From f333174fa1ded0e2615809e9706a3737aa0e31fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 3 Jul 2015 17:18:10 +0200
Subject: [PATCH] Update dh_genprime program

- no warning
- configurable size
- default to 2048 bits
---
 programs/pkey/dh_genprime.c | 48 +++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index c918c656d..6b4f6ac34 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -25,6 +25,7 @@
 #endif
 
 #include <stdio.h>
+#include <stdlib.h>
 
 #include "polarssl/config.h"
 
@@ -32,11 +33,17 @@
 #include "polarssl/entropy.h"
 #include "polarssl/ctr_drbg.h"
 
+#define USAGE \
+    "\n usage: dh_genprime param=<>...\n"                                   \
+    "\n acceprable parameters:\n"                                           \
+    "    bits=%%d           default: 2048\n"
+
+#define DFL_BITS    2048
+
 /*
  * Note: G = 4 is always a quadratic residue mod P,
  * so it is a generator of order Q (with P = 2*Q+1).
  */
-#define DH_P_SIZE 1024
 #define GENERATOR "4"
 
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) ||   \
@@ -61,26 +68,43 @@ int main( int argc, char *argv[] )
     ctr_drbg_context ctr_drbg;
     const char *pers = "dh_genprime";
     FILE *fout;
-
-    ((void) argc);
-    ((void) argv);
+    int nbits = DFL_BITS;
+    int i;
+    char *p, *q;
 
     mpi_init( &G ); mpi_init( &P ); mpi_init( &Q );
     entropy_init( &entropy );
 
+    if( argc == 0 )
+    {
+    usage:
+        printf( USAGE );
+        return( 1 );
+    }
+
+    for( i = 1; i < argc; i++ )
+    {
+        p = argv[i];
+        if( ( q = strchr( p, '=' ) ) == NULL )
+            goto usage;
+        *q++ = '\0';
+
+        if( strcmp( p, "bits" ) == 0 )
+        {
+            nbits = atoi( q );
+            if( nbits < 0 || nbits > POLARSSL_MPI_MAX_BITS )
+                goto usage;
+        }
+        else
+            goto usage;
+    }
+
     if( ( ret = mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
     {
         printf( " failed\n  ! mpi_read_string returned %d\n", ret );
         goto exit;
     }
 
-    printf( "\nWARNING: You should not generate and use your own DHM primes\n" );
-    printf( "         unless you are very certain of what you are doing!\n" );
-    printf( "         Failing to follow this instruction may result in\n" );
-    printf( "         weak security for your connections! Use the\n" );
-    printf( "         predefined DHM parameters from dhm.h instead!\n\n" );
-    printf( "============================================================\n\n" );
-
     printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
@@ -98,7 +122,7 @@ int main( int argc, char *argv[] )
     /*
      * This can take a long time...
      */
-    if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
+    if( ( ret = mpi_gen_prime( &P, nbits, 1,
                                ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
         printf( " failed\n  ! mpi_gen_prime returned %d\n\n", ret );