1 files changed, 31 insertions, 18 deletions

diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
index 3b269d4f..aaa763f6 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c
@@ -61,7 +61,6 @@
 
 #include <string.h>
 
-#include <openssl/asn1.h>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/digest.h>
@@ -754,24 +753,38 @@ err:
   return ret;
 }
 
-int DSA_size(const DSA *dsa) {
-  int ret, i;
-  ASN1_INTEGER bs;
-  unsigned char buf[4]; /* 4 bytes looks really small.
-                           However, i2d_ASN1_INTEGER() will not look
-                           beyond the first byte, as long as the second
-                           parameter is NULL. */
+/* der_len_len returns the number of bytes needed to represent a length of |len|
+ * in DER. */
+static size_t der_len_len(size_t len) {
+  if (len < 0x80) {
+    return 1;
+  }
+  size_t ret = 1;
+  while (len > 0) {
+    ret++;
+    len >>= 8;
+  }
+  return ret;
+}
 
-  i = BN_num_bits(dsa->q);
-  bs.length = (i + 7) / 8;
-  bs.data = buf;
-  bs.type = V_ASN1_INTEGER;
-  /* If the top bit is set the asn1 encoding is 1 larger. */
-  buf[0] = 0xff;
-
-  i = i2d_ASN1_INTEGER(&bs, NULL);
-  i += i; /* r and s */
-  ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+int DSA_size(const DSA *dsa) {
+  size_t order_len = BN_num_bytes(dsa->q);
+  /* Compute the maximum length of an |order_len| byte integer. Defensively
+   * assume that the leading 0x00 is included. */
+  size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len;
+  if (integer_len < order_len) {
+    return 0;
+  }
+  /* A DSA signature is two INTEGERs. */
+  size_t value_len = 2 * integer_len;
+  if (value_len < integer_len) {
+    return 0;
+  }
+  /* Add the header. */
+  size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len;
+  if (ret < value_len) {
+    return 0;
+  }
   return ret;
 }