Verify signatures in parallel

[briansmith]

All the signature verification for a cert chain is in the function check_signatures. By replacing the loop in that function with a parallel loop, we'll do all the signature verification in parallel. This would be a significant win when there are multiple cores available because signature verification is the most expensive (as far as we know) part of certificate chain validation.

Basically, replace the current loop with one that collects the signatures from the linked list of Certs into an ArrayVec with capacity 1 + MAX_SUB_CA_COUNT + 1. Then verify the signatures by iterating over the ArrayVec in parallel. (Don't Vec because we don't allow memory allocation in this crate.)

I guess rayon and jobsteal and similar crates do use dynamic memory allocation and so can't work in #![no_std] configurations. Assuming that is the case, we can add a use_std default feature that enables the use of rayon/jobsteal/whatever. When the use_std feature is disabled, let's use the same code looping code, but use a single-threaded polyfill for rayon/jobsteal/whatever.

EndEntityCert::verify_is_valid_tls_server_cert should take an an input parameter a reference to the thread pool object that is configured by the caller. In particular, the caller should configure the thread pool before calling verify_is_valid_tls_server_cert() to control how resources (how many threads) are used, so that webpki itself doesn't need to have any options for this.

[avadacatavra]

@briansmith I can work on this

[briansmith]

@avadacatavra Great! Looking forward to it.

[briansmith]

I also filed #38 about benchmarking things to verify that signature verification is really the bottleneck.