET_memdup (broadcast_addr,
+                        addrlen);
+    ba->sin_port = htons (2086); /* always GNUnet port, ignore configuration! */
+    bi->ba = (struct sockaddr *) ba;
+  }
   bi->salen = addrlen;
   bi->found = GNUNET_YES;
   bi->bcm.sender = my_identity;
@@ -3415,7 +3579,7 @@ iface_proc (void *cls,
   GNUNET_CRYPTO_eddsa_sign (my_private_key,
                             &ubs,
                             &bi->bcm.sender_sig);
-  if (NULL != broadcast_addr)
+  if (NULL != bi->ba)
   {
     bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi);
     GNUNET_CONTAINER_DLL_insert (bi_head, bi_tail, bi);
@@ -3522,6 +3686,13 @@ run (void *cls,
                                            &rekey_interval))
     rekey_interval = DEFAULT_REKEY_TIME_INTERVAL;
 
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_size (cfg,
+                                           COMMUNICATOR_CONFIG_SECTION,
+                                           "REKEY_MAX_BYTES",
+                                           &rekey_max_bytes))
+    rekey_max_bytes = DEFAULT_REKEY_MAX_BYTES;
+
   in = udp_address_to_sockaddr (bindto, &in_len);
   if (NULL == in)
   {
@@ -3532,7 +3703,9 @@ run (void *cls,
     return;
   }
   udp_sock =
-    GNUNET_NETWORK_socket_create (in->sa_family, SOCK_DGRAM, IPPROTO_UDP);
+    GNUNET_NETWORK_socket_create (in->sa_family,
+                                  SOCK_DGRAM,
+                                  IPPROTO_UDP);
   if (NULL == udp_sock)
   {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
@@ -3542,9 +3715,14 @@ run (void *cls,
   }
   if (AF_INET6 == in->sa_family)
     have_v6_socket = GNUNET_YES;
-  if (GNUNET_OK != GNUNET_NETWORK_socket_bind (udp_sock, in, in_len))
+  if (GNUNET_OK !=
+      GNUNET_NETWORK_socket_bind (udp_sock,
+                                  in,
+                                  in_len))
   {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "bind", bindto);
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                              "bind",
+                              bindto);
     GNUNET_NETWORK_socket_close (udp_sock);
     udp_sock = NULL;
     GNUNET_free (in);
diff --git a/src/transport/test_communicator_basic.c b/src/transport/test_communicator_basic.c
index 7ea04afdb..ea1a7b1fb 100644
--- a/src/transport/test_communicator_basic.c
+++ b/src/transport/test_communicator_basic.c
@@ -73,6 +73,10 @@ static struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *my_tc;
 
 static char *test_name;
 
+static struct GNUNET_STATISTICS_GetHandle *box_stats;
+
+static struct GNUNET_STATISTICS_GetHandle *rekey_stats;
+
 #define SHORT_MESSAGE_SIZE 128
 
 #define LONG_MESSAGE_SIZE 32000 /* FIXME */
@@ -90,7 +94,7 @@ static unsigned int iterations_left = TOTAL_ITERATIONS;
 #define TIMEOUT_MULTIPLIER 1
 
 #define DELAY \
-  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,50)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,200)
 
 #define SHORT_BURST_WINDOW \
   GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,2)
@@ -129,12 +133,12 @@ static struct GNUNET_TIME_Relative duration;
 
 
 static void
-communicator_available_cb (void *cls,
-                           struct
-                           GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
-                           *tc_h,
-                           enum GNUNET_TRANSPORT_CommunicatorCharacteristics cc,
-                           char *address_prefix)
+communicator_available_cb (
+  void *cls,
+  struct
+  GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  enum GNUNET_TRANSPORT_CommunicatorCharacteristics cc,
+  char *address_prefix)
 {
   LOG (GNUNET_ERROR_TYPE_INFO,
        "Communicator available. (cc: %u, prefix: %s)\n",
@@ -142,10 +146,11 @@ communicator_available_cb (void *cls,
        address_prefix);
 }
 
+
 static void
 open_queue (void *cls)
 {
-  char *address = cls;
+  const char *address = cls;
 
   if (NULL != tc_hs[PEER_A]->c_mq)
   {
@@ -158,30 +163,32 @@ open_queue (void *cls)
   {
     GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
                                   &open_queue,
-                                  address);
+                                  (void *) address);
   }
 }
 
+
 static void
-add_address_cb (void *cls,
-                struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *
-                tc_h,
-                const char *address,
-                struct GNUNET_TIME_Relative expiration,
-                uint32_t aid,
-                enum GNUNET_NetworkType nt)
+add_address_cb (
+  void *cls,
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  const char *address,
+  struct GNUNET_TIME_Relative expiration,
+  uint32_t aid,
+  enum GNUNET_NetworkType nt)
 {
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "New address. (addr: %s, expir: %" PRIu32 ", ID: %" PRIu32 ", nt: %u\n",
+       "New address. (addr: %s, expir: %s, ID: %" PRIu32 ", nt: %u\n",
        address,
-       expiration.rel_value_us,
+       GNUNET_STRINGS_relative_time_to_string (expiration,
+                                               GNUNET_NO),
        aid,
-       nt);
+       (int) nt);
   // addresses[1] = GNUNET_strdup (address);
   if ((0 == strcmp ((char*) cls, cfg_peers_name[PEER_B])) &&
       (GNUNET_NO == queue_est))
   {
-    open_queue (address);
+    open_queue ((void *) address);
   }
 }
 
@@ -198,12 +205,13 @@ add_address_cb (void *cls,
  *                #GNUNET_NO if queue will not be established (bogous address)
  */
 static void
-queue_create_reply_cb (void *cls,
-                       struct
-                       GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *
-                       tc_h,
-                       int will_try)
+queue_create_reply_cb (
+  void *cls,
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  int will_try)
 {
+  (void) cls;
+  (void) tc_h;
   if (GNUNET_YES == will_try)
     LOG (GNUNET_ERROR_TYPE_DEBUG,
          "Queue will be established!\n");
@@ -219,6 +227,9 @@ handle_backchannel_cb (void *cls,
                        struct GNUNET_PeerIdentity *pid)
 {
   struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h = cls;
+
+  (void) tc_h;
+  (void) msg;
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Handling BC message...\n");
   if (0 == memcmp (&peer_id[PEER_A], pid, sizeof (*pid)))
     return tc_hs[PEER_A];
@@ -260,9 +271,11 @@ latency_timeout (void *cls)
                                        NULL);
     return;
   }
-
   switch (phase)
   {
+  case TP_INIT:
+    GNUNET_assert (0);
+    break;
   case TP_BURST_SHORT:
     num_sent = num_sent_short;
     num_received = num_received_short;
@@ -283,6 +296,7 @@ latency_timeout (void *cls)
   GNUNET_SCHEDULER_shutdown ();
 }
 
+
 /*static void
   size_test (void *cls);*/
 
@@ -294,7 +308,7 @@ size_test (void *cls)
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "size_test_cb %u\n",
-       num_sent_size);
+       (unsigned int) num_sent_size);
   GNUNET_assert (TP_SIZE_CHECK == phase);
   if (LONG_MESSAGE_SIZE != long_message_size)
     max_size = long_message_size;
@@ -316,13 +330,6 @@ size_test (void *cls)
                                                 TIMEOUT_MULTIPLIER));
 }
 
-/*static void
-size_test (void *cls)
-{
-  GNUNET_SCHEDULER_add_delayed (DELAY,
-                                &size_test_cb,
-                                NULL);
-                                }*/
 
 static void
 long_test (void *cls);
@@ -334,27 +341,27 @@ long_test_cb (void *cls)
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "long_test_cb %u/%u\n",
-       num_sent_long,
-       num_received_long);
+       (unsigned int) num_sent_long,
+       (unsigned int) num_received_long);
   payload = make_payload (long_message_size);
   num_sent_long++;
-  GNUNET_TRANSPORT_TESTING_transport_communicator_send (my_tc,
-                                                        ((BURST_PACKETS
-                                                          * 0.91 ==
-                                                          num_received_long) ||
-                                                         (BURST_PACKETS ==
-                                                          num_sent_long))
-                                                        ? NULL
-                                                        : &long_test,
-                                                        NULL,
-                                                        payload,
-                                                        long_message_size);
+  GNUNET_TRANSPORT_TESTING_transport_communicator_send (
+    my_tc,
+    ((BURST_PACKETS * 0.91 == num_received_long) ||
+     (BURST_PACKETS == num_sent_long))
+    ? NULL
+    : &long_test,
+    NULL,
+    payload,
+    long_message_size);
   GNUNET_free (payload);
-  timeout = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (
-                                                GNUNET_TIME_UNIT_SECONDS,
-                                                TIMEOUT_MULTIPLIER));
+  timeout = GNUNET_TIME_relative_to_absolute (
+    GNUNET_TIME_relative_multiply (
+      GNUNET_TIME_UNIT_SECONDS,
+      TIMEOUT_MULTIPLIER));
 }
 
+
 static void
 long_test (void *cls)
 {
@@ -366,9 +373,11 @@ long_test (void *cls)
                                 NULL);
 }
 
+
 static void
 short_test (void *cls);
 
+
 static void
 short_test_cb (void *cls)
 {
@@ -376,27 +385,26 @@ short_test_cb (void *cls)
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "short_test_cb %u/%u\n",
-       num_sent_short,
-       num_received_short);
+       (unsigned int) num_sent_short,
+       (unsigned int) num_received_short);
   payload = make_payload (SHORT_MESSAGE_SIZE);
   num_sent_short++;
-  GNUNET_TRANSPORT_TESTING_transport_communicator_send (my_tc,
-                                                        ((BURST_PACKETS
-                                                          * 0.91 ==
-                                                          num_received_short) ||
-                                                         (BURST_PACKETS ==
-                                                          num_sent_short))
-                                                        ? NULL
-                                                        : &short_test,
-                                                        NULL,
-                                                        payload,
-                                                        SHORT_MESSAGE_SIZE);
+  GNUNET_TRANSPORT_TESTING_transport_communicator_send (
+    my_tc,
+    ( (BURST_PACKETS * 0.91 == num_received_short) ||
+      (BURST_PACKETS == num_sent_short) )
+    ? NULL
+    : &short_test,
+    NULL,
+    payload,
+    SHORT_MESSAGE_SIZE);
   GNUNET_free (payload);
   timeout = GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_multiply (
                                                 GNUNET_TIME_UNIT_SECONDS,
                                                 TIMEOUT_MULTIPLIER));
 }
 
+
 static void
 short_test (void *cls)
 {
@@ -492,10 +500,14 @@ update_avg_latency (const char*payload)
   ts = GNUNET_TIME_absolute_ntoh (*ts_n);
   latency = GNUNET_TIME_absolute_get_duration (ts);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Latency of received packet: %u\n",
-       latency);
+       "Latency of received packet: %s\n",
+       GNUNET_STRINGS_relative_time_to_string (latency,
+                                               GNUNET_YES));
   switch (phase)
   {
+  case TP_INIT:
+    GNUNET_assert (0);
+    break;
   case TP_BURST_SHORT:
     num_received = num_received_short;
     break;
@@ -514,6 +526,35 @@ update_avg_latency (const char*payload)
 
 }
 
+
+static void
+process_statistics_box_done (void *cls, int success)
+{
+  if (NULL != box_stats)
+    box_stats = NULL;
+  if (NULL == rekey_stats)
+  {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "Finished\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+}
+
+
+static void
+process_statistics_rekey_done (void *cls, int success)
+{
+  if (NULL != rekey_stats)
+    rekey_stats = NULL;
+  if (NULL == box_stats)
+  {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "Finished\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+}
+
+
 static int
 process_statistics (void *cls,
                     const char *subsystem,
@@ -521,9 +562,45 @@ process_statistics (void *cls,
                     uint64_t value,
                     int is_persistent)
 {
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Statistic: Name %s and value %lu\n",
+              name,
+              value);
+  if ((0 == strcmp ("rekey", test_name)) && (0 == strcmp (
+                                               "# rekeying successful",
+                                               name)) && (0 == value))
+  {
+    ret = 2;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "No successful rekeying!\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+  if ((0 == strcmp ("backchannel", test_name)) &&
+      (0 == strcmp (
+         "# messages decrypted with BOX",
+         name))
+      && (9000 > value))
+  {
+    ret = 2;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Not enough BOX messages!\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
+  if ((0 == strcmp ("rekey", test_name)) &&
+      (0 == strcmp (
+         "# messages decrypted with BOX",
+         name))
+      && (6000 > value))
+  {
+    ret = 2;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Not enough BOX messages!\n");
+    GNUNET_SCHEDULER_shutdown ();
+  }
   return GNUNET_OK;
 }
 
+
 /**
  * @brief Handle an incoming message
  *
@@ -534,14 +611,14 @@ process_statistics (void *cls,
  * @param msg Received message
  */
 static void
-incoming_message_cb (void *cls,
-                     struct
-                     GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
-                     *tc_h,
-                     const char*payload,
-                     size_t payload_len)
+incoming_message_cb (
+  void *cls,
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h,
+  const char *payload,
+  size_t payload_len)
 {
-  if (0 != strcmp ((char*) cls, cfg_peers_name[NUM_PEERS - 1]))
+  if (0 != strcmp ((char*) cls,
+                   cfg_peers_name[NUM_PEERS - 1]))
   {
     LOG (GNUNET_ERROR_TYPE_WARNING,
          "unexpected receiver...\n");
@@ -566,11 +643,9 @@ incoming_message_cb (void *cls,
       {
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "Short size packet test done.\n");
-        char *goodput = GNUNET_STRINGS_byte_size_fancy ((SHORT_MESSAGE_SIZE
-                                                         * num_received_short
-                                                         * 1000
-                                                         * 1000)
-                                                        / duration.rel_value_us);
+        char *goodput = GNUNET_STRINGS_byte_size_fancy (
+          (SHORT_MESSAGE_SIZE * num_received_short * 1000 * 1000)
+          / duration.rel_value_us);
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "%lu/%lu packets in %llu us (%s/s) -- avg latency: %llu us\n",
              (unsigned long) num_received_short,
@@ -603,12 +678,10 @@ incoming_message_cb (void *cls,
       {
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "Long size packet test done.\n");
-        char *goodput = GNUNET_STRINGS_byte_size_fancy ((long_message_size
-                                                         * num_received_long
-                                                         * 1000
-                                                         * 1000)
-                                                        / duration.
-                                                        rel_value_us);
+        char *goodput = GNUNET_STRINGS_byte_size_fancy (
+          (long_message_size * num_received_long * 1000 * 1000)
+          / duration.
+          rel_value_us);
 
         LOG (GNUNET_ERROR_TYPE_MESSAGE,
              "%lu/%lu packets in %llu us (%s/s) -- avg latency: %llu us\n",
@@ -660,18 +733,32 @@ incoming_message_cb (void *cls,
           short_test (NULL);
           break;
         }
-        /* if (("rekey" == test_name) || ("backchannel" == test_name)) */
-        /* { */
-        /*   GNUNET_STATISTICS_get (stats[1], */
-        /*                          "C-UDP", */
-        /*                          "# bytes decrypted with Rekey", */
-        /*                          NULL, */
-        /*                          &process_statistics, */
-        /*                          NULL); */
-        /* } */
-        LOG (GNUNET_ERROR_TYPE_DEBUG,
-             "Finished\n");
-        GNUNET_SCHEDULER_shutdown ();
+        if ( (0 == strcmp ("rekey", test_name)) ||
+             (0 == strcmp ("backchannel", test_name)) )
+        {
+          if (NULL != box_stats)
+            GNUNET_STATISTICS_get_cancel (box_stats);
+          box_stats = GNUNET_STATISTICS_get (stats[1],
+                                             "C-UDP",
+                                             "# messages decrypted with BOX",
+                                             process_statistics_box_done,
+                                             &process_statistics,
+                                             NULL);
+          if (NULL != rekey_stats)
+            GNUNET_STATISTICS_get_cancel (rekey_stats);
+          rekey_stats = GNUNET_STATISTICS_get (stats[0],
+                                               "C-UDP",
+                                               "# rekeying successful",
+                                               process_statistics_rekey_done,
+                                               &process_statistics,
+                                               NULL);
+        }
+        else
+        {
+          LOG (GNUNET_ERROR_TYPE_DEBUG,
+               "Finished\n");
+          GNUNET_SCHEDULER_shutdown ();
+        }
       }
       break;
     }
@@ -682,6 +769,19 @@ incoming_message_cb (void *cls,
 static void
 do_shutdown (void *cls)
 {
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "shuting down test.\n");
+
+  if (NULL != box_stats)
+  {
+    GNUNET_STATISTICS_get_cancel (box_stats);
+    box_stats = NULL;
+  }
+  if (NULL != rekey_stats)
+  {
+    GNUNET_STATISTICS_get_cancel (rekey_stats);
+    rekey_stats = NULL;
+  }
   if (NULL != to_task)
   {
     GNUNET_SCHEDULER_cancel (to_task);
@@ -690,6 +790,7 @@ do_shutdown (void *cls)
   for (unsigned int i = 0; i < NUM_PEERS; i++)
   {
     GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop (tc_hs[i]);
+    GNUNET_STATISTICS_destroy (stats[i], GNUNET_NO);
   }
 }
 
@@ -697,7 +798,7 @@ do_shutdown (void *cls)
 /**
  * @brief Main function called by the scheduler
  *
- * @param cls Closure - Handle to configuration
+ * @param cls Closure - Handle to confiation
  */
 static void
 run (void *cls)
@@ -720,11 +821,12 @@ run (void *cls)
       &handle_backchannel_cb,
       cfg_peers_name[i]);   /* cls */
 
-    /* if (("rekey" == test_name) || ("backchannel" == test_name)) */
-    /* { */
-    /*   stats[i] = GNUNET_STATISTICS_create ("C-UDP", */
-    /*                                        cfg_peers[i]); */
-    /* } */
+    if ((0 == strcmp ("rekey", test_name)) || (0 == strcmp ("backchannel",
+                                                            test_name)) )
+    {
+      stats[i] = GNUNET_STATISTICS_create ("C-UDP",
+                                           cfg_peers[i]);
+    }
   }
   GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
                                  NULL);
@@ -816,15 +918,12 @@ main (int argc,
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "test_name: %s\n",
        test_name);
-
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "communicator_name: %s\n",
        communicator_name);
-
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "communicator_binary: %s\n",
        communicator_binary);
-
   GNUNET_SCHEDULER_run (&run,
                         NULL);
   return ret;
diff --git a/src/transport/test_communicator_tcp_basic_peer1.conf b/src/transport/test_communicator_tcp_basic_peer1.conf
index c08737b7b..2411f485b 100644
--- a/src/transport/test_communicator_tcp_basic_peer1.conf
+++ b/src/transport/test_communicator_tcp_basic_peer1.conf
@@ -22,6 +22,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [communicator-unix]
 UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
 
diff --git a/src/transport/test_communicator_tcp_basic_peer2.conf b/src/transport/test_communicator_tcp_basic_peer2.conf
index 45b7e7844..8005718bf 100644
--- a/src/transport/test_communicator_tcp_basic_peer2.conf
+++ b/src/transport/test_communicator_tcp_basic_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [communicator-unix]
 UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
 
diff --git a/src/transport/test_communicator_tcp_rekey_peer1.conf b/src/transport/test_communicator_tcp_rekey_peer1.conf
index 901f415ef..82fbf353a 100644
--- a/src/transport/test_communicator_tcp_rekey_peer1.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
diff --git a/src/transport/test_communicator_tcp_rekey_peer2.conf b/src/transport/test_communicator_tcp_rekey_peer2.conf
index 643b037b2..1036039c4 100644
--- a/src/transport/test_communicator_tcp_rekey_peer2.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
diff --git a/src/transport/test_communicator_udp_backchannel_peer1.conf b/src/transport/test_communicator_udp_backchannel_peer1.conf
index b99a76d6c..59e6d68e3 100644
--- a/src/transport/test_communicator_udp_backchannel_peer1.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
@@ -35,6 +39,7 @@ BINDTO = 60002
 DISABLE_V6 = YES
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60002
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_backchannel_peer2.conf b/src/transport/test_communicator_udp_backchannel_peer2.conf
index 48bd54c8b..3abf7999b 100644
--- a/src/transport/test_communicator_udp_backchannel_peer2.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
@@ -35,6 +39,7 @@ BINDTO = 60003
 DISABLE_V6 = YES
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60003
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_basic_peer1.conf b/src/transport/test_communicator_udp_basic_peer1.conf
index d53a55210..c6ff024ee 100644
--- a/src/transport/test_communicator_udp_basic_peer1.conf
+++ b/src/transport/test_communicator_udp_basic_peer1.conf
@@ -23,11 +23,16 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60002
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_basic_peer2.conf b/src/transport/test_communicator_udp_basic_peer2.conf
index f05ebc5cb..b353b03e9 100644
--- a/src/transport/test_communicator_udp_basic_peer2.conf
+++ b/src/transport/test_communicator_udp_basic_peer2.conf
@@ -24,11 +24,16 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
 
 [communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes
 BINDTO = 60003
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
diff --git a/src/transport/test_communicator_udp_rekey_peer1.conf b/src/transport/test_communicator_udp_rekey_peer1.conf
index 8fede6f8c..6bfeafe33 100644
--- a/src/transport/test_communicator_udp_rekey_peer1.conf
+++ b/src/transport/test_communicator_udp_rekey_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
@@ -41,7 +45,7 @@ REKEY_INTERVAL = 100ms
 BINDTO = 60002
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
-REKEY_INTERVAL = 1s
+REKEY_MAX_BYTES=9MiB
 
 [communicator-test]
 BACKCHANNEL_ENABLED = YES
diff --git a/src/transport/test_communicator_udp_rekey_peer2.conf b/src/transport/test_communicator_udp_rekey_peer2.conf
index f545ba07a..474ca0c15 100644
--- a/src/transport/test_communicator_udp_rekey_peer2.conf
+++ b/src/transport/test_communicator_udp_rekey_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
@@ -41,7 +45,7 @@ REKEY_INTERVAL = 100ms
 BINDTO = 60003
 DISABLE_V6 = YES
 MAX_QUEUE_LENGTH=5000
-REKEY_INTERVAL = 1s
+REKEY_MAX_BYTES=9MiB
 
 [communicator-test]
 BACKCHANNEL_ENABLED = YES
diff --git a/src/transport/test_communicator_unix_basic_peer1.conf b/src/transport/test_communicator_unix_basic_peer1.conf
index 8e9700108..13ba2d16b 100644
--- a/src/transport/test_communicator_unix_basic_peer1.conf
+++ b/src/transport/test_communicator_unix_basic_peer1.conf
@@ -23,6 +23,10 @@ ENABLE_IPSCAN = YES
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
 
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_1.sock
+
 [resolver]
 PORT = 62089
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
diff --git a/src/transport/test_communicator_unix_basic_peer2.conf b/src/transport/test_communicator_unix_basic_peer2.conf
index c12cc9111..727e844a7 100644
--- a/src/transport/test_communicator_unix_basic_peer2.conf
+++ b/src/transport/test_communicator_unix_basic_peer2.conf
@@ -23,6 +23,10 @@ UNIXPATH = $GNUNET_TMP/communicator-unix-2/nat.sock
 [peerstore]
 UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
 
+[statistics]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-statistics_test_2.sock
+
 [resolver]
 PORT = 62090
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
diff --git a/src/transport/transport-testing-communicator.c b/src/transport/transport-testing-communicator.c
index 6d74b12e8..56240864c 100644
--- a/src/transport/transport-testing-communicator.c
+++ b/src/transport/transport-testing-communicator.c
@@ -766,6 +766,23 @@ shutdown_process (struct GNUNET_OS_Process *proc)
   GNUNET_OS_process_destroy (proc);
 }
 
+/**
+ * @brief Task run at shutdown to kill the statistics process
+ *
+ * @param cls Closure - Process of communicator
+ */
+static void
+shutdown_statistics (void *cls)
+{
+  struct GNUNET_OS_Process *proc = cls;
+  shutdown_process (proc);
+}
+
+/**
+ * @brief Task run at shutdown to kill the peerstore process
+ *
+ * @param cls Closure - Process of communicator
+ */
 static void
 shutdown_peerstore (void *cls)
 {
@@ -773,6 +790,11 @@ shutdown_peerstore (void *cls)
   shutdown_process (proc);
 }
 
+/**
+ * @brief Task run at shutdown to kill a communicator process
+ *
+ * @param cls Closure - Process of communicator
+ */
 static void
 shutdown_communicator (void *cls)
 {
@@ -852,6 +874,10 @@ shutdown_resolver (void *cls)
 }
 
 
+/**
+ * @brief Start Resolver
+ *
+ */
 static void
 resolver_start (struct
                 GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
@@ -881,6 +907,34 @@ resolver_start (struct
 
 }
 
+/**
+ * @brief Start Statistics
+ *
+ */
+static void
+statistics_start (
+  struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
+{
+  char *binary;
+
+  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-statistics");
+  tc_h->stat_proc = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR,
+                                             NULL,
+                                             NULL,
+                                             NULL,
+                                             binary,
+                                             "gnunet-service-statistics",
+                                             "-c",
+                                             tc_h->cfg_filename,
+                                             NULL);
+  if (NULL == tc_h->stat_proc)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start Statistics!");
+    return;
+  }
+  LOG (GNUNET_ERROR_TYPE_INFO, "started Statistics\n");
+  GNUNET_free (binary);
+}
 
 /**
  * @brief Start Peerstore
@@ -1009,6 +1063,8 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_start (
   resolver_start (tc_h);
   /* Start peerstore service */
   peerstore_start (tc_h);
+  /* Start statistic service */
+  statistics_start (tc_h);
   /* Schedule start communicator */
   communicator_start (tc_h,
                       binary_name);
@@ -1025,6 +1081,7 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop (
   shutdown_nat (tc_h->nat_proc);
   shutdown_resolver (tc_h->resolver_proc);
   shutdown_peerstore (tc_h->ps_proc);
+  shutdown_statistics (tc_h->stat_proc);
   GNUNET_CONFIGURATION_destroy (tc_h->cfg);
   GNUNET_free (tc_h);
 }
diff --git a/src/transport/transport-testing-communicator.h b/src/transport/transport-testing-communicator.h
index 693e61515..1875258b4 100644
--- a/src/transport/transport-testing-communicator.h
+++ b/src/transport/transport-testing-communicator.h
@@ -200,6 +200,11 @@ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
   struct GNUNET_OS_Process *resolver_proc;
 
   /**
+   * statistics service process
+   */
+  struct GNUNET_OS_Process *stat_proc;
+
+  /**
    * peerstore service process
    */
   struct GNUNET_OS_Process *ps_proc;
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index d2e4b4d1a..33fe26e34 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -138,7 +138,7 @@ libgnunetutil_la_LIBADD = \
 
 libgnunetutil_la_LDFLAGS = \
   $(GN_LIB_LDFLAGS) \
-  -version-info 13:2:1
+  -version-info 14:0:0
 
 if HAVE_TESTING
   GNUNET_ECC = gnunet-ecc
diff --git a/src/util/configuration.c b/src/util/configuration.c
index e5c01f81f..ecdcb3d53 100644
--- a/src/util/configuration.c
+++ b/src/util/configuration.c
@@ -93,7 +93,7 @@ struct GNUNET_CONFIGURATION_Handle
    * #GNUNET_NO if clean, #GNUNET_YES if dirty,
    * #GNUNET_SYSERR on error (i.e. last save failed)
    */
-  int dirty;
+  enum GNUNET_GenericReturnValue dirty;
 };
 
 
@@ -109,11 +109,6 @@ struct DiffHandle
 };
 
 
-/**
- * Create a GNUNET_CONFIGURATION_Handle.
- *
- * @return fresh configuration object
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_create ()
 {
@@ -199,11 +194,6 @@ GNUNET_CONFIGURATION_create ()
 }
 
 
-/**
- * Destroy configuration object.
- *
- * @param cfg configuration to destroy
- */
 void
 GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg)
 {
@@ -215,24 +205,13 @@ GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg)
 }
 
 
-/**
- * Parse a configuration file @a filename and run the function
- * @a cb with the resulting configuration object. Then free the
- * configuration object and return the status value from @a cb.
- *
- * @param filename configuration to parse, NULL for "default"
- * @param cb function to run
- * @param cb_cls closure for @a cb
- * @return #GNUNET_SYSERR if parsing the configuration failed,
- *   otherwise return value from @a cb.
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse_and_run (const char *filename,
                                     GNUNET_CONFIGURATION_Callback cb,
                                     void *cb_cls)
 {
   struct GNUNET_CONFIGURATION_Handle *cfg;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   cfg = GNUNET_CONFIGURATION_create ();
   if (GNUNET_OK != GNUNET_CONFIGURATION_load (cfg, filename))
@@ -247,18 +226,7 @@ GNUNET_CONFIGURATION_parse_and_run (const char *filename,
 }
 
 
-/**
- * De-serializes configuration
- *
- * @param cfg configuration to update
- * @param mem the memory block of serialized configuration
- * @param size the size of the memory block
- * @param basedir set to path from which we recursively load configuration
- *          from inlined configurations; NULL if not and raise warnings
- *          when we come across them
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
                                   const char *mem,
                                   size_t size,
@@ -273,7 +241,7 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
   size_t to_read;
   size_t i;
   int emptyline;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
   char *section;
   char *eq;
   char *tag;
@@ -411,15 +379,7 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Parse a configuration file, add all of the options in the
- * file to the configuration environment.
- *
- * @param cfg configuration to update
- * @param filename name of the configuration file
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename)
 {
@@ -429,7 +389,7 @@ GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
   char *mem;
   char *endsep;
   int dirty;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
   ssize_t sret;
 
   fn = GNUNET_STRINGS_filename_expand (filename);
@@ -476,28 +436,13 @@ GNUNET_CONFIGURATION_parse (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Test if there are configuration options that were
- * changed since the last save.
- *
- * @param cfg configuration to inspect
- * @return #GNUNET_NO if clean, #GNUNET_YES if dirty, #GNUNET_SYSERR on error (i.e. last save failed)
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_is_dirty (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   return cfg->dirty;
 }
 
 
-/**
- * Serializes the given configuration.
- *
- * @param cfg configuration to serialize
- * @param size will be set to the size of the serialized memory block
- * @return the memory block where the serialized configuration is
- *           present. This memory should be freed by the caller
- */
 char *
 GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                 size_t *size)
@@ -580,21 +525,13 @@ GNUNET_CONFIGURATION_serialize (const struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Write configuration file.
- *
- * @param cfg configuration to write
- * @param filename where to write the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
                             const char *filename)
 {
   char *fn;
   char *cfg_buf;
   size_t size;
-  ssize_t sret;
 
   fn = GNUNET_STRINGS_filename_expand (filename);
   if (fn == NULL)
@@ -604,15 +541,17 @@ GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
     GNUNET_free (fn);
     return GNUNET_SYSERR;
   }
-  cfg_buf = GNUNET_CONFIGURATION_serialize (cfg, &size);
-  sret = GNUNET_DISK_fn_write (fn,
-                               cfg_buf,
-                               size,
-                               GNUNET_DISK_PERM_USER_READ
-                               | GNUNET_DISK_PERM_USER_WRITE
-                               | GNUNET_DISK_PERM_GROUP_READ
-                               | GNUNET_DISK_PERM_GROUP_WRITE);
-  if ((sret < 0) || (size != (size_t) sret))
+  cfg_buf = GNUNET_CONFIGURATION_serialize (cfg,
+                                            &size);
+  (void) GNUNET_DISK_directory_remove (fn);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (fn,
+                            cfg_buf,
+                            size,
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE
+                            | GNUNET_DISK_PERM_GROUP_READ
+                            | GNUNET_DISK_PERM_GROUP_WRITE))
   {
     GNUNET_free (fn);
     GNUNET_free (cfg_buf);
@@ -629,36 +568,25 @@ GNUNET_CONFIGURATION_write (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Iterate over all options in the configuration.
- *
- * @param cfg configuration to inspect
- * @param iter function to call on each option
- * @param iter_cls closure for @a iter
- */
 void
 GNUNET_CONFIGURATION_iterate (const struct GNUNET_CONFIGURATION_Handle *cfg,
                               GNUNET_CONFIGURATION_Iterator iter,
                               void *iter_cls)
 {
-  struct ConfigSection *spos;
-  struct ConfigEntry *epos;
-
-  for (spos = cfg->sections; NULL != spos; spos = spos->next)
-    for (epos = spos->entries; NULL != epos; epos = epos->next)
+  for (struct ConfigSection *spos = cfg->sections;
+       NULL != spos;
+       spos = spos->next)
+    for (struct ConfigEntry *epos = spos->entries;
+         NULL != epos;
+         epos = epos->next)
       if (NULL != epos->val)
-        iter (iter_cls, spos->name, epos->key, epos->val);
+        iter (iter_cls,
+              spos->name,
+              epos->key,
+              epos->val);
 }
 
 
-/**
- * Iterate over values of a section in the configuration.
- *
- * @param cfg configuration to inspect
- * @param section the section
- * @param iter function to call on each option
- * @param iter_cls closure for @a iter
- */
 void
 GNUNET_CONFIGURATION_iterate_section_values (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -680,13 +608,6 @@ GNUNET_CONFIGURATION_iterate_section_values (
 }
 
 
-/**
- * Iterate over all sections in the configuration.
- *
- * @param cfg configuration to inspect
- * @param iter function to call on each section
- * @param iter_cls closure for @a iter
- */
 void
 GNUNET_CONFIGURATION_iterate_sections (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -706,12 +627,6 @@ GNUNET_CONFIGURATION_iterate_sections (
 }
 
 
-/**
- * Remove the given section and all options in it.
- *
- * @param cfg configuration to inspect
- * @param section name of the section to remove
- */
 void
 GNUNET_CONFIGURATION_remove_section (struct GNUNET_CONFIGURATION_Handle *cfg,
                                      const char *section)
@@ -769,12 +684,6 @@ copy_entry (void *cls,
 }
 
 
-/**
- * Duplicate an existing configuration object.
- *
- * @param cfg configuration to duplicate
- * @return duplicate configuration
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_dup (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
@@ -858,13 +767,6 @@ compare_entries (void *cls,
 }
 
 
-/**
- * Compute configuration with only entries that have been changed
- *
- * @param cfg_default original configuration
- * @param cfg_new new configuration
- * @return configuration with only the differences, never NULL
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_get_diff (
   const struct GNUNET_CONFIGURATION_Handle *cfg_default,
@@ -879,15 +781,7 @@ GNUNET_CONFIGURATION_get_diff (
 }
 
 
-/**
- * Write only configuration entries that have been changed to configuration file
- *
- * @param cfg_default default configuration
- * @param cfg_new new configuration
- * @param filename where to write the configuration diff between default and new
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_write_diffs (
   const struct GNUNET_CONFIGURATION_Handle *cfg_default,
   const struct GNUNET_CONFIGURATION_Handle *cfg_new,
@@ -903,14 +797,6 @@ GNUNET_CONFIGURATION_write_diffs (
 }
 
 
-/**
- * Set a configuration value that should be a string.
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param value value to set
- */
 void
 GNUNET_CONFIGURATION_set_value_string (struct GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -953,14 +839,6 @@ GNUNET_CONFIGURATION_set_value_string (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Set a configuration value that should be a number.
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param number value to set
- */
 void
 GNUNET_CONFIGURATION_set_value_number (struct GNUNET_CONFIGURATION_Handle *cfg,
                                        const char *section,
@@ -974,16 +852,7 @@ GNUNET_CONFIGURATION_set_value_number (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Get a configuration value that should be a number.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param number where to store the numeric value of the option
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_number (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1003,16 +872,7 @@ GNUNET_CONFIGURATION_get_value_number (
 }
 
 
-/**
- * Get a configuration value that should be a floating point number.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param number where to store the floating value of the option
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_float (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1032,16 +892,7 @@ GNUNET_CONFIGURATION_get_value_float (
 }
 
 
-/**
- * Get a configuration value that should be a relative time.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param time set to the time value stored in the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_time (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1065,16 +916,7 @@ GNUNET_CONFIGURATION_get_value_time (
 }
 
 
-/**
- * Get a configuration value that should be a size in bytes.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param size set to the size in bytes as stored in the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_size (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1101,7 +943,7 @@ GNUNET_CONFIGURATION_get_value_size (
  *        value, or NULL if option is not specified
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_string (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1120,19 +962,7 @@ GNUNET_CONFIGURATION_get_value_string (
 }
 
 
-/**
- * Get a configuration value that should be in a set of
- * predefined strings
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param choices NULL-terminated list of legal values
- * @param value will be set to an entry in the legal list,
- *        or NULL if option is not specified and no default given
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_choice (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1163,19 +993,7 @@ GNUNET_CONFIGURATION_get_value_choice (
 }
 
 
-/**
- * Get crockford32-encoded fixed-size binary data from a configuration.
- *
- * @param cfg configuration to access
- * @param section section to access
- * @param option option to access
- * @param buf where to store the decoded binary result
- * @param buf_size exact number of bytes to store in @a buf
- * @return #GNUNET_OK on success
- *         #GNUNET_NO is the value does not exist
- *         #GNUNET_SYSERR on decoding error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                const char *section,
                                const char *option,
@@ -1207,15 +1025,7 @@ GNUNET_CONFIGURATION_get_data (const struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Test if we have a value for a particular option
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @return #GNUNET_YES if so, #GNUNET_NO if not.
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_have_value (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                  const char *section,
                                  const char *option)
@@ -1390,22 +1200,6 @@ expand_dollar (const struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Expand an expression of the form "$FOO/BAR" to "DIRECTORY/BAR"
- * where either in the "PATHS" section or the environment "FOO" is
- * set to "DIRECTORY".  We also support default expansion,
- * i.e. ${VARIABLE:-default} will expand to $VARIABLE if VARIABLE is
- * set in PATHS or the environment, and otherwise to "default".  Note
- * that "default" itself can also be a $-expression, thus
- * "${VAR1:-{$VAR2}}" will expand to VAR1 and if that is not defined
- * to VAR2.
- *
- * @param cfg configuration to use for path expansion
- * @param orig string to $-expand (will be freed!).  Note that multiple
- *          $-expressions can be present in this string.  They will all be
- *          $-expanded.
- * @return $-expanded string
- */
 char *
 GNUNET_CONFIGURATION_expand_dollar (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -1431,17 +1225,7 @@ GNUNET_CONFIGURATION_expand_dollar (
 }
 
 
-/**
- * Get a configuration value that should be a string.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param value will be set to a freshly allocated configuration
- *        value, or NULL if option is not specified
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_filename (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1466,16 +1250,7 @@ GNUNET_CONFIGURATION_get_value_filename (
 }
 
 
-/**
- * Get a configuration value that should be in a set of
- * "YES" or "NO".
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @return #GNUNET_YES, #GNUNET_NO or #GNUNET_SYSERR
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_get_value_yesno (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1495,16 +1270,6 @@ GNUNET_CONFIGURATION_get_value_yesno (
 }
 
 
-/**
- * Iterate over the set of filenames stored in a configuration value.
- *
- * @param cfg configuration to inspect
- * @param section section of interest
- * @param option option of interest
- * @param cb function to call on each filename
- * @param cb_cls closure for @a cb
- * @return number of filenames iterated over, -1 on error
- */
 int
 GNUNET_CONFIGURATION_iterate_value_filenames (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
@@ -1618,7 +1383,7 @@ escape_name (const char *value)
  * @param fn filename we are currently looking at
  * @return #GNUNET_OK if the names do not match, #GNUNET_SYSERR if they do
  */
-static int
+static enum GNUNET_GenericReturnValue
 test_match (void *cls, const char *fn)
 {
   const char *of = cls;
@@ -1627,19 +1392,7 @@ test_match (void *cls, const char *fn)
 }
 
 
-/**
- * Append a filename to a configuration value that
- * represents a list of filenames
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param value filename to append
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if the filename already in the list
- *         #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_append_value_filename (
   struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1674,19 +1427,7 @@ GNUNET_CONFIGURATION_append_value_filename (
 }
 
 
-/**
- * Remove a filename from a configuration value that
- * represents a list of filenames
- *
- * @param cfg configuration to update
- * @param section section of interest
- * @param option option of interest
- * @param value filename to remove
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if the filename is not in the list,
- *         #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_remove_value_filename (
   struct GNUNET_CONFIGURATION_Handle *cfg,
   const char *section,
@@ -1771,12 +1512,11 @@ GNUNET_CONFIGURATION_remove_value_filename (
  * @param filename file to parse
  * @return #GNUNET_OK on success
  */
-static int
+static enum GNUNET_GenericReturnValue
 parse_configuration_file (void *cls, const char *filename)
 {
   struct GNUNET_CONFIGURATION_Handle *cfg = cls;
   char *ext;
-  int ret;
 
   /* Examine file extension */
   ext = strrchr (filename, '.');
@@ -1786,20 +1526,11 @@ parse_configuration_file (void *cls, const char *filename)
     return GNUNET_OK;
   }
 
-  ret = GNUNET_CONFIGURATION_parse (cfg, filename);
-  return ret;
+  return GNUNET_CONFIGURATION_parse (cfg, filename);
 }
 
 
-/**
- * Load default configuration.  This function will parse the
- * defaults from the given defaults_d directory.
- *
- * @param cfg configuration to update
- * @param defaults_d directory with the defaults
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CONFIGURATION_load_from (struct GNUNET_CONFIGURATION_Handle *cfg,
                                 const char *defaults_d)
 {
@@ -1810,43 +1541,31 @@ GNUNET_CONFIGURATION_load_from (struct GNUNET_CONFIGURATION_Handle *cfg,
 }
 
 
-/**
- * Return GNUnet's default configuration.  A new configuration is allocated
- * each time and it's up to the caller to destroy it when done.  This function
- * returns GNUnet's configuration even when #GNUNET_OS_init has been called
- * with a value different from #GNUNET_OS_project_data_default.
- *
- * @return a freshly allocated configuration
- */
 struct GNUNET_CONFIGURATION_Handle *
 GNUNET_CONFIGURATION_default (void)
 {
   const struct GNUNET_OS_ProjectData *pd = GNUNET_OS_project_data_get ();
   const struct GNUNET_OS_ProjectData *dpd = GNUNET_OS_project_data_default ();
-
-  GNUNET_OS_init (dpd);
-
-  struct GNUNET_CONFIGURATION_Handle *cfg = GNUNET_CONFIGURATION_create ();
   const char *xdg = getenv ("XDG_CONFIG_HOME");
   char *cfgname = NULL;
+  struct GNUNET_CONFIGURATION_Handle *cfg;
 
+  GNUNET_OS_init (dpd);
+  cfg = GNUNET_CONFIGURATION_create ();
   if (NULL != xdg)
     GNUNET_asprintf (&cfgname, "%s/%s", xdg, pd->config_file);
   else
     cfgname = GNUNET_strdup (pd->user_config_file);
-
-  if (GNUNET_OK != GNUNET_CONFIGURATION_load (cfg, cfgname))
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_load (cfg, cfgname))
   {
     GNUNET_OS_init (pd);
     GNUNET_CONFIGURATION_destroy (cfg);
     GNUNET_free (cfgname);
     return NULL;
   }
-
   GNUNET_free (cfgname);
-
   GNUNET_OS_init (pd);
-
   return cfg;
 }
 
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 019dbe94e..bc58142c2 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -166,12 +166,6 @@ decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 }
 
 
-/**
- * Extract the public key for the given private key.
- *
- * @param priv the private key
- * @param pub where to write the public key
- */
 void
 GNUNET_CRYPTO_ecdsa_key_get_public (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
@@ -183,12 +177,6 @@ GNUNET_CRYPTO_ecdsa_key_get_public (
 }
 
 
-/**
- * Extract the public key for the given private key.
- *
- * @param priv the private key
- * @param pub where to write the public key
- */
 void
 GNUNET_CRYPTO_eddsa_key_get_public (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
@@ -205,12 +193,6 @@ GNUNET_CRYPTO_eddsa_key_get_public (
 }
 
 
-/**
- * Extract the public key for the given private key.
- *
- * @param priv the private key
- * @param pub where to write the public key
- */
 void
 GNUNET_CRYPTO_ecdhe_key_get_public (
   const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
@@ -222,12 +204,6 @@ GNUNET_CRYPTO_ecdhe_key_get_public (
 }
 
 
-/**
- * Convert a public key to a string.
- *
- * @param pub key to convert
- * @return string representing @a pub
- */
 char *
 GNUNET_CRYPTO_ecdsa_public_key_to_string (
   const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
@@ -255,12 +231,6 @@ GNUNET_CRYPTO_ecdsa_public_key_to_string (
 }
 
 
-/**
- * Convert a public key to a string.
- *
- * @param pub key to convert
- * @return string representing @a pub
- */
 char *
 GNUNET_CRYPTO_eddsa_public_key_to_string (
   const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
@@ -288,12 +258,6 @@ GNUNET_CRYPTO_eddsa_public_key_to_string (
 }
 
 
-/**
- * Convert a private key to a string.
- *
- * @param priv key to convert
- * @return string representing @a pub
- */
 char *
 GNUNET_CRYPTO_eddsa_private_key_to_string (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
@@ -321,12 +285,6 @@ GNUNET_CRYPTO_eddsa_private_key_to_string (
 }
 
 
-/**
- * Convert a private key to a string.
- *
- * @param priv key to convert
- * @return string representing @a priv
- */
 char *
 GNUNET_CRYPTO_ecdsa_private_key_to_string (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
@@ -354,15 +312,7 @@ GNUNET_CRYPTO_ecdsa_private_key_to_string (
 }
 
 
-/**
- * Convert a string representing a public key to a public key.
- *
- * @param enc encoded public key
- * @param enclen number of bytes in @a enc (without 0-terminator)
- * @param pub where to store the public key
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -387,15 +337,7 @@ GNUNET_CRYPTO_ecdsa_public_key_from_string (
 }
 
 
-/**
- * Convert a string representing a public key to a public key.
- *
- * @param enc encoded public key
- * @param enclen number of bytes in @a enc (without 0-terminator)
- * @param pub where to store the public key
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_public_key_from_string (
   const char *enc,
   size_t enclen,
@@ -420,15 +362,7 @@ GNUNET_CRYPTO_eddsa_public_key_from_string (
 }
 
 
-/**
- * Convert a string representing a private key to a private key.
- *
- * @param enc encoded public key
- * @param enclen number of bytes in @a enc (without 0-terminator)
- * @param priv where to store the private key
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_private_key_from_string (
   const char *enc,
   size_t enclen,
@@ -460,12 +394,6 @@ GNUNET_CRYPTO_eddsa_private_key_from_string (
 }
 
 
-/**
- * @ingroup crypto
- * Clear memory that was used to store a private key.
- *
- * @param pk location of the key
- */
 void
 GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 {
@@ -473,12 +401,6 @@ GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 }
 
 
-/**
- * @ingroup crypto
- * Clear memory that was used to store a private key.
- *
- * @param pk location of the key
- */
 void
 GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 {
@@ -486,12 +408,6 @@ GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 }
 
 
-/**
- * @ingroup crypto
- * Clear memory that was used to store a private key.
- *
- * @param pk location of the key
- */
 void
 GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
@@ -499,11 +415,6 @@ GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 }
 
 
-/**
- * Create a new private key.
- *
- * @param[out] pk fresh private key
- */
 void
 GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 {
@@ -515,11 +426,6 @@ GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 }
 
 
-/**
- * Create a new private key.
- *
- * @param[out] pk private key to initialize
- */
 void
 GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 {
@@ -535,11 +441,6 @@ GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 }
 
 
-/**
- * Create a new private key.
- *
- * @param[out] pk set to fresh private key
- */
 void
 GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
@@ -560,11 +461,6 @@ GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 }
 
 
-/**
- * Get the shared private key we use for anonymous users.
- *
- * @return "anonymous" private key
- */
 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
 GNUNET_CRYPTO_ecdsa_key_get_anonymous ()
 {
@@ -629,19 +525,7 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
 }
 
 
-/**
- * Sign a given block.  The @a purpose data is the
- * beginning of the data of which the signature is to be
- * created. The `size` field in @a purpose must correctly
- * indicate the number of bytes of the data structure, including
- * its header.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -691,19 +575,7 @@ GNUNET_CRYPTO_ecdsa_sign_ (
 }
 
 
-/**
- * Sign a given block. The @a purpose data is the
- * beginning of the data of which the signature is to be
- * created. The `size` field in @a purpose must correctly
- * indicate the number of bytes of the data structure, including
- * its header.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_sign_ (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
@@ -727,21 +599,7 @@ GNUNET_CRYPTO_eddsa_sign_ (
 }
 
 
-/**
- * Verify signature.   The @a validate data is the
- * beginning of the data of which the signature is to be
- * verified. The `size` field in @a validate must correctly
- * indicate the number of bytes of the data structure, including
- * its header.  If @a purpose does not match the purpose given
- * in @a validate (the latter
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
@@ -800,22 +658,7 @@ GNUNET_CRYPTO_ecdsa_verify_ (
 }
 
 
-/**
- * Verify signature. The @a validate data is the
- * beginning of the data of which the signature is to be
- * verified. The `size` field in @a validate must correctly
- * indicate the number of bytes of the data structure, including
- * its header.  If @a purpose does not match the purpose given
- * in @a validate (the latter must be in big endian), signature
- * verification fails.
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
@@ -838,15 +681,7 @@ GNUNET_CRYPTO_eddsa_verify_ (
 }
 
 
-/**
- * Derive key material from a public and a private ECDHE key.
- *
- * @param priv private key to use for the ECDH (x)
- * @param pub public key to use for the ECDH (yG)
- * @param key_material where to write the key material (xyG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                         const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                         struct GNUNET_HashCode *key_material)
@@ -895,18 +730,6 @@ derive_h (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
 }
 
 
-/**
- * Derive a private key from a given private key and a label.
- * Essentially calculates a private key 'd = H(l,P) * x mod n'
- * where n is the size of the ECC group and P is the public
- * key associated with the private key 'd'.
- *
- * @param priv original private key
- * @param label label to use for key deriviation
- * @param context additional context to use for HKDF of 'h';
- *        typically the name of the subsystem/application
- * @return derived private key
- */
 struct GNUNET_CRYPTO_EcdsaPrivateKey *
 GNUNET_CRYPTO_ecdsa_private_key_derive (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
@@ -949,16 +772,6 @@ GNUNET_CRYPTO_ecdsa_private_key_derive (
 }
 
 
-/**
- * Derive a public key from a given public key and a label.
- * Essentially calculates a public key 'V = H(l,P) * P'.
- *
- * @param pub original public key
- * @param label label to use for key derivation
- * @param context additional context to use for HKDF of 'h';
- *        typically the name of the subsystem/application
- * @param result where to write the derived public key
- */
 void
 GNUNET_CRYPTO_ecdsa_public_key_derive (
   const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
@@ -1010,17 +823,7 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a ECDH public key and a private EdDSA key.
- * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
- *
- * @param priv private key from EdDSA to use for the ECDH (x)
- * @param pub public key to use for the ECDH (yG)
- * @param key_material where to write the key material H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material)
@@ -1042,17 +845,7 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a ECDH public key and a private ECDSA key.
- * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
- *
- * @param priv private key from ECDSA to use for the ECDH (x)
- * @param pub public key to use for the ECDH (yG)
- * @param key_material where to write the key material H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material)
@@ -1070,17 +863,7 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a EdDSA public key and a private ECDH key.
- * Dual to #GNUNET_CRRYPTO_eddsa_ecdh.
- *
- * @param priv private key to use for the ECDH (y)
- * @param pub public key from EdDSA to use for the ECDH (X=h(x)G)
- * @param key_material where to write the key material H(yX)=H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material)
@@ -1097,17 +880,7 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
 }
 
 
-/**
- * @ingroup crypto
- * Derive key material from a ECDSA public key and a private ECDH key.
- * Dual to #GNUNET_CRYPTO_ecdsa_ecdh.
- *
- * @param priv private key to use for the ECDH (y)
- * @param pub public key from ECDSA to use for the ECDH (X=h(x)G)
- * @param key_material where to write the key material H(yX)=H(h(x)yG)
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material)
diff --git a/src/util/crypto_ecc_setup.c b/src/util/crypto_ecc_setup.c
index 6c71030b2..f7cd8c6d9 100644
--- a/src/util/crypto_ecc_setup.c
+++ b/src/util/crypto_ecc_setup.c
@@ -61,7 +61,7 @@
  * @param buf_size number of bytes in @a buf
  * @return #GNUNET_OK on success
  */
-static int
+static enum GNUNET_GenericReturnValue
 read_from_file (const char *filename,
                 void *buf,
                 size_t buf_size)
@@ -123,104 +123,6 @@ read_from_file (const char *filename,
 
 
 /**
- * Write contents of @a buf atomically to @a filename.
- * Fail if @a filename already exists or if not exactly
- * @a buf with @a buf_size bytes could be written to
- * @a filename.
- *
- * @param filename where to write
- * @param buf buffer to write
- * @param buf_size number of bytes in @a buf to write
- * @return #GNUNET_OK on success,
- *         #GNUNET_NO if a file existed under @a filename
- *         #GNUNET_SYSERR on failure
- */
-static int
-atomic_write_to_file (const char *filename,
-                      const void *buf,
-                      size_t buf_size)
-{
-  char *tmpl;
-  int fd;
-
-  if (GNUNET_OK !=
-      GNUNET_DISK_directory_create_for_file (filename))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "mkstemp",
-                              filename);
-    return GNUNET_SYSERR;
-  }
-  {
-    char *dname;
-
-    dname = GNUNET_strdup (filename);
-    GNUNET_asprintf (&tmpl,
-                     "%s/XXXXXX",
-                     dirname (dname));
-    GNUNET_free (dname);
-  }
-  fd = mkstemp (tmpl);
-  if (-1 == fd)
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "mkstemp",
-                              tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_SYSERR;
-  }
-  if (0 != fchmod (fd,
-                   S_IRUSR))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "chmod",
-                              tmpl);
-    GNUNET_assert (0 == close (fd));
-    if (0 != unlink (tmpl))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                                "unlink",
-                                tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_SYSERR;
-  }
-  if (buf_size !=
-      write (fd,
-             buf,
-             buf_size))
-  {
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
-                              "write",
-                              tmpl);
-    GNUNET_assert (0 == close (fd));
-    if (0 != unlink (tmpl))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                                "unlink",
-                                tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_SYSERR;
-  }
-  GNUNET_assert (0 == close (fd));
-
-  if (0 != link (tmpl,
-                 filename))
-  {
-    if (0 != unlink (tmpl))
-      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                                "unlink",
-                                tmpl);
-    GNUNET_free (tmpl);
-    return GNUNET_NO;
-  }
-  if (0 != unlink (tmpl))
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
-                              "unlink",
-                              tmpl);
-  GNUNET_free (tmpl);
-  return GNUNET_OK;
-}
-
-
-/**
  * @ingroup crypto
  * @brief Create a new private key by reading it from a file.
  *
@@ -235,12 +137,12 @@ atomic_write_to_file (const char *filename,
  * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
  *         we found an existing file, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
                                    int do_create,
                                    struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 {
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   if (GNUNET_OK ==
       read_from_file (filename,
@@ -251,9 +153,10 @@ GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
     return (do_create) ? GNUNET_NO : GNUNET_OK;
   }
   GNUNET_CRYPTO_eddsa_key_create (pkey);
-  ret = atomic_write_to_file (filename,
+  ret = GNUNET_DISK_fn_write (filename,
                               pkey,
-                              sizeof (*pkey));
+                              sizeof (*pkey),
+                              GNUNET_DISK_PERM_USER_READ);
   if ( (GNUNET_OK == ret) ||
        (GNUNET_SYSERR == ret) )
     return ret;
@@ -286,7 +189,7 @@ GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
  * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
  *         we found an existing file, #GNUNET_SYSERR on failure
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
                                    int do_create,
                                    struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
@@ -301,9 +204,10 @@ GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
   }
   GNUNET_CRYPTO_ecdsa_key_create (pkey);
   if (GNUNET_OK ==
-      atomic_write_to_file (filename,
+      GNUNET_DISK_fn_write (filename,
                             pkey,
-                            sizeof (*pkey)))
+                            sizeof (*pkey),
+                            GNUNET_DISK_PERM_USER_READ))
     return GNUNET_OK;
   /* maybe another process succeeded in the meantime, try reading one more time */
   if (GNUNET_OK ==
@@ -357,7 +261,7 @@ GNUNET_CRYPTO_eddsa_key_create_from_configuration (
  * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
  *         could not be retrieved
  */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
                                  struct GNUNET_PeerIdentity *dst)
 {
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index fec4d13db..63232cab6 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -139,12 +139,6 @@ key_from_sexp (gcry_mpi_t *array,
 }
 
 
-/**
- * Create a new private key. Caller must free return value.
- *
- * @param len length of the key in bits (i.e. 2048)
- * @return fresh private key
- */
 struct GNUNET_CRYPTO_RsaPrivateKey *
 GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 {
@@ -174,11 +168,6 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 }
 
 
-/**
- * Free memory occupied by the private key.
- *
- * @param key pointer to the memory to free
- */
 void
 GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 {
@@ -187,14 +176,6 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 }
 
 
-/**
- * Encode the private key in a format suitable for
- * storing it into a file.
- *
- * @param key the private key
- * @param[out] buffer set to a buffer with the encoded key
- * @return size of memory allocated in @a buffer
- */
 size_t
 GNUNET_CRYPTO_rsa_private_key_encode (const struct
                                       GNUNET_CRYPTO_RsaPrivateKey *key,
@@ -218,14 +199,6 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct
 }
 
 
-/**
- * Decode the private key from the data-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the private key data is stored
- * @param buf_size the size of the data in @a buf
- * @return NULL on error
- */
 struct GNUNET_CRYPTO_RsaPrivateKey *
 GNUNET_CRYPTO_rsa_private_key_decode (const void *buf,
                                       size_t buf_size)
@@ -255,12 +228,6 @@ GNUNET_CRYPTO_rsa_private_key_decode (const void *buf,
 }
 
 
-/**
- * Extract the public key of the given private key.
- *
- * @param priv the private key
- * @return NULL on error, otherwise the public key
- */
 struct GNUNET_CRYPTO_RsaPublicKey *
 GNUNET_CRYPTO_rsa_private_key_get_public (
   const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
@@ -296,11 +263,6 @@ GNUNET_CRYPTO_rsa_private_key_get_public (
 }
 
 
-/**
- * Free memory occupied by the public key.
- *
- * @param key pointer to the memory to free
- */
 void
 GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 {
@@ -334,14 +296,6 @@ struct GNUNET_CRYPTO_RsaPublicKeyHeaderP
 GNUNET_NETWORK_STRUCT_END
 
 
-/**
- * Encode the public key in a format suitable for
- * storing it into a file.
- *
- * @param key the private key
- * @param[out] buffer set to a buffer with the encoded key
- * @return size of memory allocated in @a buffer
- */
 size_t
 GNUNET_CRYPTO_rsa_public_key_encode (
   const struct GNUNET_CRYPTO_RsaPublicKey *key,
@@ -409,12 +363,6 @@ GNUNET_CRYPTO_rsa_public_key_encode (
 }
 
 
-/**
- * Compute hash over the public key.
- *
- * @param key public key to hash
- * @param hc where to store the hash code
- */
 void
 GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
                                    struct GNUNET_HashCode *hc)
@@ -431,14 +379,6 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
 }
 
 
-/**
- * Decode the public key from the data-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the public key data is stored
- * @param len the length of the data in @a buf
- * @return NULL on error
- */
 struct GNUNET_CRYPTO_RsaPublicKey *
 GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
                                      size_t len)
@@ -612,13 +552,6 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
  */
 
 
-/**
- * Compare the values of two signatures.
- *
- * @param s1 one signature
- * @param s2 the other signature
- * @return 0 if the two are equal
- */
 int
 GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1,
                                  const struct GNUNET_CRYPTO_RsaSignature *s2)
@@ -645,13 +578,6 @@ GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1,
 }
 
 
-/**
- * Compare the values of two public keys.
- *
- * @param p1 one public key
- * @param p2 the other public key
- * @return 0 if the two are equal
- */
 int
 GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1,
                                   const struct GNUNET_CRYPTO_RsaPublicKey *p2)
@@ -678,13 +604,6 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1,
 }
 
 
-/**
- * Compare the values of two private keys.
- *
- * @param p1 one private key
- * @param p2 the other private key
- * @return 0 if the two are equal
- */
 int
 GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1,
                                    const struct GNUNET_CRYPTO_RsaPrivateKey *p2)
@@ -711,12 +630,6 @@ GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1,
 }
 
 
-/**
- * Obtain the length of the RSA key in bits.
- *
- * @param key the public key to introspect
- * @return length of the key in bits
- */
 unsigned int
 GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 {
@@ -827,17 +740,7 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
 }
 
 
-/**
- * Blinds the given message with the given blinding key
- *
- * @param hash hash of the message to sign
- * @param bkey the blinding key
- * @param pkey the public key of the signer
- * @param[out] buf set to a buffer with the blinded message to be signed
- * @param[out] buf_size number of bytes stored in @a buf
- * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
                          const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
                          struct GNUNET_CRYPTO_RsaPublicKey *pkey,
@@ -863,7 +766,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
     GNUNET_break (0);
     *buf = NULL;
     *buf_size = 0;
-    return 0;
+    return GNUNET_NO;
   }
 
   data = rsa_full_domain_hash (pkey, hash);
@@ -993,14 +896,6 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 }
 
 
-/**
- * Sign a blinded value, which must be a full domain hash of a message.
- *
- * @param key private key to use for the signing
- * @param msg the message to sign
- * @param msg_len number of bytes in @a msg to sign
- * @return NULL on error, signature on success
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
                                 const void *msg,
@@ -1025,13 +920,6 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 }
 
 
-/**
- * Create and sign a full domain hash of a message.
- *
- * @param key private key to use for the signing
- * @param hash the hash of the message to sign
- * @return NULL on error, including a malicious RSA key, signature on success
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
                             const struct GNUNET_HashCode *hash)
@@ -1052,11 +940,6 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 }
 
 
-/**
- * Free memory occupied by signature.
- *
- * @param sig memory to free
- */
 void
 GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 {
@@ -1065,13 +948,6 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 }
 
 
-/**
- * Encode the given signature in a format suitable for storing it into a file.
- *
- * @param sig the signature
- * @param[out] buffer set to a buffer with the encoded key
- * @return size of memory allocated in @a buffer
- */
 size_t
 GNUNET_CRYPTO_rsa_signature_encode (
   const struct GNUNET_CRYPTO_RsaSignature *sig,
@@ -1112,14 +988,6 @@ GNUNET_CRYPTO_rsa_signature_encode (
 }
 
 
-/**
- * Decode the signature from the data-format back to the "normal", internal
- * format.
- *
- * @param buf the buffer where the public key data is stored
- * @param buf_size the size of the data in @a buf
- * @return NULL on error
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
                                     size_t buf_size)
@@ -1156,12 +1024,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
 }
 
 
-/**
- * Duplicate the given public key
- *
- * @param key the public key to duplicate
- * @return the duplicate key; NULL upon error
- */
 struct GNUNET_CRYPTO_RsaPublicKey *
 GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 {
@@ -1181,16 +1043,6 @@ GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 }
 
 
-/**
- * Unblind a blind-signed signature.  The signature should have been generated
- * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
- * #GNUNET_CRYPTO_rsa_blind().
- *
- * @param sig the signature made on the blinded signature purpose
- * @param bks the blinding key secret used to blind the signature purpose
- * @param pkey the public key of the signer
- * @return unblinded signature on success, NULL if RSA key is bad or malicious.
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
                            const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
@@ -1272,16 +1124,7 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
 }
 
 
-/**
- * Verify whether the given hash corresponds to the given signature and
- * the signature is valid with respect to the given public key.
- *
- * @param hash hash of the message to verify to match the @a sig
- * @param sig signature that is being validated
- * @param pkey public key of the signer
- * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
                           const struct GNUNET_CRYPTO_RsaSignature *sig,
                           const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
@@ -1319,23 +1162,17 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
          __FILE__,
          __LINE__,
          gcry_strerror (rc));
-    return GNUNET_SYSERR;
     BENCHMARK_END (rsa_verify);
+    return GNUNET_SYSERR;
   }
   BENCHMARK_END (rsa_verify);
   return GNUNET_OK;
 }
 
 
-/**
- * Duplicate the given private key
- *
- * @param key the private key to duplicate
- * @return the duplicate key; NULL upon error
- */
 struct GNUNET_CRYPTO_RsaPrivateKey *
-GNUNET_CRYPTO_rsa_private_key_dup (const struct
-                                   GNUNET_CRYPTO_RsaPrivateKey *key)
+GNUNET_CRYPTO_rsa_private_key_dup (
+  const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 {
   struct GNUNET_CRYPTO_RsaPrivateKey *dup;
   gcry_sexp_t dup_sexp;
@@ -1353,12 +1190,6 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct
 }
 
 
-/**
- * Duplicate the given private key
- *
- * @param key the private key to duplicate
- * @return the duplicate key; NULL upon error
- */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 {
diff --git a/src/util/disk.c b/src/util/disk.c
index c95e9753c..3bafe311d 100644
--- a/src/util/disk.c
+++ b/src/util/disk.c
@@ -92,7 +92,7 @@ struct GetFileSizeData
   int include_sym_links;
 
   /**
-   * GNUNET_YES if mode is file-only (return total == -1 for directories).
+   * #GNUNET_YES if mode is file-only (return total == -1 for directories).
    */
   int single_file_mode;
 };
@@ -142,8 +142,8 @@ translate_unix_perms (enum GNUNET_DISK_AccessPermissions perm)
  * @param fn current filename we are looking at
  * @return #GNUNET_SYSERR on serious errors, otherwise #GNUNET_OK
  */
-static int
-getSizeRec (void *cls, const char *fn)
+static enum GNUNET_GenericReturnValue
+get_size_rec (void *cls, const char *fn)
 {
   struct GetFileSizeData *gfsd = cls;
 
@@ -175,35 +175,23 @@ getSizeRec (void *cls, const char *fn)
   if ((S_ISDIR (buf.st_mode)) && (0 == access (fn, X_OK)) &&
       ((! S_ISLNK (buf.st_mode)) || (gfsd->include_sym_links == GNUNET_YES)))
   {
-    if (GNUNET_SYSERR == GNUNET_DISK_directory_scan (fn, &getSizeRec, gfsd))
+    if (GNUNET_SYSERR == GNUNET_DISK_directory_scan (fn, &get_size_rec, gfsd))
       return GNUNET_SYSERR;
   }
   return GNUNET_OK;
 }
 
 
-/**
- * Checks whether a handle is invalid
- *
- * @param h handle to check
- * @return #GNUNET_YES if invalid, #GNUNET_NO if valid
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_handle_invalid (const struct GNUNET_DISK_FileHandle *h)
 {
   return ((! h) || (h->fd == -1)) ? GNUNET_YES : GNUNET_NO;
 }
 
 
-/**
- * Get the size of an open file.
- *
- * @param fh open file handle
- * @param size where to write size of the file
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh, off_t *size)
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh,
+                              off_t *size)
 {
   struct stat sbuf;
 
@@ -214,80 +202,42 @@ GNUNET_DISK_file_handle_size (struct GNUNET_DISK_FileHandle *fh, off_t *size)
 }
 
 
-/**
- * Move the read/write pointer in a file
- *
- * @param h handle of an open file
- * @param offset position to move to
- * @param whence specification to which position the offset parameter relates to
- * @return the new position on success, #GNUNET_SYSERR otherwise
- */
 off_t
 GNUNET_DISK_file_seek (const struct GNUNET_DISK_FileHandle *h,
                        off_t offset,
                        enum GNUNET_DISK_Seek whence)
 {
+  static int t[] = { SEEK_SET, SEEK_CUR, SEEK_END };
+
   if (h == NULL)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
-  static int t[] = { SEEK_SET, SEEK_CUR, SEEK_END };
-
   return lseek (h->fd, offset, t[whence]);
 }
 
 
-/**
- * Get the size of the file (or directory) of the given file (in
- * bytes).
- *
- * @param filename name of the file or directory
- * @param size set to the size of the file (or,
- *             in the case of directories, the sum
- *             of all sizes of files in the directory)
- * @param include_symbolic_links should symbolic links be
- *        included?
- * @param single_file_mode #GNUNET_YES to only get size of one file
- *        and return #GNUNET_SYSERR for directories.
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_size (const char *filename,
                        uint64_t *size,
                        int include_symbolic_links,
                        int single_file_mode)
 {
   struct GetFileSizeData gfsd;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   GNUNET_assert (size != NULL);
   gfsd.total = 0;
   gfsd.include_sym_links = include_symbolic_links;
   gfsd.single_file_mode = single_file_mode;
-  ret = getSizeRec (&gfsd, filename);
+  ret = get_size_rec (&gfsd, filename);
   *size = gfsd.total;
   return ret;
 }
 
 
-/**
- * Obtain some unique identifiers for the given file
- * that can be used to identify it in the local system.
- * This function is used between GNUnet processes to
- * quickly check if two files with the same absolute path
- * are actually identical.  The two processes represent
- * the same peer but may communicate over the network
- * (and the file may be on an NFS volume).  This function
- * may not be supported on all operating systems.
- *
- * @param filename name of the file
- * @param dev set to the device ID
- * @param ino set to the inode ID
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_get_identifiers (const char *filename,
                                   uint64_t *dev,
                                   uint64_t *ino)
@@ -367,14 +317,6 @@ mktemp_name (const char *t)
 }
 
 
-/**
- * Update POSIX permissions mask of a file on disk.  If both argumets
- * are #GNUNET_NO, the file is made world-read-write-executable (777).
- *
- * @param fn name of the file to update
- * @param require_uid_match #GNUNET_YES means 700
- * @param require_gid_match #GNUNET_YES means 770 unless @a require_uid_match is set
- */
 void
 GNUNET_DISK_fix_permissions (const char *fn,
                              int require_uid_match,
@@ -394,17 +336,6 @@ GNUNET_DISK_fix_permissions (const char *fn,
 }
 
 
-/**
- * Create an (empty) temporary directory on disk.  If the given name is not
- * an absolute path, the current 'TMPDIR' will be prepended.  In any case,
- * 6 random characters will be appended to the name to create a unique
- * filename.
- *
- * @param t component to use for the name;
- *        does NOT contain "XXXXXX" or "/tmp/".
- * @return NULL on error, otherwise name of fresh
- *         file on disk in directory for temporary files
- */
 char *
 GNUNET_DISK_mkdtemp (const char *t)
 {
@@ -425,13 +356,6 @@ GNUNET_DISK_mkdtemp (const char *t)
 }
 
 
-/**
- * Move a file out of the way (create a backup) by
- * renaming it to "orig.NUM~" where NUM is the smallest
- * number that is not used yet.
- *
- * @param fil name of the file to back up
- */
 void
 GNUNET_DISK_file_backup (const char *fil)
 {
@@ -453,17 +377,6 @@ GNUNET_DISK_file_backup (const char *fil)
 }
 
 
-/**
- * Create an (empty) temporary file on disk.  If the given name is not
- * an absolute path, the current 'TMPDIR' will be prepended.  In any case,
- * 6 random characters will be appended to the name to create a unique
- * filename.
- *
- * @param t component to use for the name;
- *        does NOT contain "XXXXXX" or "/tmp/".
- * @return NULL on error, otherwise name of fresh
- *         file on disk in directory for temporary files
- */
 char *
 GNUNET_DISK_mktemp (const char *t)
 {
@@ -487,19 +400,7 @@ GNUNET_DISK_mktemp (const char *t)
 }
 
 
-/**
- * Test if @a fil is a directory and listable. Optionally, also check if the
- * directory is readable.  Will not print an error message if the directory does
- * not exist.  Will log errors if #GNUNET_SYSERR is returned (i.e., a file exists
- * with the same name).
- *
- * @param fil filename to test
- * @param is_readable #GNUNET_YES to additionally check if @a fil is readable;
- *          #GNUNET_NO to disable this check
- * @return #GNUNET_YES if yes, #GNUNET_NO if not; #GNUNET_SYSERR if it
- *           does not exist or stat'ed
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_test (const char *fil, int is_readable)
 {
   struct stat filestat;
@@ -532,15 +433,7 @@ GNUNET_DISK_directory_test (const char *fil, int is_readable)
 }
 
 
-/**
- * Check that fil corresponds to a filename
- * (of a file that exists and that is not a directory).
- *
- * @param fil filename to check
- * @return #GNUNET_YES if yes, #GNUNET_NO if not a file, #GNUNET_SYSERR if something
- * else (will print an error message in that case, too).
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_test (const char *fil)
 {
   struct stat filestat;
@@ -552,7 +445,7 @@ GNUNET_DISK_file_test (const char *fil)
     return GNUNET_SYSERR;
 
   ret = stat (rdir, &filestat);
-  if (ret != 0)
+  if (0 != ret)
   {
     if (errno != ENOENT)
     {
@@ -579,13 +472,7 @@ GNUNET_DISK_file_test (const char *fil)
 }
 
 
-/**
- * Implementation of "mkdir -p"
- *
- * @param dir the directory to create
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create (const char *dir)
 {
   char *rdir;
@@ -671,22 +558,13 @@ GNUNET_DISK_directory_create (const char *dir)
 }
 
 
-/**
- * Create the directory structure for storing a file.
- *
- * @param filename name of a file in the directory
- * @returns #GNUNET_OK on success,
- *          #GNUNET_SYSERR on failure,
- *          #GNUNET_NO if the directory
- *          exists but is not writeable for us
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_create_for_file (const char *filename)
 {
   char *rdir;
   size_t len;
-  int ret;
   int eno;
+  enum GNUNET_GenericReturnValue res;
 
   rdir = GNUNET_STRINGS_filename_expand (filename);
   if (NULL == rdir)
@@ -699,7 +577,6 @@ GNUNET_DISK_directory_create_for_file (const char *filename)
     GNUNET_free (rdir);
     return GNUNET_OK;
   }
-
   len = strlen (rdir);
   while ((len > 0) && (rdir[len] != DIR_SEPARATOR))
     len--;
@@ -710,24 +587,17 @@ GNUNET_DISK_directory_create_for_file (const char *filename)
     GNUNET_free (rdir);
     rdir = GNUNET_strdup ("/");
   }
-  ret = GNUNET_DISK_directory_create (rdir);
-  if ((GNUNET_OK == ret) && (0 != access (rdir, W_OK)))
-    ret = GNUNET_NO;
+  res = GNUNET_DISK_directory_create (rdir);
+  if ( (GNUNET_OK == res) &&
+       (0 != access (rdir, W_OK)) )
+    res = GNUNET_NO;
   eno = errno;
   GNUNET_free (rdir);
   errno = eno;
-  return ret;
+  return res;
 }
 
 
-/**
- * Read the contents of a binary file into a buffer.
- *
- * @param h handle to an open file
- * @param result the buffer to write the result to
- * @param len the maximum number of bytes to read
- * @return the number of bytes read on success, #GNUNET_SYSERR on failure
- */
 ssize_t
 GNUNET_DISK_file_read (const struct GNUNET_DISK_FileHandle *h,
                        void *result,
@@ -738,35 +608,23 @@ GNUNET_DISK_file_read (const struct GNUNET_DISK_FileHandle *h,
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
   return read (h->fd, result, len);
 }
 
 
-/**
- * Read the contents of a binary file into a buffer.
- * Guarantees not to block (returns GNUNET_SYSERR and sets errno to EAGAIN
- * when no data can be read).
- *
- * @param h handle to an open file
- * @param result the buffer to write the result to
- * @param len the maximum number of bytes to read
- * @return the number of bytes read on success, #GNUNET_SYSERR on failure
- */
 ssize_t
 GNUNET_DISK_file_read_non_blocking (const struct GNUNET_DISK_FileHandle *h,
                                     void *result,
                                     size_t len)
 {
+  int flags;
+  ssize_t ret;
+
   if (NULL == h)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
-  int flags;
-  ssize_t ret;
-
   /* set to non-blocking, read, then set back */
   flags = fcntl (h->fd, F_GETFL);
   if (0 == (flags & O_NONBLOCK))
@@ -782,22 +640,18 @@ GNUNET_DISK_file_read_non_blocking (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Read the contents of a binary file into a buffer.
- *
- * @param fn file name
- * @param result the buffer to write the result to
- * @param len the maximum number of bytes to read
- * @return number of bytes read, #GNUNET_SYSERR on failure
- */
 ssize_t
-GNUNET_DISK_fn_read (const char *fn, void *result, size_t len)
+GNUNET_DISK_fn_read (const char *fn,
+                     void *result,
+                     size_t len)
 {
   struct GNUNET_DISK_FileHandle *fh;
   ssize_t ret;
   int eno;
 
-  fh = GNUNET_DISK_file_open (fn, GNUNET_DISK_OPEN_READ, GNUNET_DISK_PERM_NONE);
+  fh = GNUNET_DISK_file_open (fn,
+                              GNUNET_DISK_OPEN_READ,
+                              GNUNET_DISK_PERM_NONE);
   if (NULL == fh)
     return GNUNET_SYSERR;
   ret = GNUNET_DISK_file_read (fh, result, len);
@@ -808,14 +662,6 @@ GNUNET_DISK_fn_read (const char *fn, void *result, size_t len)
 }
 
 
-/**
- * Write a buffer to a file.
- *
- * @param h handle to open file
- * @param buffer the data to write
- * @param n number of bytes to write
- * @return number of bytes written on success, #GNUNET_SYSERR on error
- */
 ssize_t
 GNUNET_DISK_file_write (const struct GNUNET_DISK_FileHandle *h,
                         const void *buffer,
@@ -831,29 +677,19 @@ GNUNET_DISK_file_write (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Write a buffer to a file, blocking, if necessary.
- *
- * @param h handle to open file
- * @param buffer the data to write
- * @param n number of bytes to write
- * @return number of bytes written on success, #GNUNET_SYSERR on error
- */
 ssize_t
 GNUNET_DISK_file_write_blocking (const struct GNUNET_DISK_FileHandle *h,
                                  const void *buffer,
                                  size_t n)
 {
+  int flags;
+  ssize_t ret;
+
   if (NULL == h)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
-
-
-  int flags;
-  ssize_t ret;
-
   /* set to blocking, write, then set back */
   flags = fcntl (h->fd, F_GETFL);
   if (0 != (flags & O_NONBLOCK))
@@ -865,48 +701,95 @@ GNUNET_DISK_file_write_blocking (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Write a buffer to a file.  If the file is longer than the
- * number of bytes that will be written, it will be truncated.
- *
- * @param fn file name
- * @param buffer the data to write
- * @param n number of bytes to write
- * @param mode file permissions
- * @return number of bytes written on success, #GNUNET_SYSERR on error
- */
-ssize_t
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_fn_write (const char *fn,
-                      const void *buffer,
-                      size_t n,
+                      const void *buf,
+                      size_t buf_size,
                       enum GNUNET_DISK_AccessPermissions mode)
 {
-  struct GNUNET_DISK_FileHandle *fh;
-  ssize_t ret;
+  char *tmpl;
+  int fd;
 
-  fh =
-    GNUNET_DISK_file_open (fn,
-                           GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_TRUNCATE
-                           | GNUNET_DISK_OPEN_CREATE,
-                           mode);
-  if (! fh)
+  if (GNUNET_OK !=
+      GNUNET_DISK_directory_create_for_file (fn))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "mkstemp",
+                              fn);
     return GNUNET_SYSERR;
-  ret = GNUNET_DISK_file_write (fh, buffer, n);
-  GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fh));
-  return ret;
+  }
+  {
+    char *dname;
+
+    dname = GNUNET_strdup (fn);
+    GNUNET_asprintf (&tmpl,
+                     "%s/XXXXXX",
+                     dirname (dname));
+    GNUNET_free (dname);
+  }
+  fd = mkstemp (tmpl);
+  if (-1 == fd)
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "mkstemp",
+                              tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_SYSERR;
+  }
+
+  if (0 != fchmod (fd,
+                   translate_unix_perms (mode)))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "chmod",
+                              tmpl);
+    GNUNET_assert (0 == close (fd));
+    if (0 != unlink (tmpl))
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "unlink",
+                                tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_SYSERR;
+  }
+  if (buf_size !=
+      write (fd,
+             buf,
+             buf_size))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "write",
+                              tmpl);
+    GNUNET_assert (0 == close (fd));
+    if (0 != unlink (tmpl))
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "unlink",
+                                tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_assert (0 == close (fd));
+
+  if (0 != link (tmpl,
+                 fn))
+  {
+    if (0 != unlink (tmpl))
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "unlink",
+                                tmpl);
+    GNUNET_free (tmpl);
+    return GNUNET_NO;
+  }
+  if (0 != unlink (tmpl))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                              "unlink",
+                              tmpl);
+  GNUNET_free (tmpl);
+  return GNUNET_OK;
+
+
 }
 
 
-/**
- * Scan a directory for files.
- *
- * @param dir_name the name of the directory
- * @param callback the method to call for each file,
- *        can be NULL, in that case, we only count
- * @param callback_cls closure for @a callback
- * @return the number of files found, #GNUNET_SYSERR on error or
- *         ieration aborted by callback returning #GNUNET_SYSERR
- */
 int
 GNUNET_DISK_directory_scan (const char *dir_name,
                             GNUNET_FileNameCallback callback,
@@ -916,7 +799,7 @@ GNUNET_DISK_directory_scan (const char *dir_name,
   struct dirent *finfo;
   struct stat istat;
   int count = 0;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
   char *name;
   char *dname;
   unsigned int name_len;
@@ -1008,8 +891,9 @@ GNUNET_DISK_directory_scan (const char *dir_name,
  * @param fn directory to remove
  * @return #GNUNET_OK
  */
-static int
-remove_helper (void *unused, const char *fn)
+static enum GNUNET_GenericReturnValue
+remove_helper (void *unused,
+               const char *fn)
 {
   (void) unused;
   (void) GNUNET_DISK_directory_remove (fn);
@@ -1017,14 +901,7 @@ remove_helper (void *unused, const char *fn)
 }
 
 
-/**
- * Remove all files in a directory (rm -r). Call with
- * caution.
- *
- * @param filename the file to remove
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_directory_remove (const char *filename)
 {
   struct stat istat;
@@ -1036,14 +913,17 @@ GNUNET_DISK_directory_remove (const char *filename)
   }
   if (0 != lstat (filename, &istat))
     return GNUNET_NO; /* file may not exist... */
-  (void) chmod (filename, S_IWUSR | S_IRUSR | S_IXUSR);
+  (void) chmod (filename,
+                S_IWUSR | S_IRUSR | S_IXUSR);
   if (0 == unlink (filename))
     return GNUNET_OK;
-  if ((errno != EISDIR) &&
-      /* EISDIR is not sufficient in all cases, e.g.
-      * sticky /tmp directory may result in EPERM on BSD.
-      * So we also explicitly check "isDirectory" */
-      (GNUNET_YES != GNUNET_DISK_directory_test (filename, GNUNET_YES)))
+  if ( (errno != EISDIR) &&
+       /* EISDIR is not sufficient in all cases, e.g.
+        * sticky /tmp directory may result in EPERM on BSD.
+        * So we also explicitly check "isDirectory" */
+       (GNUNET_YES !=
+        GNUNET_DISK_directory_test (filename,
+                                    GNUNET_YES)) )
   {
     LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "rmdir", filename);
     return GNUNET_SYSERR;
@@ -1060,15 +940,9 @@ GNUNET_DISK_directory_remove (const char *filename)
 }
 
 
-/**
- * Copy a file.
- *
- * @param src file to copy
- * @param dst destination file name
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-GNUNET_DISK_file_copy (const char *src, const char *dst)
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_file_copy (const char *src,
+                       const char *dst)
 {
   char *buf;
   uint64_t pos;
@@ -1131,10 +1005,6 @@ FAIL:
 }
 
 
-/**
- * @brief Removes special characters as ':' from a filename.
- * @param fn the filename to canonicalize
- */
 void
 GNUNET_DISK_filename_canonicalize (char *fn)
 {
@@ -1157,15 +1027,9 @@ GNUNET_DISK_filename_canonicalize (char *fn)
 }
 
 
-/**
- * @brief Change owner of a file
- *
- * @param filename name of file to change the owner of
- * @param user name of the new owner
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
- */
-int
-GNUNET_DISK_file_change_owner (const char *filename, const char *user)
+enum GNUNET_GenericReturnValue
+GNUNET_DISK_file_change_owner (const char *filename,
+                               const char *user)
 {
   struct passwd *pws;
 
@@ -1187,18 +1051,6 @@ GNUNET_DISK_file_change_owner (const char *filename, const char *user)
 }
 
 
-/**
- * Open a file.  Note that the access permissions will only be
- * used if a new file is created and if the underlying operating
- * system supports the given permissions.
- *
- * @param fn file name to be opened
- * @param flags opening flags, a combination of GNUNET_DISK_OPEN_xxx bit flags
- * @param perm permissions for the newly created file, use
- *             #GNUNET_DISK_PERM_NONE if a file could not be created by this
- *             call (because of flags)
- * @return IO handle on success, NULL on error
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_file_open (const char *fn,
                        enum GNUNET_DISK_OpenFlags flags,
@@ -1270,42 +1122,28 @@ GNUNET_DISK_file_open (const char *fn,
 }
 
 
-/**
- * Close an open file.
- *
- * @param h file handle
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_close (struct GNUNET_DISK_FileHandle *h)
 {
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
-  if (h == NULL)
+  if (NULL == h)
   {
     errno = EINVAL;
     return GNUNET_SYSERR;
   }
 
   ret = GNUNET_OK;
-
-  if (close (h->fd) != 0)
+  if (0 != close (h->fd))
   {
     LOG_STRERROR (GNUNET_ERROR_TYPE_WARNING, "close");
     ret = GNUNET_SYSERR;
   }
-
   GNUNET_free (h);
   return ret;
 }
 
 
-/**
- * Get a handle from a native integer FD.
- *
- * @param fno native integer file descriptor
- * @return file handle corresponding to the descriptor, NULL on error
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_get_handle_from_int_fd (int fno)
 {
@@ -1322,12 +1160,6 @@ GNUNET_DISK_get_handle_from_int_fd (int fno)
 }
 
 
-/**
- * Get a handle from a native streaming FD.
- *
- * @param fd native streaming file descriptor
- * @return file handle corresponding to the descriptor
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_get_handle_from_native (FILE *fd)
 {
@@ -1336,7 +1168,6 @@ GNUNET_DISK_get_handle_from_native (FILE *fd)
   fno = fileno (fd);
   if (-1 == fno)
     return NULL;
-
   return GNUNET_DISK_get_handle_from_int_fd (fno);
 }
 
@@ -1362,15 +1193,7 @@ struct GNUNET_DISK_MapHandle
 #define MAP_FAILED ((void *) -1)
 #endif
 
-/**
- * Map a file into memory
- *
- * @param h open file handle
- * @param m handle to the new mapping
- * @param access access specification, GNUNET_DISK_MAP_TYPE_xxx
- * @param len size of the mapping
- * @return pointer to the mapped memory region, NULL on failure
- */
+
 void *
 GNUNET_DISK_file_map (const struct GNUNET_DISK_FileHandle *h,
                       struct GNUNET_DISK_MapHandle **m,
@@ -1402,16 +1225,10 @@ GNUNET_DISK_file_map (const struct GNUNET_DISK_FileHandle *h,
 }
 
 
-/**
- * Unmap a file
- *
- * @param h mapping handle
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h)
 {
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   if (NULL == h)
   {
@@ -1424,12 +1241,7 @@ GNUNET_DISK_file_unmap (struct GNUNET_DISK_MapHandle *h)
 }
 
 
-/**
- * Write file changes to disk
- * @param h handle to an open file
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_file_sync (const struct GNUNET_DISK_FileHandle *h)
 {
   if (h == NULL)
@@ -1446,12 +1258,6 @@ GNUNET_DISK_file_sync (const struct GNUNET_DISK_FileHandle *h)
 }
 
 
-/**
- * Creates an interprocess channel
- *
- * @param pf how to configure the pipe
- * @return handle to the new pipe, NULL on error
- */
 struct GNUNET_DISK_PipeHandle *
 GNUNET_DISK_pipe (enum GNUNET_DISK_PipeFlags pf)
 {
@@ -1469,15 +1275,6 @@ GNUNET_DISK_pipe (enum GNUNET_DISK_PipeFlags pf)
 }
 
 
-/**
- * Creates a pipe object from a couple of file descriptors.
- * Useful for wrapping existing pipe FDs.
- *
- * @param pf how to configure the pipe
- * @param fd an array of two fd values. One of them may be -1 for read-only or write-only pipes
- *
- * @return handle to the new pipe, NULL on error
- */
 struct GNUNET_DISK_PipeHandle *
 GNUNET_DISK_pipe_from_fd (enum GNUNET_DISK_PipeFlags pf,
                           int fd[2])
@@ -1551,18 +1348,11 @@ GNUNET_DISK_pipe_from_fd (enum GNUNET_DISK_PipeFlags pf,
 }
 
 
-/**
- * Closes an interprocess channel
- *
- * @param p pipe to close
- * @param end which end of the pipe to close
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close_end (struct GNUNET_DISK_PipeHandle *p,
                             enum GNUNET_DISK_PipeEnd end)
 {
-  int ret = GNUNET_OK;
+  enum GNUNET_GenericReturnValue ret = GNUNET_OK;
 
   if (end == GNUNET_DISK_PIPE_END_READ)
   {
@@ -1580,23 +1370,10 @@ GNUNET_DISK_pipe_close_end (struct GNUNET_DISK_PipeHandle *p,
       p->fd[1] = NULL;
     }
   }
-
   return ret;
 }
 
 
-/**
- * Detaches one of the ends from the pipe.
- * Detached end is a fully-functional FileHandle, it will
- * not be affected by anything you do with the pipe afterwards.
- * Each end of a pipe can only be detched from it once (i.e.
- * it is not duplicated).
- *
- * @param p pipe to detach an end from
- * @param end which end of the pipe to detach
- * @return Detached end on success, NULL on failure
- * (or if that end is not present or is closed).
- */
 struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_pipe_detach_end (struct GNUNET_DISK_PipeHandle *p,
                              enum GNUNET_DISK_PipeEnd end)
@@ -1624,13 +1401,7 @@ GNUNET_DISK_pipe_detach_end (struct GNUNET_DISK_PipeHandle *p,
 }
 
 
-/**
- * Closes an interprocess channel
- *
- * @param p pipe to close
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p)
 {
   int ret = GNUNET_OK;
@@ -1661,13 +1432,6 @@ GNUNET_DISK_pipe_close (struct GNUNET_DISK_PipeHandle *p)
 }
 
 
-/**
- * Get the handle to a particular pipe end
- *
- * @param p pipe
- * @param n end to access
- * @return handle for the respective end
- */
 const struct GNUNET_DISK_FileHandle *
 GNUNET_DISK_pipe_handle (const struct GNUNET_DISK_PipeHandle *p,
                          enum GNUNET_DISK_PipeEnd n)
@@ -1685,26 +1449,16 @@ GNUNET_DISK_pipe_handle (const struct GNUNET_DISK_PipeHandle *p,
 }
 
 
-/**
- * Retrieve OS file handle
- * @internal
- * @param fh GNUnet file descriptor
- * @param dst destination buffer
- * @param dst_len length of dst
- * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_DISK_internal_file_handle_ (const struct GNUNET_DISK_FileHandle *fh,
                                    void *dst,
                                    size_t dst_len)
 {
   if (NULL == fh)
     return GNUNET_SYSERR;
-
   if (dst_len < sizeof(int))
     return GNUNET_SYSERR;
   *((int *) dst) = fh->fd;
-
   return GNUNET_OK;
 }
 
@@ -1716,8 +1470,9 @@ GNUNET_DISK_internal_file_handle_ (const struct GNUNET_DISK_FileHandle *fh,
  * @param cfg our configuration
  * @return #GNUNET_OK on success
  */
-static int
-purge_cfg_dir (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg)
+static enum GNUNET_GenericReturnValue
+purge_cfg_dir (void *cls,
+               const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   const char *option = cls;
   char *tmpname;
@@ -1739,15 +1494,9 @@ purge_cfg_dir (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg)
 }
 
 
-/**
- * Remove the directory given under @a option in
- * section [PATHS] in configuration under @a cfg_filename
- *
- * @param cfg_filename configuration file to parse
- * @param option option with the dir name to purge
- */
 void
-GNUNET_DISK_purge_cfg_dir (const char *cfg_filename, const char *option)
+GNUNET_DISK_purge_cfg_dir (const char *cfg_filename,
+                           const char *option)
 {
   GNUNET_break (GNUNET_OK ==
                 GNUNET_CONFIGURATION_parse_and_run (cfg_filename,
diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c
index 136c6debb..5c3dfc12e 100644
--- a/src/util/gnunet-scrypt.c
+++ b/src/util/gnunet-scrypt.c
@@ -65,12 +65,15 @@ static void
 shutdown_task (void *cls)
 {
   (void) cls;
-  if (sizeof(proof) != GNUNET_DISK_fn_write (pwfn,
-                                             &proof,
-                                             sizeof(proof),
-                                             GNUNET_DISK_PERM_USER_READ
-                                             | GNUNET_DISK_PERM_USER_WRITE))
-    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "write", pwfn);
+  if (GNUNET_OK !=
+      GNUNET_DISK_fn_write (pwfn,
+                            &proof,
+                            sizeof(proof),
+                            GNUNET_DISK_PERM_USER_READ
+                            | GNUNET_DISK_PERM_USER_WRITE))
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "write",
+                              pwfn);
 }
 
 
diff --git a/src/util/network.c b/src/util/network.c
index b18030fcd..c4adefb8f 100644
--- a/src/util/network.c
+++ b/src/util/network.c
@@ -757,21 +757,17 @@ GNUNET_NETWORK_socket_recvfrom (const struct GNUNET_NETWORK_Handle *desc,
                                 struct sockaddr *src_addr,
                                 socklen_t *addrlen)
 {
-  int ret;
-  int flags;
-
-  flags = 0;
+  int flags = 0;
 
 #ifdef MSG_DONTWAIT
   flags |= MSG_DONTWAIT;
 #endif
-  ret = recvfrom (desc->fd,
-                  buffer,
-                  length,
-                  flags,
-                  src_addr,
-                  addrlen);
-  return ret;
+  return recvfrom (desc->fd,
+                   buffer,
+                   length,
+                   flags,
+                   src_addr,
+                   addrlen);
 }
 
 
@@ -853,10 +849,7 @@ GNUNET_NETWORK_socket_sendto (const struct GNUNET_NETWORK_Handle *desc,
                               const struct sockaddr *dest_addr,
                               socklen_t dest_len)
 {
-  int ret;
-  int flags;
-
-  flags = 0;
+  int flags = 0;
 
 #ifdef MSG_DONTWAIT
   flags |= MSG_DONTWAIT;
@@ -864,8 +857,12 @@ GNUNET_NETWORK_socket_sendto (const struct GNUNET_NETWORK_Handle *desc,
 #ifdef MSG_NOSIGNAL
   flags |= MSG_NOSIGNAL;
 #endif
-  ret = sendto (desc->fd, message, length, flags, dest_addr, dest_len);
-  return ret;
+  return sendto (desc->fd,
+                 message,
+                 length,
+                 flags,
+                 dest_addr,
+                 dest_len);
 }
 
 
diff --git a/src/util/test_disk.c b/src/util/test_disk.c
index 6969e49e6..12bde8107 100644
--- a/src/util/test_disk.c
+++ b/src/util/test_disk.c
@@ -30,12 +30,12 @@
 
 
 static int
-testReadWrite ()
+testReadWrite (void)
 {
   char tmp[100 + 1];
   int ret;
 
-  if (strlen (TESTSTRING) !=
+  if (GNUNET_OK !=
       GNUNET_DISK_fn_write (".testfile", TESTSTRING, strlen (TESTSTRING),
                             GNUNET_DISK_PERM_USER_READ
                             | GNUNET_DISK_PERM_USER_WRITE))