-fix withdraw logic

src/lib/exchange_api_melt.c

@@ -602,6 +602,7 @@ csr_cb (void *cls,
   struct TALER_EXCHANGE_MeltHandle *mh = cls;
   unsigned int nks_off = 0;
 
+  mh->csr = NULL;
   for (unsigned int i = 0; i<mh->rd->fresh_pks_len; i++)
   {
     const struct TALER_EXCHANGE_DenomPublicKey *fresh_pk =

src/lib/exchange_api_withdraw.c

@@ -214,6 +214,8 @@ withdraw_cs_stage_two_callback (void *cls,
     TALER_planchet_blinding_secret_create (&wh->ps,
                                            &wh->alg_values,
                                            &wh->bks);
+    /* This initializes the 2nd half of the
+       wh->pd.blinded_planchet! */
     if (GNUNET_OK !=
         TALER_planchet_prepare (&wh->pk.key,
                                 &wh->alg_values,
@@ -297,9 +299,13 @@ TALER_EXCHANGE_withdraw (
         .pk = pk,
       };
 
-      wh->pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
       TALER_cs_withdraw_nonce_derive (ps,
                                       &nk.nonce);
+      /* Note that we only initialize the first half
+         of the blinded_planchet here; the other part
+         will be done after the /csr request! */
+      wh->pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
+      wh->pd.blinded_planchet.details.cs_blinded_planchet.nonce = nk.nonce;
       wh->csrh = TALER_EXCHANGE_csr (exchange,
                                      1, /* "array" length */
                                      &nk,
@@ -312,7 +318,6 @@ TALER_EXCHANGE_withdraw (
     GNUNET_free (wh);
     return NULL;
   }
-  TALER_blinded_planchet_free (&wh->pd.blinded_planchet);
   return wh;
 }
 
@@ -320,6 +325,7 @@ TALER_EXCHANGE_withdraw (
 void
 TALER_EXCHANGE_withdraw_cancel (struct TALER_EXCHANGE_WithdrawHandle *wh)
 {
+  TALER_blinded_planchet_free (&wh->pd.blinded_planchet);
   if (NULL != wh->csrh)
   {
     TALER_EXCHANGE_csr_cancel (wh->csrh);

src/lib/exchange_api_withdraw2.c

@@ -438,9 +438,10 @@ TALER_EXCHANGE_withdraw2 (
 
     TALER_amount_hton (&req.amount_with_fee,
                        &wh->requested_amount);
-    if (GNUNET_OK != TALER_coin_ev_hash (&pd->blinded_planchet,
+    if (GNUNET_OK !=
-                                         &pd->denom_pub_hash,
+        TALER_coin_ev_hash (&pd->blinded_planchet,
-                                         &req.h_coin_envelope))
+                            &pd->denom_pub_hash,
+                            &req.h_coin_envelope))
     {
       GNUNET_break (0);
       GNUNET_free (wh);

src/util/crypto_helper_cs.c

@@ -633,13 +633,14 @@ TALER_CRYPTO_helper_cs_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Requesting R\n");
   {
-    struct TALER_CRYPTO_CsRDeriveRequest rdr;
+    struct TALER_CRYPTO_CsRDeriveRequest rdr = {
+      .header.size = htons (sizeof (rdr)),
+      .header.type = htons (TALER_HELPER_CS_MT_REQ_RDERIVE),
+      .reserved = htonl (0),
+      .h_cs = *h_cs,
+      .nonce = *nonce
+    };
 
-    rdr.header.size = htons (sizeof (rdr));
-    rdr.header.type = htons (TALER_HELPER_CS_MT_REQ_RDERIVE);
-    rdr.reserved = htonl (0);
-    rdr.h_cs = *h_cs;
-    rdr.nonce = *nonce;
     if (GNUNET_OK !=
         TALER_crypto_helper_send_all (dh->sock,
                                       &rdr,

src/util/denom.c

@@ -364,15 +364,15 @@ TALER_denom_blind (
       struct TALER_DenominationCSPublicRPairP blinded_r_pub;
       struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
 
-      blinded_planchet->cipher = dk->cipher;
+      blinded_planchet->cipher = TALER_DENOMINATION_CS;
       GNUNET_CRYPTO_cs_blinding_secrets_derive (&coin_bks->nonce,
                                                 bs);
       GNUNET_CRYPTO_cs_calc_blinded_c (
         bs,
         alg_values->details.cs_values.r_pub_pair.r_pub,
         &dk->details.cs_public_key,
-        &c_hash->hash,
+        c_hash,
-        sizeof(struct GNUNET_HashCode),
+        sizeof(*c_hash),
         blinded_planchet->details.cs_blinded_planchet.c,
         blinded_r_pub.r_pub);
       return GNUNET_OK;