+
+ size_t sz=mpz_sizeinbase(&st->p,2)/8;
+ if (sz>INT_MAX) {
+ cfgfatal(loc,"diffie-hellman","modulus far too large\n");
+ }
+ if (mpz_cmp(&st->g,&st->p) >= 0) {
+ cfgfatal(loc,"diffie-hellman","generator must be less than modulus\n");
+ }
+
+ st->ops.secret_len=sz;
+
+ st->ops.shared_len=(mpz_sizeinbase(&st->p,2)+7)/8;
+ /* According to the docs, mpz_sizeinbase(,256) is allowed to return
+ * an answer which is 1 too large. But mpz_sizeinbase(,2) isn't. */
+
+ st->ops.public_len=(mpz_sizeinbase(&st->p,16)+2);
+
+ if (!dict)
+ st->ops.capab_bit = CAPAB_BIT_TRADZP;
+ else
+ st->ops.capab_bit = dict_read_number(dict, "capab-num", False,
+ "dh", loc, CAPAB_BIT_TRADZP);
+ if (st->ops.capab_bit > CAPAB_BIT_MAX)
+ cfgfatal(loc,"dh","capab-num out of range 0..%d\n",
+ CAPAB_BIT_MAX);