From 407fd7eb725ce58515c5feab2a61ed4adb596e80 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian@dold.me>
Date: Tue, 26 Apr 2022 00:10:44 +0200
Subject: actually store minimum age sig

Previously the value was parsed, but never actually stored in the place
where we later look it up for signature verification.
---
 src/backend/taler-merchant-httpd_post-orders-ID-pay.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'src/backend')

diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index 4ace33ef..c64eaebf 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -124,9 +124,10 @@ struct DepositConfirmation
   /**
    * If a minimum age was required (i. e. pc->minimum_age is large enough),
    * this is the signature of the minimum age (as a single uint8_t), using the
-   * private key to the corresponding age group.  Might be NULL.
+   * private key to the corresponding age group.  Might be all zeroes for no
+   * age attestation.
    */
-  struct TALER_AgeAttestation *minimum_age_sig;
+  struct TALER_AgeAttestation minimum_age_sig;
 
   /* If a minimum age was required (i. e. pc->minimum_age is large enought),
    * this is the age commitment (i. e. age mask and vector of EdDSA public
@@ -1193,7 +1194,7 @@ process_pay_with_exchange (void *cls,
       }
 
       dc->age_commitment->mask = denom_details->key.age_mask;
-      if (dc->age_commitment->num !=
+      if ((dc->age_commitment->num + 1) !=
           __builtin_popcount (dc->age_commitment->mask.bits))
       {
         code =
@@ -1205,7 +1206,7 @@ process_pay_with_exchange (void *cls,
           TALER_age_commitment_verify (
             dc->age_commitment,
             pc->minimum_age,
-            dc->minimum_age_sig))
+            &dc->minimum_age_sig))
         code = TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_AGE_VERIFICATION_FAILED;
 
 AGE_FAIL:
@@ -2034,7 +2035,6 @@ parse_pay (struct MHD_Connection *connection,
       {
         struct DepositConfirmation *dc = &pc->dc[coins_index];
         const char *exchange_url;
-        struct TALER_AgeAttestation minimum_age_sig = {0};
         json_t *age_commitment = NULL;
         struct GNUNET_JSON_Specification ispec[] = {
           GNUNET_JSON_spec_fixed_auto ("coin_sig",
@@ -2052,7 +2052,7 @@ parse_pay (struct MHD_Connection *connection,
                                    &exchange_url),
           GNUNET_JSON_spec_mark_optional (
             GNUNET_JSON_spec_fixed_auto ("minimum_age_sig",
-                                         &minimum_age_sig),
+                                         &dc->minimum_age_sig),
             NULL),
           GNUNET_JSON_spec_mark_optional (
             GNUNET_JSON_spec_json ("age_commitment",
@@ -2110,8 +2110,8 @@ parse_pay (struct MHD_Connection *connection,
         {
           bool has_commitment = (NULL != age_commitment) &&
                                 json_is_array (age_commitment);
-          bool has_sig = ! GNUNET_is_zero_ (&minimum_age_sig,
-                                            sizeof(minimum_age_sig));
+          bool has_sig = ! GNUNET_is_zero_ (&dc->minimum_age_sig,
+                                            sizeof(dc->minimum_age_sig));
           if (has_sig != has_commitment)
           {
             GNUNET_break_op (0);
-- 
cgit v1.2.3