diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 583e6675..526e468c 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -249,7 +249,11 @@ int RSA_public_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa,
 }
 
 unsigned RSA_size(const RSA *rsa) {
-  return BN_num_bytes(rsa->n);
+  if (rsa->meth->size) {
+    return rsa->meth->size(rsa);
+  }
+
+  return RSA_default_method.size(rsa);
 }
 
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 403e833e..2db0abe5 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -328,6 +328,9 @@ struct rsa_meth_st {
   int (*init)(RSA *rsa);
   int (*finish)(RSA *rsa);
 
+  /* size returns the size of the RSA modulus in bytes. */
+  size_t (*size)(const RSA *rsa);
+
   int (*sign)(int type, const uint8_t *m, unsigned int m_length,
               uint8_t *sigret, unsigned int *siglen, const RSA *rsa);
 
diff --git a/crypto/rsa/rsa_impl.c b/crypto/rsa/rsa_impl.c
index 2a8511f1..6cc84757 100644
--- a/crypto/rsa/rsa_impl.c
+++ b/crypto/rsa/rsa_impl.c
@@ -83,6 +83,10 @@ static int finish(RSA *rsa) {
   return 1;
 }
 
+static size_t size(const RSA *rsa) {
+  return BN_num_bytes(rsa->n);
+}
+
 static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
                    const uint8_t *in, size_t in_len, int padding) {
   const unsigned rsa_size = RSA_size(rsa);
@@ -992,6 +996,8 @@ const struct rsa_meth_st RSA_default_method = {
   NULL /* init */,
   finish,
 
+  size,
+
   NULL /* sign */,
   NULL /* verify */,