[crypto] Construct signatures using ASN.1 builders

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 4 insertions, 14 deletions

diff --git a/src/drivers/net/iphone.c b/src/drivers/net/iphone.c
index bcc9949fe..11f763553 100644
--- a/src/drivers/net/iphone.c
+++ b/src/drivers/net/iphone.c
@@ -362,7 +362,6 @@ static int icert_cert ( struct icert *icert, struct asn1_cursor *subject,
 	struct asn1_builder raw = { NULL, 0 };
 	uint8_t digest_ctx[SHA256_CTX_SIZE];
 	uint8_t digest_out[SHA256_DIGEST_SIZE];
-	int len;
 	int rc;
 
 	/* Construct subjectPublicKeyInfo */
@@ -399,20 +398,12 @@ static int icert_cert ( struct icert *icert, struct asn1_cursor *subject,
 	digest_final ( digest, digest_ctx, digest_out );
 
 	/* Construct signature using "private" key */
-	if ( ( rc = asn1_grow ( &raw,
-				pubkey_max_len ( pubkey, private ) ) ) != 0 ) {
-		DBGC ( icert, "ICERT %p could not build signature: %s\n",
-		       icert, strerror ( rc ) );
-		goto err_grow;
-	}
-	if ( ( len = pubkey_sign ( pubkey, private, digest, digest_out,
-				   raw.data ) ) < 0 ) {
-		rc = len;
+	if ( ( rc = pubkey_sign ( pubkey, private, digest, digest_out,
+				  &raw ) ) != 0 ) {
 		DBGC ( icert, "ICERT %p could not sign: %s\n",
 		       icert, strerror ( rc ) );
 		goto err_pubkey_sign;
 	}
-	assert ( ( ( size_t ) len ) == raw.len );
 
 	/* Construct raw certificate data */
 	if ( ( rc = ( asn1_prepend_raw ( &raw, icert_nul,
@@ -438,12 +429,11 @@ static int icert_cert ( struct icert *icert, struct asn1_cursor *subject,
  err_x509:
  err_raw:
  err_pubkey_sign:
+ err_tbs:
+ err_spki:
 	free ( raw.data );
- err_grow:
 	free ( tbs.data );
- err_tbs:
 	free ( spki.data );
- err_spki:
 	return rc;
 }