Revert PK_Verifier change (don't require RNG there).

Verification is deterministic and public, so really no RNG is ever needed.

Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.

1 files changed, 15 insertions, 5 deletions

diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
index 79c63da8c..a4791e15e 100644
--- a/src/lib/pubkey/ecdh/ecdh.cpp
+++ b/src/lib/pubkey/ecdh/ecdh.cpp
@@ -39,6 +39,7 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF
       secure_vector<byte> raw_agree(const byte w[], size_t w_len) override
          {
          PointGFp point = OS2ECP(w, w_len, m_curve);
+         // TODO: add blinding
          PointGFp S = (m_cofactor * point) * m_l_times_priv;
          BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve");
          return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes());
@@ -57,15 +58,24 @@ ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
                                          const std::string& provider) const
    {
 #if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl")
+   if(provider == "openssl" || provider.empty())
       {
-      std::unique_ptr<PK_Ops::Key_Agreement> res = make_openssl_ecdh_ka_op(*this, params);
-      if(res)
-         return res;
+      try
+         {
+         return make_openssl_ecdh_ka_op(*this, params);
+         }
+      catch(Exception& e)
+         {
+         if(provider == "openssl")
+            throw Exception("OpenSSL ECDH refused key or params", e.what());
+         }
       }
 #endif
 
-   return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params));
+   if(provider == "base" || provider.empty())
+      return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params));
+
+   throw Provider_Not_Found(algo_name(), provider);
    }