25 files changed, 2369 insertions, 593 deletions
diff --git a/src/cli/util/gnunet-crypto-tvg.c b/src/cli/util/gnunet-crypto-tvg.c
index 5a16bb8fc..721177eda 100644
--- a/src/cli/util/gnunet-crypto-tvg.c
+++ b/src/cli/util/gnunet-crypto-tvg.c
@@ -530,9 +530,12 @@ checkvec (const char *operation,
      return GNUNET_NO;
    }
-    GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
+    GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
+                              &pub_eddsa,
+                              &key_material_comp);
-    if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
+    if (0 != GNUNET_memcmp (&key_material,
+                            &key_material_comp))
    {
      GNUNET_break (0);
      return GNUNET_NO;
@@ -546,10 +549,8 @@ checkvec (const char *operation,
    struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
    struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
    struct GNUNET_CRYPTO_RsaSignature *sig;
-    void *blinded_data;
+    struct GNUNET_CRYPTO_RsaBlindedMessage bm;
-    size_t blinded_len;
+    struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
-    void *blinded_data_comp;
-    size_t blinded_len_comp;
    void *public_enc_data;
    size_t public_enc_len;
    void *secret_enc_data;
@@ -559,60 +560,63 @@ checkvec (const char *operation,
    void *sig_enc_data_comp;
    size_t sig_enc_length_comp;
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "message_hash",
+        expect_data_fixed (vec,
-                                        &message_hash,
+                           "message_hash",
-                                        sizeof (message_hash)))
+                           &message_hash,
+                           sizeof (message_hash)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "blinding_key_secret",
+        expect_data_fixed (vec,
-                                        &bks,
+                           "blinding_key_secret",
-                                        sizeof (bks)))
+                           &bks,
+                           sizeof (bks)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_dynamic (vec,
+    if (GNUNET_OK !=
-                                          "blinded_message",
+        expect_data_dynamic (vec,
-                                          &blinded_data,
+                             "blinded_message",
-                                          &blinded_len))
+                             &bm.blinded_msg,
+                             &bm.blinded_msg_size))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
+    if (GNUNET_OK !=
-    if (GNUNET_OK != expect_data_dynamic (vec,
+        expect_data_dynamic (vec,
-                                          "rsa_public_key",
+                             "rsa_public_key",
-                                          &public_enc_data,
+                             &public_enc_data,
-                                          &public_enc_len))
+                             &public_enc_len))
    {
-      GNUNET_free (blinded_data);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
+    if (GNUNET_OK !=
-    if (GNUNET_OK != expect_data_dynamic (vec,
+        expect_data_dynamic (vec,
-                                          "rsa_private_key",
+                             "rsa_private_key",
-                                          &secret_enc_data,
+                             &secret_enc_data,
-                                          &secret_enc_len))
+                             &secret_enc_len))
    {
-      GNUNET_free (blinded_data);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
      GNUNET_free (public_enc_data);
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
+    if (GNUNET_OK !=
-    if (GNUNET_OK != expect_data_dynamic (vec,
+        expect_data_dynamic (vec,
-                                          "sig",
+                             "sig",
-                                          &sig_enc_data,
+                             &sig_enc_data,
-                                          &sig_enc_length))
+                             &sig_enc_length))
    {
-      GNUNET_free (blinded_data);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
      GNUNET_free (public_enc_data);
      GNUNET_free (secret_enc_data);
      GNUNET_break (0);
@@ -628,16 +632,18 @@ checkvec (const char *operation,
    GNUNET_assert (GNUNET_YES ==
                   GNUNET_CRYPTO_rsa_blind (&message_hash,
+                                            sizeof (message_hash),
                                            &bks,
                                            pkey,
-                                            &blinded_data_comp,
+                                            &bm_comp));
-                                            &blinded_len_comp));
+    if ( (bm.blinded_msg_size !=
-    if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
+          bm_comp.blinded_msg_size) ||
-                                                            blinded_data_comp,
+         (0 != memcmp (bm.blinded_msg,
-                                                            blinded_len)) )
+                       bm_comp.blinded_msg,
+                       bm.blinded_msg_size)) )
    {
-      GNUNET_free (blinded_data);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
-      GNUNET_free (blinded_data_comp);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
      GNUNET_free (public_enc_data);
      GNUNET_free (secret_enc_data);
      GNUNET_free (sig_enc_data);
@@ -646,12 +652,17 @@ checkvec (const char *operation,
      GNUNET_break (0);
      return GNUNET_NO;
    }
-    blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
+    blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
-                                                  blinded_len);
+                                                  &bm);
-    sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
+    sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
-    GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
+                                     &bks,
-                                                           pkey));
+                                     pkey);
-    GNUNET_free(public_enc_data);
+    GNUNET_assert (GNUNET_YES ==
+                   GNUNET_CRYPTO_rsa_verify (&message_hash,
+                                             sizeof (message_hash),
+                                             sig,
+                                             pkey));
+    GNUNET_free (public_enc_data);
    public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
                                                          &public_enc_data);
    sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
@@ -661,8 +672,8 @@ checkvec (const char *operation,
         (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
    {
      GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
-      GNUNET_free (blinded_data);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
-      GNUNET_free (blinded_data_comp);
+      GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
      GNUNET_free (public_enc_data);
      GNUNET_free (secret_enc_data);
      GNUNET_free (sig_enc_data);
@@ -674,8 +685,8 @@ checkvec (const char *operation,
      return GNUNET_NO;
    }
    GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
-    GNUNET_free (blinded_data);
+    GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
-    GNUNET_free (blinded_data_comp);
+    GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
    GNUNET_free (public_enc_data);
    GNUNET_free (secret_enc_data);
    GNUNET_free (sig_enc_data);
@@ -691,12 +702,13 @@ checkvec (const char *operation,
    struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
    struct GNUNET_CRYPTO_CsRSecret r_priv[2];
    struct GNUNET_CRYPTO_CsRPublic r_pub[2];
-    struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
+    struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
    struct GNUNET_CRYPTO_CsC c[2];
    struct GNUNET_CRYPTO_CsS signature_scalar;
    struct GNUNET_CRYPTO_CsBlindS blinded_s;
    struct GNUNET_CRYPTO_CsSignature sig;
-    struct GNUNET_CRYPTO_CsNonce nonce;
+    struct GNUNET_CRYPTO_CsSessionNonce snonce;
+    struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
    struct GNUNET_HashCode message_hash;
    unsigned int b;
@@ -717,26 +729,35 @@ checkvec (const char *operation,
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "cs_private_key",
+        expect_data_fixed (vec,
-                                        &priv,
+                           "cs_private_key",
-                                        sizeof (priv)))
+                           &priv,
+                           sizeof (priv)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "cs_nonce",
+        expect_data_fixed (vec,
-                                        &nonce,
+                           "cs_nonce",
-                                        sizeof (nonce)))
+                           &snonce,
+                           sizeof (snonce)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    /* historically, the tvg used the same nonce for
-                                        "cs_r_priv_0",
+       both, which is HORRIBLE for production, but
-                                        &r_priv[0],
+       maybe OK for TVG... */
-                                        sizeof (r_priv[0])))
+    memcpy (&bnonce,
+            &snonce,
+            sizeof (snonce));
+    if (GNUNET_OK !=
+        expect_data_fixed (vec,
+                           "cs_r_priv_0",
+                           &r_priv[0],
+                           sizeof (r_priv[0])))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
@@ -790,34 +811,38 @@ checkvec (const char *operation,
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "cs_bs_beta_1",
+        expect_data_fixed (vec,
-                                        &bs[1].beta,
+                           "cs_bs_beta_1",
-                                        sizeof (bs[1].beta)))
+                           &bs[1].beta,
+                           sizeof (bs[1].beta)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "cs_r_pub_blind_0",
+        expect_data_fixed (vec,
-                                        &r_pub_blind[0],
+                           "cs_r_pub_blind_0",
-                                        sizeof (r_pub_blind[0])))
+                           &r_pub_blind.r_pub[0],
+                           sizeof (r_pub_blind.r_pub[0])))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "cs_r_pub_blind_1",
+        expect_data_fixed (vec,
-                                        &r_pub_blind[1],
+                           "cs_r_pub_blind_1",
-                                        sizeof (r_pub_blind[1])))
+                           &r_pub_blind.r_pub[1],
+                           sizeof (r_pub_blind.r_pub[1])))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
    }
-    if (GNUNET_OK != expect_data_fixed (vec,
+    if (GNUNET_OK !=
-                                        "cs_c_0",
+        expect_data_fixed (vec,
-                                        &c[0],
+                           "cs_c_0",
-                                        sizeof (c[0])))
+                           &c[0],
+                           sizeof (c[0])))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
@@ -874,14 +899,12 @@ checkvec (const char *operation,
    struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
    struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
    struct GNUNET_CRYPTO_CsC c_comp[2];
-    struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2];
+    struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
-    struct GNUNET_CRYPTO_CsBlindS blinded_s_comp;
+    struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
    struct GNUNET_CRYPTO_CsS signature_scalar_comp;
    struct GNUNET_CRYPTO_CsSignature sig_comp;
-    unsigned int b_comp;
+    GNUNET_CRYPTO_cs_r_derive (&snonce,
-    GNUNET_CRYPTO_cs_r_derive (&nonce,
                               "rw",
                               &priv,
                               r_priv_comp);
@@ -896,51 +919,59 @@ checkvec (const char *operation,
                                &r_pub,
                                sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
-    GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
+    GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
                                              bs_comp);
-    GNUNET_assert (0 == memcmp (&bs_comp,
+    GNUNET_assert (0 ==
-                                &bs,
+                   memcmp (&bs_comp,
-                                sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
+                           &bs,
-                                * 2));
+                           sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
+                           * 2));
    GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
                                     r_pub_comp,
                                     &pub,
                                     &message_hash,
                                     sizeof(message_hash),
                                     c_comp,
-                                     r_pub_blind_comp);
+                                     &r_pub_blind_comp);
-    GNUNET_assert (0 == memcmp (&c_comp,
+    GNUNET_assert (0 ==
-                                &c,
+                   memcmp (&c_comp,
-                                sizeof(struct GNUNET_CRYPTO_CsC) * 2));
+                           &c,
-    GNUNET_assert (0 == memcmp (&r_pub_blind_comp,
+                           sizeof(struct GNUNET_CRYPTO_CsC) * 2));
-                                &r_pub_blind,
+    GNUNET_assert (0 ==
-                                sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
+                   GNUNET_memcmp (&r_pub_blind_comp,
-    b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv,
+                                  &r_pub_blind));
-                                           r_priv_comp,
+    {
-                                           c_comp,
+      struct GNUNET_CRYPTO_CsBlindedMessage bm = {
-                                           &nonce,
+        .c[0] = c_comp[0],
-                                           &blinded_s_comp);
+        .c[1] = c_comp[1],
-    GNUNET_assert (0 == memcmp (&blinded_s_comp,
+        .nonce = snonce
-                                &blinded_s,
+      };
-                                sizeof(blinded_s)));
-    GNUNET_assert (0 == memcmp (&b_comp,
+      GNUNET_CRYPTO_cs_sign_derive (&priv,
-                                &b,
+                                    r_priv_comp,
-                                sizeof(b)));
+                                    &bm,
-    GNUNET_CRYPTO_cs_unblind (&blinded_s_comp,
+                                    &blinded_s_comp);
-                              &bs_comp[b_comp],
+    }
+    GNUNET_assert (0 ==
+                   GNUNET_memcmp (&blinded_s_comp.s_scalar,
+                                  &blinded_s));
+    GNUNET_assert (b == blinded_s_comp.b);
+    GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
+                              &bs_comp[b],
                              &signature_scalar_comp);
-    GNUNET_assert (0 == memcmp (&signature_scalar_comp,
+    GNUNET_assert (0 ==
-                                &signature_scalar,
+                   GNUNET_memcmp (&signature_scalar_comp,
-                                sizeof(signature_scalar_comp)));
+                                  &signature_scalar));
-    sig_comp.r_point = r_pub_blind_comp[b_comp];
+    sig_comp.r_point = r_pub_blind_comp.r_pub[b];
    sig_comp.s_scalar = signature_scalar_comp;
    GNUNET_assert (0 == memcmp (&sig_comp,
                                &sig,
                                sizeof(sig_comp)));
-    if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp,
+    if (GNUNET_OK !=
-                                              &pub,
+        GNUNET_CRYPTO_cs_verify (&sig_comp,
-                                              &message_hash,
+                                 &pub,
-                                              sizeof(message_hash)))
+                                 &message_hash,
+                                 sizeof(message_hash)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
@@ -993,7 +1024,7 @@ check_vectors ()
    /* array is a JSON array */
    size_t index;
    json_t *value;
-    int ret;
+    enum GNUNET_GenericReturnValue ret = GNUNET_OK;
    json_array_foreach (vectors, index, value) {
      const char *op = json_string_value (json_object_get (value,
@@ -1261,8 +1292,7 @@ output_vectors ()
    struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
    struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
    struct GNUNET_CRYPTO_RsaSignature *sig;
-    void *blinded_data;
+    struct GNUNET_CRYPTO_RsaBlindedMessage bm;
-    size_t blinded_len;
    void *public_enc_data;
    size_t public_enc_len;
    void *secret_enc_data;
@@ -1283,23 +1313,29 @@ output_vectors ()
                                        GNUNET_CRYPTO_RsaBlindingKeySecret));
    GNUNET_assert (GNUNET_YES ==
                   GNUNET_CRYPTO_rsa_blind (&message_hash,
+                                            sizeof (message_hash),
                                            &bks,
                                            pkey,
-                                            &blinded_data,
+                                            &bm));
-                                            &blinded_len));
+    blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
-    blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
+                                                  &bm);
-                                                  blinded_len);
+    sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
-    sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
+                                     &bks,
-    GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
+                                     pkey);
-                                                           pkey));
+    GNUNET_assert (GNUNET_YES ==
+                   GNUNET_CRYPTO_rsa_verify (&message_hash,
+                                             sizeof (message_hash),
+                                             sig,
+                                             pkey));
    public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
                                                          &public_enc_data);
    secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
                                                           &secret_enc_data);
-    blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
+    blinded_sig_enc_length
-                                                                 &
+      = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
-                                                                 blinded_sig_enc_data);
+                                            &blinded_sig_enc_data);
-    sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
+    sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
+                                                         &sig_enc_data);
    d2j (vec,
         "message_hash",
         &message_hash,
@@ -1318,8 +1354,8 @@ output_vectors ()
         sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
    d2j (vec,
         "blinded_message",
-         blinded_data,
+         bm.blinded_msg,
-         blinded_len);
+         bm.blinded_msg_size);
    d2j (vec,
         "blinded_sig",
         blinded_sig_enc_data,
@@ -1333,7 +1369,7 @@ output_vectors ()
    GNUNET_CRYPTO_rsa_signature_free (sig);
    GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
    GNUNET_free (public_enc_data);
-    GNUNET_free (blinded_data);
+    GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
    GNUNET_free (sig_enc_data);
    GNUNET_free (blinded_sig_enc_data);
    GNUNET_free (secret_enc_data);
@@ -1347,13 +1383,13 @@ output_vectors ()
    struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
    struct GNUNET_CRYPTO_CsRSecret r_priv[2];
    struct GNUNET_CRYPTO_CsRPublic r_pub[2];
-    struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
+    struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
    struct GNUNET_CRYPTO_CsC c[2];
    struct GNUNET_CRYPTO_CsS signature_scalar;
-    struct GNUNET_CRYPTO_CsBlindS blinded_s;
+    struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
    struct GNUNET_CRYPTO_CsSignature sig;
-    struct GNUNET_CRYPTO_CsNonce nonce;
+    struct GNUNET_CRYPTO_CsSessionNonce snonce;
-    unsigned int b;
+    struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
    struct GNUNET_HashCode message_hash;
    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
@@ -1361,19 +1397,26 @@ output_vectors ()
                                sizeof (struct GNUNET_HashCode));
    GNUNET_CRYPTO_cs_private_key_generate (&priv);
-    GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub);
+    GNUNET_CRYPTO_cs_private_key_get_public (&priv,
+                                             &pub);
-    GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce,
+    GNUNET_assert (GNUNET_YES ==
-                                                     sizeof(nonce.nonce),
+                   GNUNET_CRYPTO_hkdf (&snonce,
-                                                     GCRY_MD_SHA512,
+                                       sizeof(snonce),
-                                                     GCRY_MD_SHA256,
+                                       GCRY_MD_SHA512,
-                                                     "nonce",
+                                       GCRY_MD_SHA256,
-                                                     strlen ("nonce"),
+                                       "nonce",
-                                                     "nonce_secret",
+                                       strlen ("nonce"),
-                                                     strlen ("nonce_secret"),
+                                       "nonce_secret",
-                                                     NULL,
+                                       strlen ("nonce_secret"),
-                                                     0));
+                                       NULL,
-    GNUNET_CRYPTO_cs_r_derive (&nonce,
+                                       0));
+    /* NOTE: historically, we made the bad choice of
+       making both nonces the same. Maybe barely OK
+       for the TGV, not good for production! */
+    memcpy (&bnonce,
+            &snonce,
+            sizeof (snonce));
+    GNUNET_CRYPTO_cs_r_derive (&snonce,
                               "rw",
                               &priv,
                               r_priv);
@@ -1381,7 +1424,7 @@ output_vectors ()
                                   &r_pub[0]);
    GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
                                   &r_pub[1]);
-    GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
+    GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
                                              bs);
    GNUNET_CRYPTO_cs_calc_blinded_c (bs,
                                     r_pub,
@@ -1389,19 +1432,29 @@ output_vectors ()
                                     &message_hash,
                                     sizeof(message_hash),
                                     c,
-                                     r_pub_blind);
+                                     &r_pub_blind);
-    b = GNUNET_CRYPTO_cs_sign_derive (&priv,
+    {
-                                      r_priv,
+      struct GNUNET_CRYPTO_CsBlindedMessage bm = {
-                                      c,
+        .c[0] = c[0],
-                                      &nonce,
+        .c[1] = c[1],
-                                      &blinded_s);
+        .nonce = snonce
-    GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar);
+      };
-    sig.r_point = r_pub_blind[b];
+      GNUNET_CRYPTO_cs_sign_derive (&priv,
+                                    r_priv,
+                                    &bm,
+                                    &blinded_s);
+    }
+    GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
+                              &bs[blinded_s.b],
+                              &signature_scalar);
+    sig.r_point = r_pub_blind.r_pub[blinded_s.b];
    sig.s_scalar = signature_scalar;
-    if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig,
+    if (GNUNET_OK !=
-                                              &pub,
+        GNUNET_CRYPTO_cs_verify (&sig,
-                                              &message_hash,
+                                 &pub,
-                                              sizeof(message_hash)))
+                                 &message_hash,
+                                 sizeof(message_hash)))
    {
      GNUNET_break (0);
      return GNUNET_SYSERR;
@@ -1420,8 +1473,8 @@ output_vectors ()
         sizeof(priv));
    d2j (vec,
         "cs_nonce",
-         &nonce,
+         &snonce,
-         sizeof(nonce));
+         sizeof(snonce));
    d2j (vec,
         "cs_r_priv_0",
         &r_priv[0],
@@ -1456,12 +1509,12 @@ output_vectors ()
         sizeof(bs[1].beta));
    d2j (vec,
         "cs_r_pub_blind_0",
-         &r_pub_blind[0],
+         &r_pub_blind.r_pub[0],
-         sizeof(r_pub_blind[0]));
+         sizeof(r_pub_blind.r_pub[0]));
    d2j (vec,
         "cs_r_pub_blind_1",
-         &r_pub_blind[1],
+         &r_pub_blind.r_pub[1],
-         sizeof(r_pub_blind[1]));
+         sizeof(r_pub_blind.r_pub[1]));
    d2j (vec,
         "cs_c_0",
         &c[0],
@@ -1476,16 +1529,16 @@ output_vectors ()
         sizeof(blinded_s));
    d2j (vec,
         "cs_b",
-         &b,
+         &blinded_s.b,
-         sizeof(b));
+         sizeof(blinded_s.b));
    d2j (vec,
         "cs_sig_s",
         &signature_scalar,
         sizeof(signature_scalar));
    d2j (vec,
         "cs_sig_R",
-         &r_pub_blind[b],
+         &r_pub_blind.r_pub[blinded_s.b],
-         sizeof(r_pub_blind[b]));
+         sizeof(r_pub_blind.r_pub[blinded_s.b]));
  }
  json_dumpf (vecfile, stdout, JSON_INDENT (2));
diff --git a/src/contrib/service/consensus/meson.build b/src/contrib/service/consensus/meson.build
index 50483e81f..86cc0663b 100644
--- a/src/contrib/service/consensus/meson.build
+++ b/src/contrib/service/consensus/meson.build
@@ -63,4 +63,4 @@ configure_file(input : 'test_consensus.conf',
 test('test_consensus_api', testconsensusapi,
  workdir: meson.current_build_dir(),
-  suite: 'consensus')
+  suite: ['consensus', 'contrib'])
diff --git a/src/contrib/service/conversation/meson.build b/src/contrib/service/conversation/meson.build
index a7f1ee896..052fa1a6e 100644
--- a/src/contrib/service/conversation/meson.build
+++ b/src/contrib/service/conversation/meson.build
@@ -182,11 +182,11 @@ configure_file(input : 'test_conversation.conf',
               install: false)
 test('test_conversation_api', testconvapi, workdir: meson.current_build_dir(),
-     suite: 'conversation')
+     suite: ['conversation', 'contrib'])
 test('test_conversation_api_twocalls', testconvapitwo, workdir: meson.current_build_dir(),
-     suite: 'conversation')
+     suite: ['conversation', 'contrib'])
 test('test_conversation_api_reject', testconvapireject, workdir: meson.current_build_dir(),
-     suite: 'conversation')
+     suite: ['conversation', 'contrib'])
diff --git a/src/contrib/service/template/meson.build b/src/contrib/service/template/meson.build
index b17b86709..7a30a7575 100644
--- a/src/contrib/service/template/meson.build
+++ b/src/contrib/service/template/meson.build
@@ -18,4 +18,4 @@ testtemplateapi = executable ('test_template_api',
            include_directories: [incdir, configuration_inc],
            install: false)
 test('test_template_api', testtemplateapi, workdir: meson.current_source_dir(),
-     suite: 'template')
+     suite: ['template', 'contrib'])
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index f3ea3ed25..6e9649410 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -660,17 +660,33 @@ struct GNUNET_CRYPTO_CsSignature
   * Schnorr signatures are composed of a scalar s and a curve point
   */
  struct GNUNET_CRYPTO_CsS s_scalar;
+  /**
+   * Curve point of the Schnorr signature.
+   */
  struct GNUNET_CRYPTO_CsRPublic r_point;
 };
 /**
- * Nonce
+ * Nonce for the session, picked by client,
+ * shared with the signer.
 */
-struct GNUNET_CRYPTO_CsNonce
+struct GNUNET_CRYPTO_CsSessionNonce
 {
  /*a nonce*/
-  unsigned char nonce[256 / 8];
+  unsigned char snonce[256 / 8];
+};
+/**
+ * Nonce for computing blinding factors. Not
+ * shared with the signer.
+ */
+struct GNUNET_CRYPTO_CsBlindingNonce
+{
+  /*a nonce*/
+  unsigned char bnonce[256 / 8];
 };
@@ -945,7 +961,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc,
 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
 */
 #define GNUNET_CRYPTO_hash_from_string(enc, result) \
-        GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
+  GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
 /**
@@ -2136,15 +2152,15 @@ GNUNET_CRYPTO_eddsa_sign_ (
 * @param[out] sig where to write the signature
 */
 #define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do {                 \
-          /* check size is set correctly */                              \
+    /* check size is set correctly */                              \
-          GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps));    \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps));    \
-          /* check 'ps' begins with the purpose */                       \
+    /* check 'ps' begins with the purpose */                       \
-          GNUNET_static_assert (((void*) (ps)) ==                        \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
-                                ((void*) &(ps)->purpose));               \
+                          ((void*) &(ps)->purpose));               \
-          GNUNET_assert (GNUNET_OK ==                                    \
+    GNUNET_assert (GNUNET_OK ==                                    \
-                         GNUNET_CRYPTO_eddsa_sign_ (priv,                \
+                   GNUNET_CRYPTO_eddsa_sign_ (priv,                \
-                                                    &(ps)->purpose,      \
+                                              &(ps)->purpose,      \
-                                                    sig));               \
+                                              sig));               \
 } while (0)
@@ -2198,15 +2214,15 @@ GNUNET_CRYPTO_eddsa_sign_raw (
 * @param[out] sig where to write the signature
 */
 #define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do {                 \
-          /* check size is set correctly */                              \
+    /* check size is set correctly */                              \
-          GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));  \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));  \
-          /* check 'ps' begins with the purpose */                       \
+    /* check 'ps' begins with the purpose */                       \
-          GNUNET_static_assert (((void*) (ps)) ==                        \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
-                                ((void*) &(ps)->purpose));               \
+                          ((void*) &(ps)->purpose));               \
-          GNUNET_assert (GNUNET_OK ==                                    \
+    GNUNET_assert (GNUNET_OK ==                                    \
-                         GNUNET_CRYPTO_ecdsa_sign_ (priv,                \
+                   GNUNET_CRYPTO_ecdsa_sign_ (priv,                \
-                                                    &(ps)->purpose,      \
+                                              &(ps)->purpose,      \
-                                                    sig));               \
+                                              sig));               \
 } while (0)
 /**
@@ -2245,15 +2261,15 @@ GNUNET_CRYPTO_edx25519_sign_ (
 * @param[out] sig where to write the signature
 */
 #define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do {              \
-          /* check size is set correctly */                              \
+    /* check size is set correctly */                              \
-          GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));  \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));  \
-          /* check 'ps' begins with the purpose */                       \
+    /* check 'ps' begins with the purpose */                       \
-          GNUNET_static_assert (((void*) (ps)) ==                        \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
-                                ((void*) &(ps)->purpose));               \
+                          ((void*) &(ps)->purpose));               \
-          GNUNET_assert (GNUNET_OK ==                                    \
+    GNUNET_assert (GNUNET_OK ==                                    \
-                         GNUNET_CRYPTO_edx25519_sign_ (priv,             \
+                   GNUNET_CRYPTO_edx25519_sign_ (priv,             \
-                                                       &(ps)->purpose,   \
+                                                 &(ps)->purpose,   \
-                                                       sig));            \
+                                                 sig));            \
 } while (0)
@@ -2801,8 +2817,9 @@ GNUNET_CRYPTO_rsa_private_key_get_public (
 * @param hc where to store the hash code
 */
 void
-GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
+GNUNET_CRYPTO_rsa_public_key_hash (
-                                   struct GNUNET_HashCode *hc);
+  const struct GNUNET_CRYPTO_RsaPublicKey *key,
+  struct GNUNET_HashCode *hc);
 /**
@@ -2907,53 +2924,83 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1,
 /**
+ * @brief RSA Parameters to create blinded signature
+ */
+struct GNUNET_CRYPTO_RsaBlindedMessage
+{
+  /**
+   * Blinded message to be signed
+   * Note: is malloc()'ed!
+   */
+  void *blinded_msg;
+  /**
+   * Size of the @e blinded_msg to be signed.
+   */
+  size_t blinded_msg_size;
+};
+/**
 * Blinds the given message with the given blinding key
 *
- * @param hash hash of the message to sign
+ * @param message the message to sign
+ * @param message_size number of bytes in @a message
 * @param bks the blinding key
 * @param pkey the public key of the signer
- * @param[out] buf set to a buffer with the blinded message to be signed
+ * @param[out] bm set to the blinded message
- * @param[out] buf_size number of bytes stored in @a buf
 * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
 */
 enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
+GNUNET_CRYPTO_rsa_blind (const void *message,
+                         size_t message_size,
                         const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
                         struct GNUNET_CRYPTO_RsaPublicKey *pkey,
-                         void **buf,
+                         struct GNUNET_CRYPTO_RsaBlindedMessage *bm);
-                         size_t *buf_size);
 /**
 * Sign a blinded value, which must be a full domain hash of a message.
 *
 * @param key private key to use for the signing
- * @param msg the (blinded) message to sign
+ * @param bm the (blinded) message to sign
- * @param msg_len number of bytes in @a msg to sign
 * @return NULL on error, signature on success
 */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
-                                const void *msg,
+                                const struct
-                                size_t msg_len);
+                                GNUNET_CRYPTO_RsaBlindedMessage *bm);
 /**
 * Create and sign a full domain hash of a message.
 *
 * @param key private key to use for the signing
- * @param hash the hash of the message to sign
+ * @param message the message to sign
+ * @param message_size number of bytes in @a message
 * @return NULL on error, including a malicious RSA key, signature on success
 */
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
-                            const struct GNUNET_HashCode *hash);
+                            const void *message,
+                            size_t message_size);
+/**
+ * Free memory occupied by blinded message. Only frees contents, not
+ * @a bm itself.
+ *
+ * @param[in] bm memory to free
+ */
+void
+GNUNET_CRYPTO_rsa_blinded_message_free (
+  struct GNUNET_CRYPTO_RsaBlindedMessage *bm);
 /**
 * Free memory occupied by signature.
 *
- * @param sig memory to free
+ * @param[in] sig memory to free
 */
 void
 GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig);
@@ -2981,8 +3028,9 @@ GNUNET_CRYPTO_rsa_signature_encode (
 * @return NULL on error
 */
 struct GNUNET_CRYPTO_RsaSignature *
-GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
+GNUNET_CRYPTO_rsa_signature_decode (
-                                    size_t buf_size);
+  const void *buf,
+  size_t buf_size);
 /**
@@ -2992,7 +3040,8 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
 * @return the duplicate key; NULL upon error
 */
 struct GNUNET_CRYPTO_RsaSignature *
-GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig);
+GNUNET_CRYPTO_rsa_signature_dup (
+  const struct GNUNET_CRYPTO_RsaSignature *sig);
 /**
@@ -3015,13 +3064,15 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
 * Verify whether the given hash corresponds to the given signature and the
 * signature is valid with respect to the given public key.
 *
- * @param hash the message to verify to match the @a sig
+ * @param message the message to sign
+ * @param message_size number of bytes in @a message
 * @param sig signature that is being validated
 * @param public_key public key of the signer
 * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature
 */
 enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
+GNUNET_CRYPTO_rsa_verify (const void *message,
+                          size_t message_size,
                          const struct GNUNET_CRYPTO_RsaSignature *sig,
                          const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
@@ -3061,10 +3112,11 @@ GNUNET_CRYPTO_cs_private_key_get_public (
 * @param[out] r array containing derived secrets r0 and r1
 */
 void
-GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
+GNUNET_CRYPTO_cs_r_derive (
-                           const char *seed,
+  const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
-                           const struct GNUNET_CRYPTO_CsPrivateKey *lts,
+  const char *seed,
-                           struct GNUNET_CRYPTO_CsRSecret r[2]);
+  const struct GNUNET_CRYPTO_CsPrivateKey *lts,
+  struct GNUNET_CRYPTO_CsRSecret r[2]);
 /**
@@ -3074,27 +3126,57 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
 * @param[out] r_pub where to write the public key
 */
 void
-GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
+GNUNET_CRYPTO_cs_r_get_public (
-                               struct GNUNET_CRYPTO_CsRPublic *r_pub);
+  const struct GNUNET_CRYPTO_CsRSecret *r_priv,
+  struct GNUNET_CRYPTO_CsRPublic *r_pub);
 /**
 * Derives new random blinding factors.
 * In original papers blinding factors are generated randomly
- * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE
+ * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE.
 * To ensure unpredictability a new nonce has to be used.
- * Uses HKDF internally
+ * Uses HKDF internally.
 *
 * @param blind_seed is the blinding seed to derive blinding factors
 * @param[out] bs array containing the two derived blinding secrets
 */
 void
 GNUNET_CRYPTO_cs_blinding_secrets_derive (
-  const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+  const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
  struct GNUNET_CRYPTO_CsBlindingSecret bs[2]);
 /**
- * Calculate two blinded c's
+ * @brief CS Parameters derived from the message
+ * during blinding to create blinded signature
+ */
+struct GNUNET_CRYPTO_CsBlindedMessage
+{
+  /**
+   * The Clause Schnorr c_0 and c_1 containing the blinded message
+   */
+  struct GNUNET_CRYPTO_CsC c[2];
+  /**
+   * Nonce used in initial request.
+   */
+  struct GNUNET_CRYPTO_CsSessionNonce nonce;
+};
+/**
+ * Pair of Public R values for Cs denominations
+ */
+struct GNUNET_CRYPTO_CSPublicRPairP
+{
+  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
+};
+/**
+ * Calculate two blinded c's.
 * Comment: One would be insecure due to Wagner's algorithm solving ROS
 *
 * @param bs array of the two blinding factor structs each containing alpha and beta
@@ -3103,7 +3185,7 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive (
 * @param msg the message to blind in preparation for signing
 * @param msg_len length of message msg
 * @param[out] blinded_c array of the two blinded c's
- * @param[out] blinded_r_pub array of the two blinded R
+ * @param[out] r_pub_blind array of the two blinded R
 */
 void
 GNUNET_CRYPTO_cs_calc_blinded_c (
@@ -3113,32 +3195,49 @@ GNUNET_CRYPTO_cs_calc_blinded_c (
  const void *msg,
  size_t msg_len,
  struct GNUNET_CRYPTO_CsC blinded_c[2],
-  struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]);
+  struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind);
 /**
- * Sign a blinded c
+ * The Sign Answer for Clause Blind Schnorr signature.
- * This function derives b from a nonce and a longterm secret
+ * The sign operation returns a parameter @param b and the signature
- * In original papers b is generated randomly
+ * scalar @param s_scalar.
+ */
+struct GNUNET_CRYPTO_CsBlindSignature
+{
+  /**
+   * To make ROS problem harder, the signer chooses an unpredictable b and
+   * only calculates signature of c_b
+   */
+  unsigned int b;
+  /**
+   * The blinded s scalar calculated from c_b
+   */
+  struct GNUNET_CRYPTO_CsBlindS s_scalar;
+};
+/**
+ * Sign a blinded @a c.
+ * This function derives b from a nonce and a longterm secret.
+ * In the original papers b is generated randomly.
 * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE.
- * To ensure unpredictability a new nonce has to be used for every signature
+ * To ensure unpredictability a new nonce has to be used for every signature.
- * HKDF is used internally for derivation
+ * HKDF is used internally for derivation.
- * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive
+ * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive.
 *
 * @param priv private key to use for the signing and as LTS in HKDF
- * @param r array of the two secret nonce from the signer
+ * @param r array of the two secret inputs from the signer
- * @param c array of the two blinded c to sign c_b
+ * @param bm blinded message, including array of the two blinded c to sign c_b and the random nonce
- * @param nonce is a random nonce
+ * @param[out] cs_blind_sig where to write the blind signature
- * @param[out] blinded_signature_scalar where to write the signature
- * @return 0 or 1 for b (see Clause Blind Signature Scheme)
 */
-unsigned int
+void
 GNUNET_CRYPTO_cs_sign_derive (
  const struct GNUNET_CRYPTO_CsPrivateKey *priv,
  const struct GNUNET_CRYPTO_CsRSecret r[2],
-  const struct GNUNET_CRYPTO_CsC c[2],
+  const struct GNUNET_CRYPTO_CsBlindedMessage *bm,
-  const struct GNUNET_CRYPTO_CsNonce *nonce,
+  struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig);
-  struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar);
 /**
@@ -3166,10 +3265,599 @@ GNUNET_CRYPTO_cs_unblind (
 * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid
 */
 enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
+GNUNET_CRYPTO_cs_verify (
-                         const struct GNUNET_CRYPTO_CsPublicKey *pub,
+  const struct GNUNET_CRYPTO_CsSignature *sig,
-                         const void *msg,
+  const struct GNUNET_CRYPTO_CsPublicKey *pub,
-                         size_t msg_len);
+  const void *msg,
+  size_t msg_len);
+/**
+ * Types of public keys used for blind signatures.
+ */
+enum GNUNET_CRYPTO_BlindSignatureAlgorithm
+{
+  /**
+   * Invalid type of signature.
+   */
+  GNUNET_CRYPTO_BSA_INVALID = 0,
+  /**
+   * RSA blind signature.
+   */
+  GNUNET_CRYPTO_BSA_RSA = 1,
+  /**
+   * Clause Blind Schnorr signature.
+   */
+  GNUNET_CRYPTO_BSA_CS = 2
+};
+/**
+ * @brief Type of (unblinded) signatures.
+ */
+struct GNUNET_CRYPTO_UnblindedSignature
+{
+  /**
+   * Type of the signature.
+   */
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+  /**
+   * Reference counter.
+   */
+  unsigned int rc;
+  /**
+   * Details, depending on @e cipher.
+   */
+  union
+  {
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+     */
+    struct GNUNET_CRYPTO_CsSignature cs_signature;
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+     */
+    struct GNUNET_CRYPTO_RsaSignature *rsa_signature;
+  } details;
+};
+/**
+ * @brief Type for *blinded* signatures.
+ * Must be unblinded before it becomes valid.
+ */
+struct GNUNET_CRYPTO_BlindedSignature
+{
+  /**
+   * Type of the signature.
+   */
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+  /**
+   * Reference counter.
+   */
+  unsigned int rc;
+  /**
+   * Details, depending on @e cipher.
+   */
+  union
+  {
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+     * At this point only the blinded s scalar is used.
+     * The final signature consisting of r,s is built after unblinding.
+     */
+    struct GNUNET_CRYPTO_CsBlindSignature blinded_cs_answer;
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+     */
+    struct GNUNET_CRYPTO_RsaSignature *blinded_rsa_signature;
+  } details;
+};
+/**
+ * @brief Type of public signing keys for blind signatures.
+ */
+struct GNUNET_CRYPTO_BlindSignPublicKey
+{
+  /**
+   * Type of the public key.
+   */
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+  /**
+   * Reference counter.
+   */
+  unsigned int rc;
+  /**
+   * Hash of the public key.
+   */
+  struct GNUNET_HashCode pub_key_hash;
+  /**
+   * Details, depending on @e cipher.
+   */
+  union
+  {
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+     */
+    struct GNUNET_CRYPTO_CsPublicKey cs_public_key;
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+     */
+    struct GNUNET_CRYPTO_RsaPublicKey *rsa_public_key;
+  } details;
+};
+/**
+ * @brief Type of private signing keys for blind signing.
+ */
+struct GNUNET_CRYPTO_BlindSignPrivateKey
+{
+  /**
+   * Type of the public key.
+   */
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+  /**
+   * Reference counter.
+   */
+  unsigned int rc;
+  /**
+   * Details, depending on @e cipher.
+   */
+  union
+  {
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+     */
+    struct GNUNET_CRYPTO_CsPrivateKey cs_private_key;
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+     */
+    struct GNUNET_CRYPTO_RsaPrivateKey *rsa_private_key;
+  } details;
+};
+/**
+ * @brief Blinded message ready for blind signing.
+ */
+struct GNUNET_CRYPTO_BlindedMessage
+{
+  /**
+   * Type of the sign blinded message
+   */
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+  /**
+   * Reference counter.
+   */
+  unsigned int rc;
+  /**
+   * Details, depending on @e cipher.
+   */
+  union
+  {
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+     */
+    struct GNUNET_CRYPTO_CsBlindedMessage cs_blinded_message;
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher.
+     */
+    struct GNUNET_CRYPTO_RsaBlindedMessage rsa_blinded_message;
+  } details;
+};
+/**
+ * Secret r for Cs denominations
+ */
+struct GNUNET_CRYPTO_CSPrivateRPairP
+{
+  struct GNUNET_CRYPTO_CsRSecret r[2];
+};
+/**
+ * @brief Input needed for blinding a message.
+ */
+struct GNUNET_CRYPTO_BlindingInputValues
+{
+  /**
+   * Type of the signature.
+   */
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher;
+  /**
+   * Reference counter.
+   */
+  unsigned int rc;
+  /**
+   * Details, depending on @e cipher.
+   */
+  union
+  {
+    /**
+     * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher.
+     */
+    struct GNUNET_CRYPTO_CSPublicRPairP cs_values;
+  } details;
+};
+/**
+ * Nonce used to deterministiacally derive input values
+ * used in multi-round blind signature protocols.
+ */
+union GNUNET_CRYPTO_BlindSessionNonce
+{
+  /**
+   * Nonce used when signing with CS.
+   */
+  struct GNUNET_CRYPTO_CsSessionNonce cs_nonce;
+};
+/**
+ * Compute blinding input values for a given @a nonce and
+ * @a salt.
+ *
+ * @param bsign_priv private key to compute input values for
+ * @param nonce session nonce to derive input values from
+ * @param salt salt to include in derivation logic
+ * @return blinding input values
+ */
+struct GNUNET_CRYPTO_BlindingInputValues *
+GNUNET_CRYPTO_get_blinding_input_values (
+  const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv,
+  const union GNUNET_CRYPTO_BlindSessionNonce *nonce,
+  const char *salt);
+/**
+ * Decrement reference counter of a @a bsign_pub, and free it if it reaches zero.
+ *
+ * @param[in] bsign_pub key to free
+ */
+void
+GNUNET_CRYPTO_blind_sign_pub_decref (
+  struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub);
+/**
+ * Decrement reference counter of a @a bsign_priv, and free it if it reaches zero.
+ *
+ * @param[in] bsign_priv key to free
+ */
+void
+GNUNET_CRYPTO_blind_sign_priv_decref (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv);
+/**
+ * Decrement reference counter of a @a ub_sig, and free it if it reaches zero.
+ *
+ * @param[in] ub_sig signature to free
+ */
+void
+GNUNET_CRYPTO_unblinded_sig_decref (
+  struct GNUNET_CRYPTO_UnblindedSignature *ub_sig);
+/**
+ * Decrement reference counter of a @a blind_sig, and free it if it reaches zero.
+ *
+ * @param[in] blind_sig signature to free
+ */
+void
+GNUNET_CRYPTO_blinded_sig_decref (
+  struct GNUNET_CRYPTO_BlindedSignature *blind_sig);
+/**
+ * Decrement reference counter of a @a bm, and free it if it reaches zero.
+ *
+ * @param[in] bm blinded message to free
+ */
+void
+GNUNET_CRYPTO_blinded_message_decref (
+  struct GNUNET_CRYPTO_BlindedMessage *bm);
+/**
+ * Increment reference counter of the given @a bm.
+ *
+ * @param[in,out] bm blinded message to increment reference counter for
+ * @return alias of @a bm with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindedMessage *
+GNUNET_CRYPTO_blinded_message_incref (
+  struct GNUNET_CRYPTO_BlindedMessage *bm);
+/**
+ * Increment reference counter of the given @a bi.
+ *
+ * @param[in,out] bi blinding input values to increment reference counter for
+ * @return alias of @a bi with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindingInputValues *
+GNUNET_CRYPTO_blinding_input_values_incref (
+  struct GNUNET_CRYPTO_BlindingInputValues *bm);
+/**
+ * Decrement reference counter of the given @a bi, and free it if it reaches
+ * zero.
+ *
+ * @param[in,out] bi blinding input values to decrement reference counter for
+ */
+void
+GNUNET_CRYPTO_blinding_input_values_decref (
+  struct GNUNET_CRYPTO_BlindingInputValues *bm);
+/**
+ * Increment reference counter of the given @a bsign_pub.
+ *
+ * @param[in,out] bsign_pub public key to increment reference counter for
+ * @return alias of @a bsign_pub with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindSignPublicKey *
+GNUNET_CRYPTO_bsign_pub_incref (
+  struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub);
+/**
+ * Increment reference counter of the given @a bsign_priv.
+ *
+ * @param[in,out] bsign_priv private key to increment reference counter for
+ * @return alias of @a bsign_priv with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindSignPrivateKey *
+GNUNET_CRYPTO_bsign_priv_incref (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv);
+/**
+ * Increment reference counter of the given @a ub_sig.
+ *
+ * @param[in,out] ub_sig signature to increment reference counter for
+ * @return alias of @a ub_sig with RC incremented
+ */
+struct GNUNET_CRYPTO_UnblindedSignature *
+GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig);
+/**
+ * Increment reference counter of the given @a blind_sig.
+ *
+ * @param[in,out] blind_sig signature to increment reference counter for
+ * @return alias of @a blind_sig with RC incremented
+ */
+struct GNUNET_CRYPTO_BlindedSignature *
+GNUNET_CRYPTO_blind_sig_incref (
+  struct GNUNET_CRYPTO_BlindedSignature *blind_sig);
+/**
+ * Compare two denomination public keys.
+ *
+ * @param bp1 first key
+ * @param bp2 second key
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_bsign_pub_cmp (
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1,
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2);
+/**
+ * Compare two denomination signatures.
+ *
+ * @param sig1 first signature
+ * @param sig2 second signature
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_ub_sig_cmp (const struct GNUNET_CRYPTO_UnblindedSignature *sig1,
+                          const struct GNUNET_CRYPTO_UnblindedSignature *sig2);
+/**
+ * Compare two blinded denomination signatures.
+ *
+ * @param sig1 first signature
+ * @param sig2 second signature
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_blind_sig_cmp (
+  const struct GNUNET_CRYPTO_BlindedSignature *sig1,
+  const struct GNUNET_CRYPTO_BlindedSignature *sig2);
+/**
+ * Compare two blinded messages.
+ *
+ * @param bp1 first blinded message
+ * @param bp2 second blinded message
+ * @return 0 if the keys are equal, otherwise -1 or 1
+ */
+int
+GNUNET_CRYPTO_blinded_message_cmp (
+  const struct GNUNET_CRYPTO_BlindedMessage *bp1,
+  const struct GNUNET_CRYPTO_BlindedMessage *bp2);
+/**
+ * Initialize public-private key pair for blind signatures.
+ *
+ * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int"
+ * argument with the number of bits for 'n' (e.g. 2048) must
+ * be passed.
+ *
+ * @param[out] bsign_priv where to write the private key with RC 1
+ * @param[out] bsign_pub where to write the public key with RC 1
+ * @param cipher which type of cipher to use
+ * @param ... RSA key size (eg. 2048/3072/4096)
+ * @return #GNUNET_OK on success, #GNUNET_NO if parameterst were invalid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sign_keys_create (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv,
+  struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub,
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher,
+  ...);
+/**
+ * Initialize public-private key pair for blind signatures.
+ *
+ * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int"
+ * argument with the number of bits for 'n' (e.g. 2048) must
+ * be passed.
+ *
+ * @param[out] bsign_priv where to write the private key with RC 1
+ * @param[out] bsign_pub where to write the public key with RC 1
+ * @param cipher which type of cipher to use
+ * @param ap RSA key size (eg. 2048/3072/4096)
+ * @return #GNUNET_OK on success, #GNUNET_NO if parameterst were invalid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sign_keys_create_va (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv,
+  struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub,
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher,
+  va_list ap);
+/**
+ * @brief Type of blinding secrets.  Must be exactly 32 bytes (DB).
+ */
+union GNUNET_CRYPTO_BlindingSecretP
+{
+  /**
+   * Clause Schnorr nonce.
+   */
+  struct GNUNET_CRYPTO_CsBlindingNonce nonce;
+  /**
+   * Variant for RSA for blind signatures.
+   */
+  struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks;
+};
+/**
+ * Blind message for blind signing with @a dk using blinding secret @a coin_bks.
+ *
+ * @param bsign_pub public key to blind for
+ * @param bks blinding secret to use
+ * @param nonce nonce used to obtain @a alg_values
+ *        can be NULL if input values are not used for the cipher
+ * @param message message to sign
+ * @param message_size number of bytes in @a message
+ * @param alg_values algorithm specific values to blind the @a message
+ * @return blinded message to give to signer, NULL on error
+ */
+struct GNUNET_CRYPTO_BlindedMessage *
+GNUNET_CRYPTO_message_blind_to_sign (
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub,
+  const union GNUNET_CRYPTO_BlindingSecretP *bks,
+  const union GNUNET_CRYPTO_BlindSessionNonce *nonce,
+  const void *message,
+  size_t message_size,
+  const struct GNUNET_CRYPTO_BlindingInputValues *alg_values);
+/**
+ * Create blind signature.
+ *
+ * @param bsign_priv private key to use for signing
+ * @param salt salt value to use for the HKDF,
+ *        can be NULL if input values are not used for the cipher
+ * @param blinded_message the already blinded message to sign
+ * @return blind signature with RC=1, NULL on failure
+ */
+struct GNUNET_CRYPTO_BlindedSignature *
+GNUNET_CRYPTO_blind_sign (
+  const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv,
+  const char *salt,
+  const struct GNUNET_CRYPTO_BlindedMessage *blinded_message);
+/**
+ * Unblind blind signature.
+ *
+ * @param blinded_sig the blind signature
+ * @param bks blinding secret to use
+ * @param message message that was supposedly signed
+ * @param message_size number of bytes in @a message
+ * @param alg_values algorithm specific values
+ * @param bsign_pub public key used for signing
+ * @return unblinded signature with RC=1, NULL on error
+ */
+struct GNUNET_CRYPTO_UnblindedSignature *
+GNUNET_CRYPTO_blind_sig_unblind (
+  const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig,
+  const union GNUNET_CRYPTO_BlindingSecretP *bks,
+  const void *message,
+  size_t message_size,
+  const struct GNUNET_CRYPTO_BlindingInputValues *alg_values,
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub);
+/**
+ * Verify signature made blindly.
+ *
+ * @param bsign_pub public key
+ * @param ub_sig signature made blindly with the private key
+ * @param message message that was supposedly signed
+ * @param message_size number of bytes in @a message
+ * @return #GNUNET_OK if the signature is valid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sig_verify (
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub,
+  const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig,
+  const void *message,
+  size_t message_size);
 /**
@@ -3184,7 +3872,7 @@ GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
 */
 ssize_t
 GNUNET_CRYPTO_public_key_get_length (const struct
-                                       GNUNET_CRYPTO_PublicKey *key);
+                                     GNUNET_CRYPTO_PublicKey *key);
 /**
 * Reads a #GNUNET_CRYPTO_PublicKey from a compact buffer.
@@ -3235,9 +3923,9 @@ GNUNET_CRYPTO_private_key_get_length (
 */
 ssize_t
 GNUNET_CRYPTO_write_public_key_to_buffer (const struct
-                                            GNUNET_CRYPTO_PublicKey *key,
+                                          GNUNET_CRYPTO_PublicKey *key,
-                                            void*buffer,
+                                          void*buffer,
-                                            size_t len);
+                                          size_t len);
 /**
@@ -3397,15 +4085,15 @@ GNUNET_CRYPTO_sign_raw_ (
 * @param[out] sig where to write the signature
 */
 #define GNUNET_CRYPTO_sign(priv,ps,sig) do {                \
-          /* check size is set correctly */                                     \
+    /* check size is set correctly */                                     \
-          GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-          /* check 'ps' begins with the purpose */                              \
+    /* check 'ps' begins with the purpose */                              \
-          GNUNET_static_assert (((void*) (ps)) ==                               \
+    GNUNET_static_assert (((void*) (ps)) ==                               \
-                                ((void*) &(ps)->purpose));                      \
+                          ((void*) &(ps)->purpose));                      \
-          GNUNET_assert (GNUNET_OK ==                                           \
+    GNUNET_assert (GNUNET_OK ==                                           \
-                         GNUNET_CRYPTO_sign_ (priv,               \
+                   GNUNET_CRYPTO_sign_ (priv,               \
-                                                &(ps)->purpose,             \
+                                        &(ps)->purpose,             \
-                                                sig));                      \
+                                        sig));                      \
 } while (0)
@@ -3476,9 +4164,9 @@ GNUNET_CRYPTO_signature_verify_raw_ (
    GNUNET_static_assert (((void*) (ps)) ==                               \
                          ((void*) &(ps)->purpose));                      \
    GNUNET_CRYPTO_signature_verify_ (purp,                              \
-                                       &(ps)->purpose,                    \
+                                     &(ps)->purpose,                    \
-                                       sig,                               \
+                                     sig,                               \
-                                       pub);                              \
+                                     pub);                              \
  })
@@ -3499,10 +4187,10 @@ GNUNET_CRYPTO_signature_verify_raw_ (
 */
 ssize_t
 GNUNET_CRYPTO_encrypt_old (const void *block,
-                             size_t size,
+                           size_t size,
-                             const struct GNUNET_CRYPTO_PublicKey *pub,
+                           const struct GNUNET_CRYPTO_PublicKey *pub,
-                             struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                           struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                             void *result);
+                           void *result);
 /**
@@ -3528,8 +4216,8 @@ GNUNET_CRYPTO_decrypt_old (
  void *result);
 #define GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \
-                                                + sizeof (struct \
+                                              + sizeof (struct \
-                                                          GNUNET_CRYPTO_FoKemC))
+                                                        GNUNET_CRYPTO_FoKemC))
 /**
 * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a
@@ -3548,10 +4236,10 @@ GNUNET_CRYPTO_decrypt_old (
 */
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_encrypt (const void *block,
-                         size_t size,
+                       size_t size,
-                         const struct GNUNET_CRYPTO_PublicKey *pub,
+                       const struct GNUNET_CRYPTO_PublicKey *pub,
-                         void *result,
+                       void *result,
-                         size_t result_size);
+                       size_t result_size);
 /**
@@ -3567,10 +4255,10 @@ GNUNET_CRYPTO_encrypt (const void *block,
 */
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_decrypt (const void *block,
-                         size_t size,
+                       size_t size,
-                         const struct GNUNET_CRYPTO_PrivateKey *priv,
+                       const struct GNUNET_CRYPTO_PrivateKey *priv,
-                         void *result,
+                       void *result,
-                         size_t result_size);
+                       size_t result_size);
 /**
@@ -3609,7 +4297,7 @@ GNUNET_CRYPTO_private_key_to_string (
 */
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_public_key_from_string (const char*str,
-                                        struct GNUNET_CRYPTO_PublicKey *key);
+                                      struct GNUNET_CRYPTO_PublicKey *key);
 /**
@@ -3622,7 +4310,7 @@ GNUNET_CRYPTO_public_key_from_string (const char*str,
 */
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_private_key_from_string (const char*str,
-                                         struct GNUNET_CRYPTO_PrivateKey *key);
+                                       struct GNUNET_CRYPTO_PrivateKey *key);
 /**
@@ -3634,8 +4322,8 @@ GNUNET_CRYPTO_private_key_from_string (const char*str,
 */
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_key_get_public (const struct
-                                GNUNET_CRYPTO_PrivateKey *privkey,
+                              GNUNET_CRYPTO_PrivateKey *privkey,
-                                struct GNUNET_CRYPTO_PublicKey *key);
+                              struct GNUNET_CRYPTO_PublicKey *key);
 #if 0 /* keep Emacsens' auto-indent happy */
 {
diff --git a/src/include/gnunet_program_lib.h b/src/include/gnunet_program_lib.h
index 0c51d6cf7..b50838755 100644
--- a/src/include/gnunet_program_lib.h
+++ b/src/include/gnunet_program_lib.h
@@ -18,7 +18,7 @@
     SPDX-License-Identifier: AGPL3.0-or-later
 */
-#if !defined (__GNUNET_UTIL_LIB_H_INSIDE__)
+#if ! defined (__GNUNET_UTIL_LIB_H_INSIDE__)
 #error "Only <gnunet_util_lib.h> can be included directly."
 #endif
@@ -122,6 +122,45 @@ GNUNET_PROGRAM_run (int argc,
                    GNUNET_PROGRAM_Main task,
                    void *task_cls);
+enum GNUNET_GenericReturnValue
+GNUNET_DAEMON_register (const char *daemon_name,
+                        const char *daemon_desc,
+                        GNUNET_PROGRAM_Main task);
+#ifndef HAVE_GNUNET_MONOLITH
+#define GNUNET_DAEMON_MAIN(daemon_name, daemon_help, init_cb) \
+        int \
+        main (int argc, \
+              char *const *argv) \
+        { \
+          int ret; \
+          struct GNUNET_GETOPT_CommandLineOption options[] = { \
+            GNUNET_GETOPT_OPTION_END \
+          }; \
+          if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, \
+                                                         &argv)) \
+          return 2; \
+          ret =  GNUNET_PROGRAM_run (argc, \
+                                     argv, \
+                                     daemon_name, \
+                                     daemon_help, \
+                                     options, \
+                                     init_cb, \
+                                     NULL); \
+          GNUNET_free_nz ((void*) argv); \
+          return ret; \
+        }
+#else
+#define GNUNET_DAEMON_MAIN(daemon_name, daemon_help, init_cb) \
+        static int __attribute__ ((constructor)) \
+        init (void) \
+        { \
+          return GNUNET_DAEMON_register (daemon_name, \
+                                         daemon_help, \
+                                         init_cb); \
+        }
+#endif
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
diff --git a/src/lib/gnsrecord/meson.build b/src/lib/gnsrecord/meson.build
index a35d6b66e..40eff89c1 100644
--- a/src/lib/gnsrecord/meson.build
+++ b/src/lib/gnsrecord/meson.build
@@ -29,3 +29,58 @@ libgnunetgnsrecordjson = library('gnunetgnsrecordjson',
        install: true,
        install_dir: get_option('libdir'))
 libgnunetgnsrecordjson_dep = declare_dependency(link_with : libgnunetgnsrecordjson)
+testgnsrecrd_perf_crypto = executable ('perf_gnsrecord_crypto',
+          ['perf_gnsrecord_crypto.c'],
+          dependencies: [libgnunetutil_dep,
+                         libgnunetgnsrecord_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+testgnsrecrd_test_crypto = executable ('test_gnsrecord_crypto',
+          ['test_gnsrecord_crypto.c'],
+          dependencies: [libgnunetutil_dep,
+                         libgnunetgnsrecord_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+testgnsrecrd_test_serialization = executable ('test_gnsrecord_serialization',
+          ['test_gnsrecord_serialization.c'],
+          dependencies: [libgnunetutil_dep,
+                         libgnunetgnsrecord_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+testgnsrecrd_test_tvs = executable ('test_gnsrecord_testvectors',
+          ['test_gnsrecord_testvectors.c'],
+          dependencies: [libgnunetutil_dep,
+                         libgnunetgnsrecord_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+testgnsrecrd_test_exp = executable ('test_gnsrecord_block_expiration',
+          ['test_gnsrecord_block_expiration.c'],
+          dependencies: [libgnunetutil_dep,
+                         libgnunetgnsrecord_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+test('perf_gnsrecord_crypto', testgnsrecrd_perf_crypto,
+   workdir: meson.current_build_dir(),
+   suite: ['gnsrecord'])
+test('test_gnsrecord_crypto', testgnsrecrd_test_crypto,
+   workdir: meson.current_build_dir(),
+   suite: ['gnsrecord'])
+test('test_gnsrecord_serialization', testgnsrecrd_test_serialization,
+   workdir: meson.current_build_dir(),
+   suite: ['gnsrecord'])
+test('test_gnsrecord_block_expiration', testgnsrecrd_test_exp,
+   workdir: meson.current_build_dir(),
+   suite: ['gnsrecord'])
+test('test_gnsrecord_serialization', testgnsrecrd_test_serialization,
+   workdir: meson.current_build_dir(),
+   suite: ['gnsrecord'])
+test('test_gnsrecord_testvectors', testgnsrecrd_test_tvs,
+   workdir: meson.current_build_dir(),
+   suite: ['gnsrecord'])
diff --git a/src/lib/hello/meson.build b/src/lib/hello/meson.build
index 30e0f4c9c..caf70e4a7 100644
--- a/src/lib/hello/meson.build
+++ b/src/lib/hello/meson.build
@@ -13,11 +13,15 @@ pkg.generate(libgnunethello, url: 'https://www.gnunet.org',
             description : 'Helper library for handling GNUnet HELLO messages')
-# TNG
+test_hello_uri = executable ('test_hello_uri',
-#executable ('gnunet-hello',
+            ['test_hello-uri.c'],
-#            ['gnunet-hello.c'],
+            dependencies: [libgnunethello_dep,
-#            dependencies: [libgnunethello_dep, libgnunetutil_dep],
+                           libgnunetutil_dep,
-#            include_directories: [incdir, configuration_inc],
+                           gcrypt_dep],
-#            install: true,
+            include_directories: [incdir, configuration_inc],
-#            install_dir: get_option('bindir'))
+            build_by_default: false,
+            install: false)
+test('test_hello_uri', test_hello_uri,
+  workdir: meson.current_build_dir(),
+  suite: ['hello'])
diff --git a/src/lib/json/meson.build b/src/lib/json/meson.build
index 804b2516f..d4c3b4528 100644
--- a/src/lib/json/meson.build
+++ b/src/lib/json/meson.build
@@ -16,3 +16,29 @@ libgnunetjson_dep = declare_dependency(link_with : libgnunetjson)
 pkg.generate(libgnunetjson, url: 'https://www.gnunet.org',
             description : 'Library for JSON de/serialization')
+testjson = executable ('test_json',
+          ['test_json.c'],
+          dependencies: [libgnunetutil_dep,
+                         json_dep,
+                         libgnunetjson_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+testjson_mhd = executable ('test_json_mhd',
+          ['test_json_mhd.c'],
+          dependencies: [libgnunetutil_dep,
+                         json_dep,
+                         mhd_dep,
+                         curl_dep,
+                         zlib_dep,
+                         libgnunetjson_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+test('test_json', testjson,
+   workdir: meson.current_build_dir(),
+   suite: ['json'])
+test('test_json_mhd', testjson_mhd,
+   workdir: meson.current_build_dir(),
+   suite: ['json'])
diff --git a/src/lib/json/test_json.c b/src/lib/json/test_json.c
index db376d213..1d27518b2 100644
--- a/src/lib/json/test_json.c
+++ b/src/lib/json/test_json.c
@@ -171,7 +171,7 @@ test_rsa ()
  priv = GNUNET_CRYPTO_rsa_private_key_create (1024);
  pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv);
  memset (&msg, 42, sizeof(msg));
-  sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, &msg);
+  sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, &msg, sizeof (msg));
  GNUNET_assert (NULL != (jp = GNUNET_JSON_from_rsa_public_key (pub)));
  GNUNET_assert (NULL != (js = GNUNET_JSON_from_rsa_signature (sig)));
  GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (jp, pspec, NULL, NULL));
diff --git a/src/lib/pq/meson.build b/src/lib/pq/meson.build
index 5b4372b70..b94cd012f 100644
--- a/src/lib/pq/meson.build
+++ b/src/lib/pq/meson.build
@@ -16,3 +16,17 @@ libgnunetpq = library('gnunetpq',
        install: true,
        install_dir: get_option('libdir'))
 libgnunetpq_dep = declare_dependency(link_with : libgnunetpq)
+testpq = executable ('test_pq',
+          ['test_pq.c'],
+          dependencies: [libgnunetutil_dep,
+                         pq_dep,
+                         libgnunetpq_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+test('test_pq', testpq,
+   workdir: meson.current_build_dir(),
+   suite: ['pq'])
diff --git a/src/lib/sq/meson.build b/src/lib/sq/meson.build
index dffda7872..69d372cac 100644
--- a/src/lib/sq/meson.build
+++ b/src/lib/sq/meson.build
@@ -15,4 +15,16 @@ libgnunetsq = library('gnunetsq',
 pkg.generate(libgnunetsq, url: 'https://www.gnunet.org',
             description : 'Provides API for accessing the SQ service')
 libgnunetsq_dep = declare_dependency(link_with : libgnunetsq)
+testsq = executable ('test_sq',
+          ['test_sq.c'],
+          dependencies: [libgnunetutil_dep,
+                         sqlite_dep,
+                         libgnunetsq_dep],
+          include_directories: [incdir, configuration_inc],
+          build_by_default: false,
+          install: false)
+test('test_sq', testsq,
+   workdir: meson.current_build_dir(),
+   suite: ['sq'])
diff --git a/src/lib/sq/test_sq.c b/src/lib/sq/test_sq.c
index ecd9918d7..292de5f34 100644
--- a/src/lib/sq/test_sq.c
+++ b/src/lib/sq/test_sq.c
@@ -92,7 +92,8 @@ run_queries (sqlite3 *dbh)
  pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv);
  memset (&hmsg, 42, sizeof(hmsg));
  sig = GNUNET_CRYPTO_rsa_sign_fdh (priv,
-                                    &hmsg);
+                                    &hmsg,
+                                    sizeof (hmsg));
  u16 = 16;
  u32 = 32;
  u64 = 64;
diff --git a/src/lib/util/Makefile.am b/src/lib/util/Makefile.am
index d1b6f8287..7ab6301f5 100644
--- a/src/lib/util/Makefile.am
+++ b/src/lib/util/Makefile.am
@@ -52,7 +52,7 @@ libgnunetutil_la_SOURCES = \
  container_multiuuidmap.c \
  container_multipeermap.c \
  container_multihashmap32.c \
-  crypto_symmetric.c \
+  crypto_blind_sign.c \
  crypto_crc.c \
  crypto_cs.c \
  crypto_ecc.c \
@@ -70,6 +70,7 @@ libgnunetutil_la_SOURCES = \
  crypto_pow.c \
  crypto_random.c \
  crypto_rsa.c \
+  crypto_symmetric.c \
  disk.c \
  disk.h \
  dnsparser.c \
@@ -197,7 +198,7 @@ check_PROGRAMS = \
 test_container_multihashmap32 \
 test_container_multipeermap \
 test_container_heap \
- test_crypto_symmetric \
+ test_crypto_blind \
 test_crypto_crc \
 test_crypto_cs \
 test_crypto_ecdsa \
@@ -214,6 +215,7 @@ check_PROGRAMS = \
 test_crypto_paillier \
 test_crypto_random \
 test_crypto_rsa \
+ test_crypto_symmetric \
 test_disk \
 test_getopt \
 test_hexcoder \
@@ -346,6 +348,11 @@ test_container_heap_SOURCES = \
 test_container_heap_LDADD = \
 libgnunetutil.la
+test_crypto_blind_SOURCES = \
+ test_crypto_blind.c
+test_crypto_blind_LDADD = \
+ libgnunetutil.la
 test_crypto_symmetric_SOURCES = \
 test_crypto_symmetric.c
 test_crypto_symmetric_LDADD = \
diff --git a/src/lib/util/crypto_blind_sign.c b/src/lib/util/crypto_blind_sign.c
new file mode 100644
index 000000000..ac611cf4f
--- /dev/null
+++ b/src/lib/util/crypto_blind_sign.c
@@ -0,0 +1,713 @@
+/*
+  This file is part of GNUNET
+  Copyright (C) 2021, 2022, 2023 GNUnet e.V.
+  GNUNET is free software; you can redistribute it and/or modify it under the
+  terms of the GNU General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+  GNUNET is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+  You should have received a copy of the GNU General Public License along with
+  GNUNET; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file crypto_blind_sign.c
+ * @brief blind signatures (abstraction over RSA or CS)
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+void
+GNUNET_CRYPTO_blinding_input_values_decref (
+  struct GNUNET_CRYPTO_BlindingInputValues *bm)
+{
+  GNUNET_assert (bm->rc > 0);
+  bm->rc--;
+  if (0 != bm->rc)
+    return;
+  switch (bm->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    bm->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  case GNUNET_CRYPTO_BSA_CS:
+    bm->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  }
+  GNUNET_free (bm);
+}
+void
+GNUNET_CRYPTO_blind_sign_priv_decref (struct
+                                      GNUNET_CRYPTO_BlindSignPrivateKey *
+                                      bsign_priv)
+{
+  GNUNET_assert (bsign_priv->rc > 0);
+  bsign_priv->rc--;
+  if (0 != bsign_priv->rc)
+    return;
+  switch (bsign_priv->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (NULL != bsign_priv->details.rsa_private_key)
+    {
+      GNUNET_CRYPTO_rsa_private_key_free (bsign_priv->details.rsa_private_key);
+      bsign_priv->details.rsa_private_key = NULL;
+    }
+    bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  case GNUNET_CRYPTO_BSA_CS:
+    bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  }
+  GNUNET_free (bsign_priv);
+}
+void
+GNUNET_CRYPTO_blind_sign_pub_decref (struct
+                                     GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub)
+{
+  GNUNET_assert (bsign_pub->rc > 0);
+  bsign_pub->rc--;
+  if (0 != bsign_pub->rc)
+    return;
+  switch (bsign_pub->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (NULL != bsign_pub->details.rsa_public_key)
+    {
+      GNUNET_CRYPTO_rsa_public_key_free (bsign_pub->details.rsa_public_key);
+      bsign_pub->details.rsa_public_key = NULL;
+    }
+    bsign_pub->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  case GNUNET_CRYPTO_BSA_CS:
+    break;
+  }
+  GNUNET_free (bsign_pub);
+}
+void
+GNUNET_CRYPTO_unblinded_sig_decref (struct
+                                    GNUNET_CRYPTO_UnblindedSignature *ub_sig)
+{
+  GNUNET_assert (ub_sig->rc > 0);
+  ub_sig->rc--;
+  if (0 != ub_sig->rc)
+    return;
+  switch (ub_sig->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (NULL != ub_sig->details.rsa_signature)
+    {
+      GNUNET_CRYPTO_rsa_signature_free (ub_sig->details.rsa_signature);
+      ub_sig->details.rsa_signature = NULL;
+    }
+    ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  case GNUNET_CRYPTO_BSA_CS:
+    ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  }
+  GNUNET_free (ub_sig);
+}
+void
+GNUNET_CRYPTO_blinded_sig_decref (
+  struct GNUNET_CRYPTO_BlindedSignature *blind_sig)
+{
+  GNUNET_assert (blind_sig->rc > 0);
+  blind_sig->rc--;
+  if (0 != blind_sig->rc)
+    return;
+  switch (blind_sig->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (NULL != blind_sig->details.blinded_rsa_signature)
+    {
+      GNUNET_CRYPTO_rsa_signature_free (
+        blind_sig->details.blinded_rsa_signature);
+      blind_sig->details.blinded_rsa_signature = NULL;
+    }
+    blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  case GNUNET_CRYPTO_BSA_CS:
+    blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID;
+    break;
+  }
+  GNUNET_free (blind_sig);
+}
+void
+GNUNET_CRYPTO_blinded_message_decref (
+  struct GNUNET_CRYPTO_BlindedMessage *bm)
+{
+  GNUNET_assert (bm->rc > 0);
+  bm->rc--;
+  if (0 != bm->rc)
+    return;
+  switch (bm->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    GNUNET_free (bm->details.rsa_blinded_message.blinded_msg);
+    break;
+  case GNUNET_CRYPTO_BSA_CS:
+    break;
+  }
+  GNUNET_free (bm);
+}
+struct GNUNET_CRYPTO_BlindedMessage *
+GNUNET_CRYPTO_blinded_message_incref (
+  struct GNUNET_CRYPTO_BlindedMessage *bm)
+{
+  bm->rc++;
+  return bm;
+}
+struct GNUNET_CRYPTO_BlindingInputValues *
+GNUNET_CRYPTO_blinding_input_values_incref (
+  struct GNUNET_CRYPTO_BlindingInputValues *bm)
+{
+  bm->rc++;
+  return bm;
+}
+struct GNUNET_CRYPTO_BlindSignPublicKey *
+GNUNET_CRYPTO_bsign_pub_incref (
+  struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub)
+{
+  bsign_pub->rc++;
+  return bsign_pub;
+}
+struct GNUNET_CRYPTO_BlindSignPrivateKey *
+GNUNET_CRYPTO_bsign_priv_incref (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv)
+{
+  bsign_priv->rc++;
+  return bsign_priv;
+}
+struct GNUNET_CRYPTO_UnblindedSignature *
+GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig)
+{
+  ub_sig->rc++;
+  return ub_sig;
+}
+struct GNUNET_CRYPTO_BlindedSignature *
+GNUNET_CRYPTO_blind_sig_incref (
+  struct GNUNET_CRYPTO_BlindedSignature *blind_sig)
+{
+  blind_sig->rc++;
+  return blind_sig;
+}
+int
+GNUNET_CRYPTO_bsign_pub_cmp (
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1,
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2)
+{
+  if (bp1->cipher != bp2->cipher)
+    return (bp1->cipher > bp2->cipher) ? 1 : -1;
+  switch (bp1->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    return 0;
+  case GNUNET_CRYPTO_BSA_RSA:
+    return GNUNET_memcmp (&bp1->pub_key_hash,
+                          &bp2->pub_key_hash);
+  case GNUNET_CRYPTO_BSA_CS:
+    return GNUNET_memcmp (&bp1->pub_key_hash,
+                          &bp2->pub_key_hash);
+  }
+  GNUNET_assert (0);
+  return -2;
+}
+int
+GNUNET_CRYPTO_ub_sig_cmp (
+  const struct GNUNET_CRYPTO_UnblindedSignature *sig1,
+  const struct GNUNET_CRYPTO_UnblindedSignature *sig2)
+{
+  if (sig1->cipher != sig2->cipher)
+    return (sig1->cipher > sig2->cipher) ? 1 : -1;
+  switch (sig1->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    return 0;
+  case GNUNET_CRYPTO_BSA_RSA:
+    return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.rsa_signature,
+                                            sig2->details.rsa_signature);
+  case GNUNET_CRYPTO_BSA_CS:
+    return GNUNET_memcmp (&sig1->details.cs_signature,
+                          &sig2->details.cs_signature);
+  }
+  GNUNET_assert (0);
+  return -2;
+}
+int
+GNUNET_CRYPTO_blind_sig_cmp (
+  const struct GNUNET_CRYPTO_BlindedSignature *sig1,
+  const struct GNUNET_CRYPTO_BlindedSignature *sig2)
+{
+  if (sig1->cipher != sig2->cipher)
+    return (sig1->cipher > sig2->cipher) ? 1 : -1;
+  switch (sig1->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    return 0;
+  case GNUNET_CRYPTO_BSA_RSA:
+    return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.blinded_rsa_signature,
+                                            sig2->details.blinded_rsa_signature);
+  case GNUNET_CRYPTO_BSA_CS:
+    return GNUNET_memcmp (&sig1->details.blinded_cs_answer,
+                          &sig2->details.blinded_cs_answer);
+  }
+  GNUNET_assert (0);
+  return -2;
+}
+int
+GNUNET_CRYPTO_blinded_message_cmp (
+  const struct GNUNET_CRYPTO_BlindedMessage *bp1,
+  const struct GNUNET_CRYPTO_BlindedMessage *bp2)
+{
+  if (bp1->cipher != bp2->cipher)
+    return (bp1->cipher > bp2->cipher) ? 1 : -1;
+  switch (bp1->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    return 0;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (bp1->details.rsa_blinded_message.blinded_msg_size !=
+        bp2->details.rsa_blinded_message.blinded_msg_size)
+      return (bp1->details.rsa_blinded_message.blinded_msg_size >
+              bp2->details.rsa_blinded_message.blinded_msg_size) ? 1 : -1;
+    return memcmp (bp1->details.rsa_blinded_message.blinded_msg,
+                   bp2->details.rsa_blinded_message.blinded_msg,
+                   bp1->details.rsa_blinded_message.blinded_msg_size);
+  case GNUNET_CRYPTO_BSA_CS:
+    return GNUNET_memcmp (&bp1->details.cs_blinded_message,
+                          &bp2->details.cs_blinded_message);
+  }
+  GNUNET_assert (0);
+  return -2;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sign_keys_create (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv,
+  struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub,
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher,
+  ...)
+{
+  enum GNUNET_GenericReturnValue ret;
+  va_list ap;
+  va_start (ap,
+            cipher);
+  ret = GNUNET_CRYPTO_blind_sign_keys_create_va (bsign_priv,
+                                                 bsign_pub,
+                                                 cipher,
+                                                 ap);
+  va_end (ap);
+  return ret;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sign_keys_create_va (
+  struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv,
+  struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub,
+  enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher,
+  va_list ap)
+{
+  struct GNUNET_CRYPTO_BlindSignPrivateKey *priv;
+  struct GNUNET_CRYPTO_BlindSignPublicKey *pub;
+  priv = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPrivateKey);
+  priv->rc = 1;
+  priv->cipher = cipher;
+  *bsign_priv = priv;
+  pub = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPublicKey);
+  pub->rc = 1;
+  pub->cipher = cipher;
+  *bsign_pub = pub;
+  switch (cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    break;
+  case GNUNET_CRYPTO_BSA_RSA:
+    {
+      unsigned int bits;
+      bits = va_arg (ap,
+                     unsigned int);
+      if (bits < 512)
+      {
+        GNUNET_break (0);
+        break;
+      }
+      priv->details.rsa_private_key
+        = GNUNET_CRYPTO_rsa_private_key_create (bits);
+    }
+    if (NULL == priv->details.rsa_private_key)
+    {
+      GNUNET_break (0);
+      break;
+    }
+    pub->details.rsa_public_key
+      = GNUNET_CRYPTO_rsa_private_key_get_public (
+          priv->details.rsa_private_key);
+    GNUNET_CRYPTO_rsa_public_key_hash (pub->details.rsa_public_key,
+                                       &pub->pub_key_hash);
+    return GNUNET_OK;
+  case GNUNET_CRYPTO_BSA_CS:
+    GNUNET_CRYPTO_cs_private_key_generate (&priv->details.cs_private_key);
+    GNUNET_CRYPTO_cs_private_key_get_public (
+      &priv->details.cs_private_key,
+      &pub->details.cs_public_key);
+    GNUNET_CRYPTO_hash (&pub->details.cs_public_key,
+                        sizeof(pub->details.cs_public_key),
+                        &pub->pub_key_hash);
+    return GNUNET_OK;
+  }
+  GNUNET_free (priv);
+  GNUNET_free (pub);
+  *bsign_priv = NULL;
+  *bsign_pub = NULL;
+  return GNUNET_SYSERR;
+}
+struct GNUNET_CRYPTO_BlindingInputValues *
+GNUNET_CRYPTO_get_blinding_input_values (
+  const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv,
+  const union GNUNET_CRYPTO_BlindSessionNonce *nonce,
+  const char *salt)
+{
+  struct GNUNET_CRYPTO_BlindingInputValues *biv;
+  biv = GNUNET_new (struct GNUNET_CRYPTO_BlindingInputValues);
+  biv->cipher = bsign_priv->cipher;
+  biv->rc = 1;
+  switch (bsign_priv->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    GNUNET_free (biv);
+    return NULL;
+  case GNUNET_CRYPTO_BSA_RSA:
+    return biv;
+  case GNUNET_CRYPTO_BSA_CS:
+    {
+      struct GNUNET_CRYPTO_CsRSecret cspriv[2];
+      GNUNET_CRYPTO_cs_r_derive (&nonce->cs_nonce,
+                                 salt,
+                                 &bsign_priv->details.cs_private_key,
+                                 cspriv);
+      GNUNET_CRYPTO_cs_r_get_public (&cspriv[0],
+                                     &biv->details.cs_values.r_pub[0]);
+      GNUNET_CRYPTO_cs_r_get_public (&cspriv[1],
+                                     &biv->details.cs_values.r_pub[1]);
+      return biv;
+    }
+  }
+  GNUNET_break (0);
+  GNUNET_free (biv);
+  return NULL;
+}
+struct GNUNET_CRYPTO_BlindedMessage *
+GNUNET_CRYPTO_message_blind_to_sign (
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub,
+  const union GNUNET_CRYPTO_BlindingSecretP *bks,
+  const union GNUNET_CRYPTO_BlindSessionNonce *nonce,
+  const void *message,
+  size_t message_size,
+  const struct GNUNET_CRYPTO_BlindingInputValues *alg_values)
+{
+  struct GNUNET_CRYPTO_BlindedMessage *bm;
+  bm = GNUNET_new (struct GNUNET_CRYPTO_BlindedMessage);
+  bm->cipher = bsign_pub->cipher;
+  bm->rc = 1;
+  switch (bsign_pub->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    GNUNET_free (bm);
+    return NULL;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (GNUNET_YES !=
+        GNUNET_CRYPTO_rsa_blind (
+          message,
+          message_size,
+          &bks->rsa_bks,
+          bsign_pub->details.rsa_public_key,
+          &bm->details.rsa_blinded_message))
+    {
+      GNUNET_break (0);
+      GNUNET_free (bm);
+      return NULL;
+    }
+    return bm;
+  case GNUNET_CRYPTO_BSA_CS:
+    {
+      struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub;
+      struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
+      if (NULL == nonce)
+      {
+        GNUNET_break_op (0);
+        GNUNET_free (bm);
+        return NULL;
+      }
+      GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce,
+                                                bs);
+      GNUNET_CRYPTO_cs_calc_blinded_c (
+        bs,
+        alg_values->details.cs_values.r_pub,
+        &bsign_pub->details.cs_public_key,
+        message,
+        message_size,
+        bm->details.cs_blinded_message.c,
+        &blinded_r_pub);
+      bm->details.cs_blinded_message.nonce = nonce->cs_nonce;
+      (void) blinded_r_pub;
+      return bm;
+    }
+  }
+  GNUNET_break (0);
+  return NULL;
+}
+struct GNUNET_CRYPTO_BlindedSignature *
+GNUNET_CRYPTO_blind_sign (
+  const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv,
+  const char *salt,
+  const struct GNUNET_CRYPTO_BlindedMessage *blinded_message)
+{
+  struct GNUNET_CRYPTO_BlindedSignature *blind_sig;
+  if (blinded_message->cipher != bsign_priv->cipher)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
+  blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature);
+  blind_sig->cipher = bsign_priv->cipher;
+  blind_sig->rc = 1;
+  switch (bsign_priv->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    GNUNET_free (blind_sig);
+    return NULL;
+  case GNUNET_CRYPTO_BSA_RSA:
+    blind_sig->details.blinded_rsa_signature
+      = GNUNET_CRYPTO_rsa_sign_blinded (
+          bsign_priv->details.rsa_private_key,
+          &blinded_message->details.rsa_blinded_message);
+    if (NULL == blind_sig->details.blinded_rsa_signature)
+    {
+      GNUNET_break (0);
+      GNUNET_free (blind_sig);
+      return NULL;
+    }
+    return blind_sig;
+  case GNUNET_CRYPTO_BSA_CS:
+    {
+      struct GNUNET_CRYPTO_CsRSecret r[2];
+      GNUNET_CRYPTO_cs_r_derive (
+        &blinded_message->details.cs_blinded_message.nonce,
+        salt,
+        &bsign_priv->details.cs_private_key,
+        r);
+      GNUNET_CRYPTO_cs_sign_derive (
+        &bsign_priv->details.cs_private_key,
+        r,
+        &blinded_message->details.cs_blinded_message,
+        &blind_sig->details.blinded_cs_answer);
+    }
+    return blind_sig;
+  }
+  GNUNET_break (0);
+  return NULL;
+}
+struct GNUNET_CRYPTO_UnblindedSignature *
+GNUNET_CRYPTO_blind_sig_unblind (
+  const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig,
+  const union GNUNET_CRYPTO_BlindingSecretP *bks,
+  const void *message,
+  size_t message_size,
+  const struct GNUNET_CRYPTO_BlindingInputValues *alg_values,
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub)
+{
+  struct GNUNET_CRYPTO_UnblindedSignature *ub_sig;
+  if (blinded_sig->cipher != bsign_pub->cipher)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
+  if (blinded_sig->cipher != alg_values->cipher)
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
+  ub_sig = GNUNET_new (struct GNUNET_CRYPTO_UnblindedSignature);
+  ub_sig->cipher = blinded_sig->cipher;
+  ub_sig->rc = 1;
+  switch (bsign_pub->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    GNUNET_free (ub_sig);
+    return NULL;
+  case GNUNET_CRYPTO_BSA_RSA:
+    ub_sig->details.rsa_signature
+      = GNUNET_CRYPTO_rsa_unblind (
+          blinded_sig->details.blinded_rsa_signature,
+          &bks->rsa_bks,
+          bsign_pub->details.rsa_public_key);
+    if (NULL == ub_sig->details.rsa_signature)
+    {
+      GNUNET_break (0);
+      GNUNET_free (ub_sig);
+      return NULL;
+    }
+    return ub_sig;
+  case GNUNET_CRYPTO_BSA_CS:
+    {
+      struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
+      struct GNUNET_CRYPTO_CsC c[2];
+      struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
+      unsigned int b;
+      GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce,
+                                                bs);
+      GNUNET_CRYPTO_cs_calc_blinded_c (
+        bs,
+        alg_values->details.cs_values.r_pub,
+        &bsign_pub->details.cs_public_key,
+        message,
+        message_size,
+        c,
+        &r_pub_blind);
+      b = blinded_sig->details.blinded_cs_answer.b;
+      ub_sig->details.cs_signature.r_point
+        = r_pub_blind.r_pub[b];
+      GNUNET_CRYPTO_cs_unblind (
+        &blinded_sig->details.blinded_cs_answer.s_scalar,
+        &bs[b],
+        &ub_sig->details.cs_signature.s_scalar);
+      return ub_sig;
+    }
+  }
+  GNUNET_break (0);
+  GNUNET_free (ub_sig);
+  return NULL;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_blind_sig_verify (
+  const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub,
+  const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig,
+  const void *message,
+  size_t message_size)
+{
+  if (bsign_pub->cipher != ub_sig->cipher)
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  switch (bsign_pub->cipher)
+  {
+  case GNUNET_CRYPTO_BSA_INVALID:
+    GNUNET_break (0);
+    return GNUNET_NO;
+  case GNUNET_CRYPTO_BSA_RSA:
+    if (GNUNET_OK !=
+        GNUNET_CRYPTO_rsa_verify (message,
+                                  message_size,
+                                  ub_sig->details.rsa_signature,
+                                  bsign_pub->details.rsa_public_key))
+    {
+      GNUNET_break_op (0);
+      return GNUNET_NO;
+    }
+    return GNUNET_YES;
+  case GNUNET_CRYPTO_BSA_CS:
+    if (GNUNET_OK !=
+        GNUNET_CRYPTO_cs_verify (&ub_sig->details.cs_signature,
+                                 &bsign_pub->details.cs_public_key,
+                                 message,
+                                 message_size))
+    {
+      GNUNET_break_op (0);
+      return GNUNET_NO;
+    }
+    return GNUNET_YES;
+  }
+  GNUNET_break (0);
+  return GNUNET_NO;
+}
+/* end of crypto_blind_sign.c */
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c
index 8506c7fa6..049f63062 100644
--- a/src/lib/util/crypto_cs.c
+++ b/src/lib/util/crypto_cs.c
@@ -1,6 +1,6 @@
 /*
   This file is part of GNUnet
-   Copyright (C) 2014,2016,2019 GNUnet e.V.
+   Copyright (C) 2014,2016,2019, 2023 GNUnet e.V.
   GNUnet is free software: you can redistribute it and/or modify it
   under the terms of the GNU Affero General Public License as published
@@ -53,8 +53,9 @@ GNUNET_CRYPTO_cs_private_key_get_public (
  const struct GNUNET_CRYPTO_CsPrivateKey *priv,
  struct GNUNET_CRYPTO_CsPublicKey *pub)
 {
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y,
+  GNUNET_assert (0 ==
-                                                              priv->scalar.d));
+                 crypto_scalarmult_ed25519_base_noclamp (pub->point.y,
+                                                         priv->scalar.d));
 }
@@ -75,7 +76,7 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar *scalar)
 void
-GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
+GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
                           const char *seed,
                           const struct GNUNET_CRYPTO_CsPrivateKey *lts,
                           struct GNUNET_CRYPTO_CsRSecret r[2])
@@ -84,7 +85,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
    GNUNET_YES ==
    GNUNET_CRYPTO_kdf (
      r,     sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2,
-      seed,   strlen (seed),
+      seed,  strlen (seed),
      lts,   sizeof (*lts),
      nonce, sizeof (*nonce),
      NULL,  0));
@@ -97,14 +98,15 @@ void
 GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
                               struct GNUNET_CRYPTO_CsRPublic *r_pub)
 {
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
+  GNUNET_assert (0 ==
-                                                              r_priv->scalar.d));
+                 crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
+                                                         r_priv->scalar.d));
 }
 void
 GNUNET_CRYPTO_cs_blinding_secrets_derive (
-  const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+  const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
  struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
 {
  GNUNET_assert (
@@ -156,8 +158,12 @@ cs_full_domain_hash (const struct GNUNET_CRYPTO_CsRPublic *r_dash,
  // SHA-512 hash of R' and message
  size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len;
  char r_m_concat[r_m_concat_len];
-  memcpy (r_m_concat, r_dash, sizeof(struct GNUNET_CRYPTO_CsRPublic));
+  memcpy (r_m_concat,
-  memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), msg, msg_len);
+          r_dash,
+          sizeof(struct GNUNET_CRYPTO_CsRPublic));
+  memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic),
+          msg,
+          msg_len);
  struct GNUNET_HashCode prehash;
  GNUNET_CRYPTO_hash (r_m_concat,
@@ -208,22 +214,26 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs,
 {
  // R'i = Ri + alpha i*G + beta i*pub
  struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base;
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (
+  GNUNET_assert (0 ==
+                 crypto_scalarmult_ed25519_base_noclamp (
                   alpha_mul_base.y,
                   bs->alpha.d));
  struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub;
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (beta_mul_pub.y,
+  GNUNET_assert (0 ==
-                                                         bs->beta.d,
+                 crypto_scalarmult_ed25519_noclamp (
-                                                         pub->point.y));
+                   beta_mul_pub.y,
+                   bs->beta.d,
+                   pub->point.y));
  struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub;
  GNUNET_assert (0 == crypto_core_ed25519_add (
                   alpha_mul_base_plus_beta_mul_pub.y,
                   alpha_mul_base.y,
                   beta_mul_pub.y));
-  GNUNET_assert (0 == crypto_core_ed25519_add (blinded_r_pub->point.y,
+  GNUNET_assert (0 ==
-                                               r_pub->point.y,
+                 crypto_core_ed25519_add (
-                                               alpha_mul_base_plus_beta_mul_pub.
+                   blinded_r_pub->point.y,
-                                               y));
+                   r_pub->point.y,
+                   alpha_mul_base_plus_beta_mul_pub.y));
 }
@@ -235,19 +245,33 @@ GNUNET_CRYPTO_cs_calc_blinded_c (
  const void *msg,
  size_t msg_len,
  struct GNUNET_CRYPTO_CsC blinded_c[2],
-  struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
+  struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
 {
-  // for i 0/1: R'i = Ri + alpha i*G + beta i*pub
+  /* for i 0/1: R'i = Ri + alpha i*G + beta i*pub */
-  calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]);
+  calc_r_dash (&bs[0],
-  calc_r_dash (&bs[1], &r_pub[1], pub, &blinded_r_pub[1]);
+               &r_pub[0],
+               pub,
-  // for i 0/1: c'i = H(R'i, msg)
+               &r_pub_blind->r_pub[0]);
+  calc_r_dash (&bs[1],
+               &r_pub[1],
+               pub,
+               &r_pub_blind->r_pub[1]);
+  /* for i 0/1: c'i = H(R'i, msg) */
  struct GNUNET_CRYPTO_CsC c_dash_0;
  struct GNUNET_CRYPTO_CsC c_dash_1;
-  cs_full_domain_hash (&blinded_r_pub[0], msg, msg_len, pub, &c_dash_0);
+  cs_full_domain_hash (&r_pub_blind->r_pub[0],
-  cs_full_domain_hash (&blinded_r_pub[1], msg, msg_len, pub, &c_dash_1);
+                       msg,
+                       msg_len,
+                       pub,
+                       &c_dash_0);
+  cs_full_domain_hash (&r_pub_blind->r_pub[1],
+                       msg,
+                       msg_len,
+                       pub,
+                       &c_dash_1);
-  // for i 0/1: ci = c'i + beta i mod p
+  /* for i 0/1: ci = c'i + beta i mod p */
  crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d,
                                  c_dash_0.scalar.d,
                                  bs[0].beta.d);
@@ -257,17 +281,17 @@ GNUNET_CRYPTO_cs_calc_blinded_c (
 }
-unsigned int
+void
 GNUNET_CRYPTO_cs_sign_derive (
  const struct GNUNET_CRYPTO_CsPrivateKey *priv,
  const struct GNUNET_CRYPTO_CsRSecret r[2],
-  const struct GNUNET_CRYPTO_CsC c[2],
+  const struct GNUNET_CRYPTO_CsBlindedMessage *bm,
-  const struct GNUNET_CRYPTO_CsNonce *nonce,
+  struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
-  struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
 {
+  struct GNUNET_CRYPTO_Cs25519Scalar c_b_mul_priv;
  uint32_t hkdf_out;
-  // derive clause session identifier b (random bit)
+  /* derive clause session identifier b (random bit) */
  GNUNET_assert (GNUNET_YES ==
                 GNUNET_CRYPTO_hkdf (&hkdf_out,
                                     sizeof (hkdf_out),
@@ -277,22 +301,19 @@ GNUNET_CRYPTO_cs_sign_derive (
                                     strlen ("b"),
                                     priv,
                                     sizeof (*priv),
-                                     nonce,
+                                     &bm->nonce,
-                                     sizeof (*nonce),
+                                     sizeof (bm->nonce),
                                     NULL,
                                     0));
-  unsigned int b = hkdf_out % 2;
+  cs_blind_sig->b = hkdf_out % 2;
-  // s = r_b + c_b priv
+  /* s = r_b + c_b * priv */
-  struct GNUNET_CRYPTO_Cs25519Scalar c_b_mul_priv;
  crypto_core_ed25519_scalar_mul (c_b_mul_priv.d,
-                                  c[b].scalar.d,
+                                  bm->c[cs_blind_sig->b].scalar.d,
                                  priv->scalar.d);
-  crypto_core_ed25519_scalar_add (blinded_signature_scalar->scalar.d,
+  crypto_core_ed25519_scalar_add (cs_blind_sig->s_scalar.scalar.d,
-                                  r[b].scalar.d,
+                                  r[cs_blind_sig->b].scalar.d,
                                  c_b_mul_priv.d);
-  return b;
 }
@@ -325,7 +346,8 @@ GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
  // s'G ?= R' + c' pub
  struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base;
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (
+  GNUNET_assert (0 ==
+                 crypto_scalarmult_ed25519_base_noclamp (
                   sig_scal_mul_base.y,
                   sig->s_scalar.scalar.d));
  struct GNUNET_CRYPTO_Cs25519Point c_dash_mul_pub;
diff --git a/src/lib/util/crypto_rsa.c b/src/lib/util/crypto_rsa.c
index 2c446d21a..aeae3de8f 100644
--- a/src/lib/util/crypto_rsa.c
+++ b/src/lib/util/crypto_rsa.c
@@ -1,6 +1,6 @@
 /*
   This file is part of GNUnet
-   Copyright (C) 2014,2016,2019 GNUnet e.V.
+   Copyright (C) 2014,2016,2019,2023 GNUnet e.V.
   GNUnet is free software: you can redistribute it and/or modify it
   under the terms of the GNU Affero General Public License as published
@@ -178,9 +178,9 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 size_t
-GNUNET_CRYPTO_rsa_private_key_encode (const struct
+GNUNET_CRYPTO_rsa_private_key_encode (
-                                      GNUNET_CRYPTO_RsaPrivateKey *key,
+  const struct GNUNET_CRYPTO_RsaPrivateKey *key,
-                                      void **buffer)
+  void **buffer)
 {
  size_t n;
  char *b;
@@ -745,24 +745,33 @@ numeric_mpi_alloc_n_print (gcry_mpi_t v,
 *   https://eprint.iacr.org/2001/002.pdf
 *   http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf
 *
- * @param hash initial hash of the message to sign
+ * @param message the message to sign
+ * @param message_size number of bytes in @a message
 * @param pkey the public key of the signer
 * @param rsize If not NULL, the number of bytes actually stored in buffer
 * @return MPI value set to the FDH, NULL if RSA key is malicious
 */
 static gcry_mpi_t
 rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
-                      const struct GNUNET_HashCode *hash)
+                      const void *message,
+                      size_t message_size)
 {
-  gcry_mpi_t r, n;
+  gcry_mpi_t r;
+  gcry_mpi_t n;
  void *xts;
  size_t xts_len;
  int ok;
  /* Extract the composite n from the RSA public key */
-  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
+  GNUNET_assert (0 ==
+                 key_from_sexp (&n,
+                                pkey->sexp,
+                                "rsa",
+                                "n"));
  /* Assert that it at least looks like an RSA key */
-  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
+  GNUNET_assert (0 ==
+                 gcry_mpi_get_flag (n,
+                                    GCRYMPI_FLAG_OPAQUE));
  /* We key with the public denomination key as a homage to RSA-PSS by  *
  * Mihir Bellare and Phillip Rogaway.  Doing this lowers the degree   *
@@ -774,7 +783,7 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
  GNUNET_CRYPTO_kdf_mod_mpi (&r,
                             n,
                             xts, xts_len,
-                             hash, sizeof(*hash),
+                             message, message_size,
                             "RSA-FDA FTpsW!");
  GNUNET_free (xts);
  ok = rsa_gcd_validate (r, n);
@@ -786,12 +795,20 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
 }
+void
+GNUNET_CRYPTO_rsa_blinded_message_free (
+  struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
+{
+  GNUNET_free (bm->blinded_msg);
+}
 enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
+GNUNET_CRYPTO_rsa_blind (const void *message,
+                         size_t message_size,
                         const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
                         struct GNUNET_CRYPTO_RsaPublicKey *pkey,
-                         void **buf,
+                         struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
-                         size_t *buf_size)
 {
  struct RsaBlindingKey *bkey;
  gcry_mpi_t data;
@@ -801,31 +818,36 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
  int ret;
  BENCHMARK_START (rsa_blind);
+  ret = key_from_sexp (ne,
-  GNUNET_assert (buf != NULL);
+                       pkey->sexp,
-  GNUNET_assert (buf_size != NULL);
+                       "public-key",
-  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
+                       "ne");
  if (0 != ret)
-    ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
+    ret = key_from_sexp (ne,
+                         pkey->sexp,
+                         "rsa",
+                         "ne");
  if (0 != ret)
  {
    GNUNET_break (0);
-    *buf = NULL;
+    bm->blinded_msg = NULL;
-    *buf_size = 0;
+    bm->blinded_msg_size = 0;
+    BENCHMARK_END (rsa_blind);
    return GNUNET_NO;
  }
-  data = rsa_full_domain_hash (pkey, hash);
+  data = rsa_full_domain_hash (pkey,
+                               message,
+                               message_size);
  if (NULL == data)
    goto rsa_gcd_validate_failure;
+  bkey = rsa_blinding_key_derive (pkey,
-  bkey = rsa_blinding_key_derive (pkey, bks);
+                                  bks);
  if (NULL == bkey)
  {
    gcry_mpi_release (data);
    goto rsa_gcd_validate_failure;
  }
  r_e = gcry_mpi_new (0);
  gcry_mpi_powm (r_e,
                 bkey->r,
@@ -842,12 +864,12 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
  gcry_mpi_release (r_e);
  rsa_blinding_key_free (bkey);
-  *buf_size = numeric_mpi_alloc_n_print (data_r_e,
+  bm->blinded_msg_size
-                                         (char **) buf);
+    = numeric_mpi_alloc_n_print (data_r_e,
+                                 (char **) &bm->blinded_msg);
  gcry_mpi_release (data_r_e);
  BENCHMARK_END (rsa_blind);
  return GNUNET_YES;
 rsa_gcd_validate_failure:
@@ -855,8 +877,9 @@ rsa_gcd_validate_failure:
  /* GNUNET_break_op (0); */
  gcry_mpi_release (ne[0]);
  gcry_mpi_release (ne[1]);
-  *buf = NULL;
+  bm->blinded_msg = NULL;
-  *buf_size = 0;
+  bm->blinded_msg_size = 0;
+  BENCHMARK_END (rsa_blind);
  return GNUNET_NO;
 }
@@ -945,22 +968,20 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
-                                const void *msg,
+                                const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
-                                size_t msg_len)
 {
  gcry_mpi_t v = NULL;
  struct GNUNET_CRYPTO_RsaSignature *sig;
  BENCHMARK_START (rsa_sign_blinded);
  GNUNET_assert (0 ==
                 gcry_mpi_scan (&v,
                                GCRYMPI_FMT_USG,
-                                msg,
+                                bm->blinded_msg,
-                                msg_len,
+                                bm->blinded_msg_size,
                                NULL));
+  sig = rsa_sign_mpi (key,
-  sig = rsa_sign_mpi (key, v);
+                      v);
  gcry_mpi_release (v);
  BENCHMARK_END (rsa_sign_blinded);
  return sig;
@@ -969,14 +990,17 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
 struct GNUNET_CRYPTO_RsaSignature *
 GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
-                            const struct GNUNET_HashCode *hash)
+                            const void *message,
+                            size_t message_size)
 {
  struct GNUNET_CRYPTO_RsaPublicKey *pkey;
  gcry_mpi_t v = NULL;
  struct GNUNET_CRYPTO_RsaSignature *sig;
  pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key);
-  v = rsa_full_domain_hash (pkey, hash);
+  v = rsa_full_domain_hash (pkey,
+                            message,
+                            message_size);
  GNUNET_CRYPTO_rsa_public_key_free (pkey);
  if (NULL == v)   /* rsa_gcd_validate failed meaning */
    return NULL;   /* our *own* RSA key is malicious. */
@@ -1172,7 +1196,8 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
 enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
+GNUNET_CRYPTO_rsa_verify (const void *message,
+                          size_t message_size,
                          const struct GNUNET_CRYPTO_RsaSignature *sig,
                          const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 {
@@ -1182,7 +1207,9 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
  BENCHMARK_START (rsa_verify);
-  r = rsa_full_domain_hash (pkey, hash);
+  r = rsa_full_domain_hash (pkey,
+                            message,
+                            message_size);
  if (NULL == r)
  {
    GNUNET_break_op (0);
@@ -1260,4 +1287,4 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 }
-/* end of util/rsa.c */
+/* end of crypto_rsa.c */
diff --git a/src/lib/util/perf_crypto_rsa.c b/src/lib/util/perf_crypto_rsa.c
index ab9f362cf..721973b1a 100644
--- a/src/lib/util/perf_crypto_rsa.c
+++ b/src/lib/util/perf_crypto_rsa.c
@@ -45,9 +45,8 @@ eval (unsigned int len)
  struct GNUNET_CRYPTO_RsaBlindingKeySecret bsec[10];
  unsigned int i;
  char sbuf[128];
-  void *bbuf;
-  size_t bbuf_len;
  struct GNUNET_HashCode hc;
+  struct GNUNET_CRYPTO_RsaBlindedMessage bm;
  start = GNUNET_TIME_absolute_get ();
  for (i = 0; i < 10; i++)
@@ -95,17 +94,17 @@ eval (unsigned int len)
  for (i = 0; i < 10; i++)
  {
    GNUNET_CRYPTO_rsa_blind (&hc,
+                             sizeof (hc),
                             &bsec[i],
                             public_key,
-                             &bbuf,
+                             &bm);
-                             &bbuf_len);
+    GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
-    GNUNET_free (bbuf);
  }
  printf ("10x %u-blinding took %s\n",
          len,
          GNUNET_STRINGS_relative_time_to_string (
            GNUNET_TIME_absolute_get_duration (start),
-            GNUNET_YES));
+            true));
  GNUNET_snprintf (sbuf,
                   sizeof(sbuf),
                   "RSA %u-blinding",
@@ -116,16 +115,15 @@ eval (unsigned int len)
                       + GNUNET_TIME_absolute_get_duration
                         (start).rel_value_us / 1000LL), "ops/ms");
  GNUNET_CRYPTO_rsa_blind (&hc,
+                           sizeof (hc),
                           &bsec[0],
                           public_key,
-                           &bbuf,
+                           &bm);
-                           &bbuf_len);
  start = GNUNET_TIME_absolute_get ();
  for (i = 0; i < 10; i++)
  {
    sig = GNUNET_CRYPTO_rsa_sign_blinded (private_key,
-                                          bbuf,
+                                          &bm);
-                                          bbuf_len);
    GNUNET_CRYPTO_rsa_signature_free (sig);
  }
  printf ("10x %u-signing took %s\n",
@@ -143,8 +141,7 @@ eval (unsigned int len)
                       + GNUNET_TIME_absolute_get_duration
                         (start).rel_value_us / 1000LL), "ops/ms");
  sig = GNUNET_CRYPTO_rsa_sign_blinded (private_key,
-                                        bbuf,
+                                        &bm);
-                                        bbuf_len);
  start = GNUNET_TIME_absolute_get ();
  for (i = 0; i < 10; i++)
  {
@@ -157,7 +154,7 @@ eval (unsigned int len)
          len,
          GNUNET_STRINGS_relative_time_to_string (
            GNUNET_TIME_absolute_get_duration (start),
-            GNUNET_YES));
+            true));
  GNUNET_snprintf (sbuf,
                   sizeof(sbuf),
                   "RSA %u-unblinding",
@@ -175,6 +172,7 @@ eval (unsigned int len)
  {
    GNUNET_assert (GNUNET_OK ==
                   GNUNET_CRYPTO_rsa_verify (&hc,
+                                             sizeof (hc),
                                             rsig,
                                             public_key));
  }
@@ -195,7 +193,7 @@ eval (unsigned int len)
  GNUNET_CRYPTO_rsa_signature_free (sig);
  GNUNET_CRYPTO_rsa_public_key_free (public_key);
  GNUNET_CRYPTO_rsa_private_key_free (private_key);
-  GNUNET_free (bbuf);
+  GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
 }
diff --git a/src/lib/util/program.c b/src/lib/util/program.c
index 21b616ee2..2801b7650 100644
--- a/src/lib/util/program.c
+++ b/src/lib/util/program.c
@@ -35,7 +35,7 @@
 #define LOG(kind, ...) GNUNET_log_from (kind, "util-program", __VA_ARGS__)
 #define LOG_STRERROR_FILE(kind, syscall, filename) \
-  GNUNET_log_from_strerror_file (kind, "util-program", syscall, filename)
+        GNUNET_log_from_strerror_file (kind, "util-program", syscall, filename)
 /**
 * Context for the command.
@@ -416,4 +416,39 @@ GNUNET_PROGRAM_run (int argc,
 }
+/* A list of daemons to be launched when GNUNET_main()
+ * is called
+ */
+struct DaemonHandleList
+{
+  /* DLL */
+  struct DaemonHandleList *prev;
+  /* DLL */
+  struct DaemonHandleList *next;
+  /* Program to launch */
+  GNUNET_PROGRAM_Main d;
+};
+/* The daemon list */
+static struct DaemonHandleList *hll_head = NULL;
+/* The daemon list */
+static struct DaemonHandleList *hll_tail = NULL;
+enum GNUNET_GenericReturnValue
+GNUNET_DAEMON_register (const char *daemon_name,
+                        const char *daemon_help,
+                        GNUNET_PROGRAM_Main task)
+{
+  struct DaemonHandleList *hle;
+  hle = GNUNET_new (struct DaemonHandleList);
+  hle->d = task;
+  GNUNET_CONTAINER_DLL_insert (hll_head, hll_tail, hle);
+  return GNUNET_OK;
+}
 /* end of program.c */
diff --git a/src/lib/util/test_crypto_blind.c b/src/lib/util/test_crypto_blind.c
new file mode 100644
index 000000000..d7efd79ea
--- /dev/null
+++ b/src/lib/util/test_crypto_blind.c
@@ -0,0 +1,86 @@
+/*
+   This file is part of GNUnet
+   Copyright (C) 2014, 2015, 2023 GNUnet e.V.
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file util/test_crypto_blind.c
+ * @brief testcase for utility functions for blind signatures
+ * @author Christian Grothoff <grothoff@gnunet.org>
+ */
+#include "platform.h"
+#include <gcrypt.h>
+#include "gnunet_util_lib.h"
+int
+main (int argc,
+      char *argv[])
+{
+  struct GNUNET_CRYPTO_BlindSignPrivateKey *priv;
+  struct GNUNET_CRYPTO_BlindSignPublicKey *pub;
+  struct GNUNET_CRYPTO_BlindingInputValues *biv;
+  struct GNUNET_CRYPTO_BlindedMessage *bm;
+  struct GNUNET_CRYPTO_BlindedSignature *bsig;
+  struct GNUNET_CRYPTO_UnblindedSignature *sig;
+  union GNUNET_CRYPTO_BlindingSecretP bsec;
+  union GNUNET_CRYPTO_BlindSessionNonce nonce;
+  GNUNET_log_setup ("test-crypto-blind",
+                    "WARNING",
+                    NULL);
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                              &bsec,
+                              sizeof (bsec));
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                              &nonce,
+                              sizeof (nonce));
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_blind_sign_keys_create (&priv,
+                                                       &pub,
+                                                       GNUNET_CRYPTO_BSA_CS));
+  biv = GNUNET_CRYPTO_get_blinding_input_values (priv,
+                                                 &nonce,
+                                                 "salt");
+  bm = GNUNET_CRYPTO_message_blind_to_sign (pub,
+                                            &bsec,
+                                            &nonce,
+                                            "hello",
+                                            5,
+                                            biv);
+  bsig = GNUNET_CRYPTO_blind_sign (priv,
+                                   "salt",
+                                   bm);
+  sig = GNUNET_CRYPTO_blind_sig_unblind (bsig,
+                                         &bsec,
+                                         "hello",
+                                         5,
+                                         biv,
+                                         pub);
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_blind_sig_verify (pub,
+                                                 sig,
+                                                 "hello",
+                                                 5));
+  GNUNET_CRYPTO_blinded_sig_decref (bsig);
+  GNUNET_CRYPTO_unblinded_sig_decref (sig);
+  GNUNET_CRYPTO_blinded_message_decref (bm);
+  GNUNET_CRYPTO_blind_sign_priv_decref (priv);
+  GNUNET_CRYPTO_blind_sign_pub_decref (pub);
+  return 0;
+}
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c
index 6fd2361fb..ee68db72f 100644
--- a/src/lib/util/test_crypto_cs.c
+++ b/src/lib/util/test_crypto_cs.c
@@ -1,6 +1,6 @@
 /*
   This file is part of GNUnet
-   Copyright (C) 2021,2022 GNUnet e.V.
+   Copyright (C) 2021,2022, 2023 GNUnet e.V.
   GNUnet is free software: you can redistribute it and/or modify it
   under the terms of the GNU Affero General Public License as published
@@ -31,6 +31,7 @@
 #define ITER 25
 static void
 test_create_priv (struct GNUNET_CRYPTO_CsPrivateKey *priv)
 {
@@ -39,8 +40,10 @@ test_create_priv (struct GNUNET_CRYPTO_CsPrivateKey *priv)
   */
  struct GNUNET_CRYPTO_CsPrivateKey other_priv;
-  other_priv = *priv;
  GNUNET_CRYPTO_cs_private_key_generate (priv);
+  memset (&other_priv,
+          42,
+          sizeof (other_priv));
  GNUNET_assert (0 !=
                 GNUNET_memcmp (&other_priv.scalar,
                                &priv->scalar));
@@ -56,9 +59,11 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey *priv,
   */
  struct GNUNET_CRYPTO_CsPublicKey other_pub;
-  other_pub = *pub;
  GNUNET_CRYPTO_cs_private_key_get_public (priv,
                                           pub);
+  memset (&other_pub,
+          42,
+          sizeof (other_pub));
  GNUNET_assert (0 !=
                 GNUNET_memcmp (&other_pub.point,
                                &pub->point));
@@ -85,7 +90,7 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey *priv,
 static void
-test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce,
+test_derive_rsecret (const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
                     const struct GNUNET_CRYPTO_CsPrivateKey *priv,
                     struct GNUNET_CRYPTO_CsRSecret r[2])
 {
@@ -164,7 +169,7 @@ test_generate_rpublic (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
 static void
-test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed,
+test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed,
                             struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
 {
  /* TEST 1
@@ -176,7 +181,8 @@ test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed,
          bs,
          sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) * 2);
-  GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed, bs);
+  GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed,
+                                            bs);
  GNUNET_assert (0 !=
                 memcmp (other_bs,
@@ -193,7 +199,8 @@ test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed,
          sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) * 2);
  for (unsigned int i = 0; i<ITER; i++)
  {
-    GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed, bs);
+    GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed,
+                                              bs);
    GNUNET_assert (0 == memcmp (&other_bs[0],
                                &bs[0],
                                sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
@@ -209,7 +216,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
                    const void *msg,
                    size_t msg_len,
                    struct GNUNET_CRYPTO_CsC blinded_cs[2],
-                    struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
+                    struct GNUNET_CRYPTO_CSPublicRPairP *blinded_r_pub)
 {
  /* TEST 1
   * Check that the blinded c's and blinded r's
@@ -220,10 +227,8 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
          &blinded_cs[0],
          sizeof(struct GNUNET_CRYPTO_CsC) * 2);
-  struct GNUNET_CRYPTO_CsRPublic other_blinded_r_pub[2];
+  struct GNUNET_CRYPTO_CSPublicRPairP other_blinded_pub;
-  memcpy (&other_blinded_r_pub[0],
+  other_blinded_pub = *blinded_r_pub;
-          &blinded_r_pub[0],
-          sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2);
  GNUNET_CRYPTO_cs_calc_blinded_c (bs,
                                   r_pub,
@@ -236,9 +241,9 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
  GNUNET_assert (0 != memcmp (&other_blinded_c[0],
                              &blinded_cs[0],
                              sizeof(struct GNUNET_CRYPTO_CsC) * 2));
-  GNUNET_assert (0 != memcmp (&other_blinded_r_pub[0],
+  GNUNET_assert (0 !=
-                              &blinded_r_pub[0],
+                 GNUNET_memcmp (&other_blinded_pub,
-                              sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
+                                blinded_r_pub));
  /* TEST 2
   * Check if R' - aG -bX = R for b = 0
@@ -251,37 +256,41 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
    struct GNUNET_CRYPTO_Cs25519Point r_min_aG;
    struct GNUNET_CRYPTO_CsRPublic res;
-    GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (
+    GNUNET_assert (0 ==
+                   crypto_scalarmult_ed25519_base_noclamp (
                     aG.y,
                     bs[b].alpha.d));
+    GNUNET_assert (0 ==
-    GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (
+                   crypto_scalarmult_ed25519_noclamp (
                     bX.y,
                     bs[b].beta.d,
                     pub->point.y));
+    GNUNET_assert (0 ==
-    GNUNET_assert (0 == crypto_core_ed25519_sub (
+                   crypto_core_ed25519_sub (
                     r_min_aG.y,
-                     blinded_r_pub[b].point.y,
+                     blinded_r_pub->r_pub[b].point.y,
                     aG.y));
    GNUNET_assert (0 == crypto_core_ed25519_sub (
                     res.point.y,
                     r_min_aG.y,
                     bX.y));
-    GNUNET_assert (0 == memcmp (&res, &r_pub[b], sizeof(struct
+    GNUNET_assert (0 ==
-                                                        GNUNET_CRYPTO_CsRPublic)));
+                   memcmp (&res,
+                           &r_pub[b],
+                           sizeof(struct GNUNET_CRYPTO_CsRPublic)));
  }
  /* TEST 3
   * Check that the blinded r_pubs' are valid points
   */
-  GNUNET_assert (1 == crypto_core_ed25519_is_valid_point (
+  GNUNET_assert (1 ==
-                   blinded_r_pub[0].point.y));
+                 crypto_core_ed25519_is_valid_point (
-  GNUNET_assert (1 == crypto_core_ed25519_is_valid_point (
+                   blinded_r_pub->r_pub[0].point.y));
-                   blinded_r_pub[1].point.y));
+  GNUNET_assert (1 ==
+                 crypto_core_ed25519_is_valid_point (
+                   blinded_r_pub->r_pub[1].point.y));
  /* TEST 4
   * Check if function gives the same result for the same input.
@@ -289,9 +298,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
  memcpy (&other_blinded_c[0],
          &blinded_cs[0],
          sizeof(struct GNUNET_CRYPTO_CsC) * 2);
-  memcpy (&other_blinded_r_pub[0],
+  other_blinded_pub = *blinded_r_pub;
-          &blinded_r_pub[0],
-          sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2);
  for (unsigned int i = 0; i<ITER; i++)
  {
@@ -302,40 +309,37 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
                                     msg_len,
                                     blinded_cs,
                                     blinded_r_pub);
-    GNUNET_assert (0 == memcmp (&other_blinded_c[0],
+    GNUNET_assert (0 ==
-                                &blinded_cs[0],
+                   memcmp (&other_blinded_c[0],
-                                sizeof(struct GNUNET_CRYPTO_CsC) * 2));
+                           &blinded_cs[0],
-    GNUNET_assert (0 == memcmp (&other_blinded_r_pub[0],
+                           sizeof(struct GNUNET_CRYPTO_CsC) * 2));
-                                &blinded_r_pub[0],
+    GNUNET_assert (0 ==
-                                sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
+                   GNUNET_memcmp (&other_blinded_pub,
+                                  blinded_r_pub));
  }
 }
 static void
-test_blind_sign (unsigned int *b,
+test_blind_sign (const struct GNUNET_CRYPTO_CsPrivateKey *priv,
-                 const struct GNUNET_CRYPTO_CsPrivateKey *priv,
                 const struct GNUNET_CRYPTO_CsRSecret r[2],
-                 const struct GNUNET_CRYPTO_CsC c[2],
+                 const struct GNUNET_CRYPTO_CsBlindedMessage *bm,
-                 const struct GNUNET_CRYPTO_CsNonce *nonce,
+                 struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
-                 struct GNUNET_CRYPTO_CsBlindS *blinded_s)
 {
  /* TEST 1
   * Check that blinded_s is set
   */
-  struct GNUNET_CRYPTO_CsC other_blinded_s;
+  struct GNUNET_CRYPTO_CsBlindSignature other_blind_sig;
-  memcpy (&other_blinded_s, blinded_s, sizeof(struct GNUNET_CRYPTO_CsBlindS));
+  memset (&other_blind_sig,
-  *b = GNUNET_CRYPTO_cs_sign_derive (priv,
+          44,
-                                     r,
+          sizeof (other_blind_sig));
-                                     c,
+  GNUNET_CRYPTO_cs_sign_derive (priv,
-                                     nonce,
+                                r,
-                                     blinded_s);
+                                bm,
+                                &other_blind_sig);
-  GNUNET_assert (0 == *b || 1 == *b);
+  GNUNET_assert (0 == other_blind_sig.b ||
-  GNUNET_assert (0 != memcmp (&other_blinded_s,
+                 1 == other_blind_sig.b);
-                              blinded_s,
-                              sizeof(struct GNUNET_CRYPTO_CsBlindS)));
  /* TEST 2
   * Check if s := rb + cbX
@@ -343,32 +347,29 @@ test_blind_sign (unsigned int *b,
   */
  struct GNUNET_CRYPTO_Cs25519Scalar cb_mul_x;
  struct GNUNET_CRYPTO_Cs25519Scalar s_min_rb;
+ 
  crypto_core_ed25519_scalar_mul (cb_mul_x.d,
-                                  c[*b].scalar.d,
+                                  bm->c[other_blind_sig.b].scalar.d,
                                  priv->scalar.d);
  crypto_core_ed25519_scalar_sub (s_min_rb.d,
-                                  blinded_s->scalar.d,
+                                  other_blind_sig.s_scalar.scalar.d,
-                                  r[*b].scalar.d);
+                                  r[other_blind_sig.b].scalar.d);
+  GNUNET_assert (0 ==
-  GNUNET_assert (0 == memcmp (&s_min_rb, &cb_mul_x, sizeof(struct
+                 GNUNET_memcmp (&s_min_rb,
-                                                           GNUNET_CRYPTO_Cs25519Scalar)));
+                                &cb_mul_x));
  /* TEST 3
   * Check if function gives the same result for the same input.
   */
-  memcpy (&other_blinded_s, blinded_s, sizeof(struct GNUNET_CRYPTO_CsBlindS));
  for (unsigned int i = 0; i<ITER; i++)
  {
-    unsigned int other_b;
+    GNUNET_CRYPTO_cs_sign_derive (priv,
+                                  r,
-    other_b = GNUNET_CRYPTO_cs_sign_derive (priv, r, c, nonce, blinded_s);
+                                  bm,
+                                  cs_blind_sig);
-    GNUNET_assert (other_b == *b);
+    GNUNET_assert (0 ==
-    GNUNET_assert (0 == memcmp (&other_blinded_s,
+                   GNUNET_memcmp (&other_blind_sig,
-                                blinded_s,
+                                  cs_blind_sig));
-                                sizeof(struct GNUNET_CRYPTO_CsBlindS)));
  }
 }
@@ -386,7 +387,9 @@ test_unblinds (const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar,
          signature_scalar,
          sizeof(struct GNUNET_CRYPTO_CsS));
-  GNUNET_CRYPTO_cs_unblind (blinded_signature_scalar, bs, signature_scalar);
+  GNUNET_CRYPTO_cs_unblind (blinded_signature_scalar,
+                            bs,
+                            signature_scalar);
  GNUNET_assert (0 != memcmp (&other_signature_scalar,
                              signature_scalar,
@@ -431,23 +434,24 @@ test_blind_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
   * Test verifies the blinded signature sG == Rb + cbX
   */
  struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base;
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (
-                   sig_scal_mul_base.y,
-                   sig->s_scalar.scalar.d));
  struct GNUNET_CRYPTO_Cs25519Point c_mul_pub;
-  GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (c_mul_pub.y,
-                                                         c->scalar.d,
-                                                         pub->point.y));
  struct GNUNET_CRYPTO_Cs25519Point r_add_c_mul_pub;
-  GNUNET_assert (0 == crypto_core_ed25519_add (r_add_c_mul_pub.y,
-                                               sig->r_point.point.y,
-                                               c_mul_pub.y));
-  GNUNET_assert (0 == memcmp (sig_scal_mul_base.y,
+  GNUNET_assert (0 ==
-                              r_add_c_mul_pub.y,
+                 crypto_scalarmult_ed25519_base_noclamp (
-                              sizeof(struct GNUNET_CRYPTO_Cs25519Point)));
+                   sig_scal_mul_base.y,
+                   sig->s_scalar.scalar.d));
+  GNUNET_assert (0 ==
+                 crypto_scalarmult_ed25519_noclamp (c_mul_pub.y,
+                                                    c->scalar.d,
+                                                    pub->point.y));
+  GNUNET_assert (0 ==
+                 crypto_core_ed25519_add (r_add_c_mul_pub.y,
+                                          sig->r_point.point.y,
+                                          c_mul_pub.y));
+  GNUNET_assert (0 ==
+                 GNUNET_memcmp (sig_scal_mul_base.y,
+                                r_add_c_mul_pub.y));
 }
@@ -490,6 +494,9 @@ main (int argc,
  struct GNUNET_CRYPTO_CsPrivateKey priv;
+  GNUNET_log_setup ("test-crypto-cs",
+                    "INFO",
+                    NULL);
  memset (&priv,
          42,
          sizeof (priv));
@@ -503,11 +510,11 @@ main (int argc,
  test_generate_pub (&priv,
                     &pub);
-  // derive nonce
+  // set nonce
-  struct GNUNET_CRYPTO_CsNonce nonce;
+  struct GNUNET_CRYPTO_CsSessionNonce nonce;
  GNUNET_assert (GNUNET_YES ==
-                 GNUNET_CRYPTO_kdf (nonce.nonce,
+                 GNUNET_CRYPTO_kdf (&nonce,
-                                    sizeof(nonce.nonce),
+                                    sizeof(nonce),
                                    "nonce",
                                    strlen ("nonce"),
                                    "nonce_secret",
@@ -539,21 +546,26 @@ main (int argc,
  // generate blinding secrets
  struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2];
+  struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
+  memset (&bnonce,
+          42,
+          sizeof (bnonce));
  memset (blindingsecrets,
          42,
          sizeof (blindingsecrets));
-  test_derive_blindingsecrets (&nonce,
+  test_derive_blindingsecrets (&bnonce,
                               blindingsecrets);
  // calculate blinded c's
+  struct GNUNET_CRYPTO_CsBlindedMessage bm; 
  struct GNUNET_CRYPTO_CsC blinded_cs[2];
-  struct GNUNET_CRYPTO_CsRPublic blinded_r_pubs[2];
+  struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pubs;
  memset (blinded_cs,
          42,
          sizeof (blinded_cs));
-  memset (blinded_r_pubs,
+  memset (&blinded_r_pubs,
          42,
          sizeof (blinded_r_pubs));
  test_calc_blindedc (blindingsecrets,
@@ -562,31 +574,30 @@ main (int argc,
                      message,
                      message_len,
                      blinded_cs,
-                      blinded_r_pubs);
+                      &blinded_r_pubs);
  // ---------- actions performed by signer
  // sign blinded c's and get b and s in return
-  unsigned int b;
+  struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
-  struct GNUNET_CRYPTO_CsBlindS blinded_s;
  memset (&blinded_s,
          42,
          sizeof (blinded_s));
-  test_blind_sign (&b,
+  bm.c[0] = blinded_cs[0];
-                   &priv,
+  bm.c[1] = blinded_cs[1];
+  bm.nonce = nonce;
+  test_blind_sign (&priv,
                   r_secrets,
-                   blinded_cs,
+                   &bm,
-                   &nonce,
                   &blinded_s);
  // verify blinded signature
  struct GNUNET_CRYPTO_CsSignature blinded_signature;
-  blinded_signature.r_point = r_publics[b];
+  blinded_signature.r_point = r_publics[blinded_s.b];
-  blinded_signature.s_scalar.scalar = blinded_s.scalar;
+  blinded_signature.s_scalar.scalar = blinded_s.s_scalar.scalar;
  test_blind_verify (&blinded_signature,
                     &pub,
-                     &blinded_cs[b]);
+                     &blinded_cs[blinded_s.b]);
  // ---------- actions performed by user
  struct GNUNET_CRYPTO_CsS sig_scalar;
@@ -594,13 +605,13 @@ main (int argc,
  memset (&sig_scalar,
          42,
          sizeof (sig_scalar));
-  test_unblinds (&blinded_s,
+  test_unblinds (&blinded_s.s_scalar,
-                 &blindingsecrets[b],
+                 &blindingsecrets[blinded_s.b],
                 &sig_scalar);
  // verify unblinded signature
  struct GNUNET_CRYPTO_CsSignature signature;
-  signature.r_point = blinded_r_pubs[b];
+  signature.r_point = blinded_r_pubs.r_pub[blinded_s.b];
  signature.s_scalar = sig_scalar;
  test_verify (&signature,
               &pub,
diff --git a/src/lib/util/test_crypto_rsa.c b/src/lib/util/test_crypto_rsa.c
index 9f2ddb66e..c513a68fe 100644
--- a/src/lib/util/test_crypto_rsa.c
+++ b/src/lib/util/test_crypto_rsa.c
@@ -1,6 +1,6 @@
 /*
   This file is part of GNUnet
-   Copyright (C) 2014,2015 GNUnet e.V.
+   Copyright (C) 2014, 2015, 2023 GNUnet e.V.
   GNUnet is free software: you can redistribute it and/or modify it
   under the terms of the GNU Affero General Public License as published
@@ -47,10 +47,10 @@ main (int argc,
  struct GNUNET_CRYPTO_RsaSignature *bsig;
  struct GNUNET_CRYPTO_RsaBlindingKeySecret bsec;
  struct GNUNET_HashCode hash;
-  void *blind_buf;
-  size_t bsize;
-  GNUNET_log_setup ("test-rsa", "WARNING", NULL);
+  GNUNET_log_setup ("test-crypto-rsa",
+                    "WARNING",
+                    NULL);
  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                              rnd_blk,
                              RND_BLK_SIZE);
@@ -60,36 +60,48 @@ main (int argc,
  priv = GNUNET_CRYPTO_rsa_private_key_create (KEY_SIZE);
  priv_copy = GNUNET_CRYPTO_rsa_private_key_dup (priv);
  GNUNET_assert (NULL != priv_copy);
-  GNUNET_assert (0 == GNUNET_CRYPTO_rsa_private_key_cmp (priv, priv_copy));
+  GNUNET_assert (0 == GNUNET_CRYPTO_rsa_private_key_cmp (priv,
+                                                         priv_copy));
  pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv);
  /* Encoding */
  size_t size;
  void *enc;
  enc = NULL;
-  size = GNUNET_CRYPTO_rsa_private_key_encode (priv, &enc);
+  size = GNUNET_CRYPTO_rsa_private_key_encode (priv,
+                                               &enc);
  /* Decoding */
  GNUNET_CRYPTO_rsa_private_key_free (priv);
  priv = NULL;
-  priv = GNUNET_CRYPTO_rsa_private_key_decode (enc, size);
+  priv = GNUNET_CRYPTO_rsa_private_key_decode (enc,
+                                               size);
  GNUNET_assert (NULL != priv);
  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
-                              enc, size);
+                              enc,
-  GNUNET_assert (NULL == GNUNET_CRYPTO_rsa_private_key_decode (enc, size));
+                              size);
-  (void) fprintf (stderr, "The above warning is expected.\n");
+  GNUNET_assert (NULL ==
+                 GNUNET_CRYPTO_rsa_private_key_decode (enc,
+                                                       size));
+  (void) fprintf (stderr,
+                  "The above warning is expected.\n");
  GNUNET_free (enc);
  /* try ordinary sig first */
  sig = GNUNET_CRYPTO_rsa_sign_fdh (priv,
-                                    &hash);
+                                    &hash,
+                                    sizeof (hash));
  sig_copy = GNUNET_CRYPTO_rsa_signature_dup (sig);
  GNUNET_assert (NULL != sig);
-  GNUNET_assert (0 == GNUNET_CRYPTO_rsa_signature_cmp (sig, sig_copy));
+  GNUNET_assert (0 == GNUNET_CRYPTO_rsa_signature_cmp (sig,
+                                                       sig_copy));
  pub_copy = GNUNET_CRYPTO_rsa_public_key_dup (pub);
  GNUNET_assert (NULL != pub_copy);
  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_rsa_verify (&hash, sig, pub_copy));
+                 GNUNET_CRYPTO_rsa_verify (&hash,
+                                           sizeof (hash),
+                                           sig,
+                                           pub_copy));
  {
    void *buf;
    size_t buf_size;
@@ -107,38 +119,48 @@ main (int argc,
                                               buf_size);
    GNUNET_free (buf);
    GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_rsa_verify (&hash, sig2, pub2));
+                   GNUNET_CRYPTO_rsa_verify (&hash,
+                                             sizeof (hash),
+                                             sig2,
+                                             pub2));
    GNUNET_CRYPTO_rsa_public_key_free (pub2);
    GNUNET_CRYPTO_rsa_signature_free (sig2);
  }
  /* corrupt our hash and see if the signature is still valid */
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &hash,
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
-                              sizeof(struct GNUNET_HashCode));
+                              &hash,
-  GNUNET_assert (GNUNET_OK != GNUNET_CRYPTO_rsa_verify (&hash,
+                              sizeof(hash));
-                                                        sig,
+  GNUNET_assert (GNUNET_OK !=
-                                                        pub));
+                 GNUNET_CRYPTO_rsa_verify (&hash,
-  (void) fprintf (stderr, "The above warning is expected.\n");
+                                           sizeof (hash),
+                                           sig,
+                                           pub));
+  (void) fprintf (stderr,
+                  "The above warning is expected.\n");
  GNUNET_CRYPTO_rsa_signature_free (sig);
  /* test blind signing */
  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                              &bsec,
                              sizeof(bsec));
+  struct GNUNET_CRYPTO_RsaBlindedMessage bm;
  GNUNET_CRYPTO_rsa_blind (&hash,
+                           sizeof (hash),
                           &bsec,
                           pub,
-                           &blind_buf, &bsize);
+                           &bm);
-  GNUNET_assert (0 != bsize);
  bsig = GNUNET_CRYPTO_rsa_sign_blinded (priv,
-                                         blind_buf,
+                                         &bm);
-                                         bsize);
+  GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
-  GNUNET_free (blind_buf);
  sig = GNUNET_CRYPTO_rsa_unblind (bsig,
                                   &bsec,
                                   pub);
  GNUNET_CRYPTO_rsa_signature_free (bsig);
  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_rsa_verify (&hash, sig, pub));
+                 GNUNET_CRYPTO_rsa_verify (&hash,
+                                           sizeof (hash),
+                                           sig,
+                                           pub));
  GNUNET_CRYPTO_rsa_signature_free (sig);
  GNUNET_CRYPTO_rsa_signature_free (sig_copy);
  GNUNET_CRYPTO_rsa_private_key_free (priv);
diff --git a/src/service/rest/gnunet-rest-server.c b/src/service/rest/gnunet-rest-server.c
index 7cc4025b0..c4b59de96 100644
--- a/src/service/rest/gnunet-rest-server.c
+++ b/src/service/rest/gnunet-rest-server.c
@@ -1028,6 +1028,7 @@ do_shutdown (void *cls)
  kill_httpd ();
  GNUNET_free (allow_credentials);
  GNUNET_free (allow_headers);
+  MHD_destroy_response (failure_response);
 }
@@ -1145,10 +1146,10 @@ setup_plugin (const char *name,
 */
 static void
 run (void *cls,
-     char *const *args,
+     const struct GNUNET_CONFIGURATION_Handle *c,
-     const char *cfgfile,
+     struct GNUNET_SERVICE_Handle *service)
-     const struct GNUNET_CONFIGURATION_Handle *c)
 {
+  static const char *err_page = "{}";
  char *addr_str;
  char *basic_auth_file;
  uint64_t secret;
@@ -1156,6 +1157,9 @@ run (void *cls,
  cfg = c;
  plugins_head = NULL;
  plugins_tail = NULL;
+  failure_response = MHD_create_response_from_buffer (strlen (err_page),
+                                                      (void *) err_page,
+                                                      MHD_RESPMEM_PERSISTENT);
  /* Get port to bind to */
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_number (cfg, "rest", "HTTP_PORT", &port))
@@ -1419,42 +1423,6 @@ run (void *cls,
 }
-/**
+GNUNET_DAEMON_MAIN("rest", _("GNUnet REST service"), &run)
- *
- * The main function for gnunet-rest-service
- *
- * @param argc number of arguments from the cli
- * @param argv command line arguments
- * @return 0 ok, 1 on error
- *
- */
-int
-main (int argc, char *const *argv)
-{
-  struct GNUNET_GETOPT_CommandLineOption options[] =
-  { GNUNET_GETOPT_OPTION_END };
-  static const char *err_page = "{}";
-  int ret;
-  if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
-    return 2;
-  GNUNET_log_setup ("gnunet-rest-server", "WARNING", NULL);
-  failure_response = MHD_create_response_from_buffer (strlen (err_page),
-                                                      (void *) err_page,
-                                                      MHD_RESPMEM_PERSISTENT);
-  ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
-                                          argv,
-                                          "gnunet-rest-server",
-                                          _ ("GNUnet REST server"),
-                                          options,
-                                          &run,
-                                          NULL))
-        ? 0
-        : 1;
-  MHD_destroy_response (failure_response);
-  GNUNET_free_nz ((char *) argv);
-  return ret;
-}
 /* end of gnunet-rest-server.c */
diff --git a/src/service/rest/reclaim_plugin.c b/src/service/rest/reclaim_plugin.c
index 677a6a676..e1afce00b 100644
--- a/src/service/rest/reclaim_plugin.c
+++ b/src/service/rest/reclaim_plugin.c
@@ -1435,7 +1435,8 @@ list_ego (void *cls,
 enum GNUNET_GenericReturnValue
-REST_reclaim_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
+REST_reclaim_process_request (void *plugin,
+                              struct GNUNET_REST_RequestHandle *rest_handle,
                              GNUNET_REST_ResultProcessor proc,
                              void *proc_cls)
 {
diff --git a/src/service/transport/gnunet-service-transport.c b/src/service/transport/gnunet-service-transport.c
index 445faf9f6..0eded2d39 100644
--- a/src/service/transport/gnunet-service-transport.c
+++ b/src/service/transport/gnunet-service-transport.c
@@ -8655,7 +8655,6 @@ handle_hello_for_incoming (void *cls,
                           const char *emsg)
 {
  struct GNUNET_HELLO_Builder *builder;
-  struct GNUNET_PeerIdentity *pid;
  if (NULL != emsg)
  {
@@ -8667,12 +8666,10 @@ handle_hello_for_incoming (void *cls,
  if (0 == GNUNET_memcmp (peer, &GST_my_identity))
    return;
  builder = GNUNET_HELLO_builder_from_msg (hello);
-  pid = GNUNET_new (struct GNUNET_PeerIdentity);
  GNUNET_HELLO_builder_iterate (builder,
-                                pid,
+                                (struct GNUNET_PeerIdentity *) peer,
                                hello_for_incoming_cb,
                                (struct GNUNET_PeerIdentity *) peer);
-  GNUNET_free (pid);
  GNUNET_HELLO_builder_free (builder);
 }
@@ -11293,7 +11290,6 @@ handle_hello_for_client (void *cls,
 {
  (void) cls;
  struct GNUNET_HELLO_Builder *builder;
-  struct GNUNET_PeerIdentity *pid;
  if (NULL != emsg)
  {
@@ -11305,12 +11301,10 @@ handle_hello_for_client (void *cls,
  if (0 == GNUNET_memcmp (peer, &GST_my_identity))
    return;
  builder = GNUNET_HELLO_builder_from_msg (hello);
-  pid = GNUNET_new (struct GNUNET_PeerIdentity);
  GNUNET_HELLO_builder_iterate (builder,
-                                pid,
+                                (struct GNUNET_PeerIdentity *) peer,
                                hello_for_client_cb,
                                (struct GNUNET_PeerIdentity *) peer);
-  GNUNET_free (pid);
  GNUNET_HELLO_builder_free (builder);
 }