[crypto] Allow certificate chains to be long-lived data structures

At present, certificate chain validation is treated as an
instantaneous process that can be carried out using only data that is
already in memory.  This model does not allow for validation to
include non-instantaneous steps, such as downloading a cross-signing
certificate, or determining certificate revocation status via OCSP.

Redesign the internal representation of certificate chains to allow
chains to outlive the scope of the original source of certificates
(such as a TLS Certificate record).

Allow for certificates to be cached, so that each certificate needs to
be validated only once.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/usr/imgtrust.c

@@ -45,7 +45,7 @@ int imgverify ( struct image *image, struct image *signature,
 		const char *name ) {
 	size_t len;
 	void *data;
-	struct cms_signature sig;
+	struct cms_signature *sig;
 	time_t now;
 	int rc;
 
@@ -62,25 +62,31 @@ int imgverify ( struct image *image, struct image *signature,
 	copy_from_user ( data, signature->data, 0, len );
 
 	/* Parse signature */
-	if ( ( rc = cms_parse ( &sig, data, len ) ) != 0 )
+	if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
 		goto err_parse;
 
+	/* Free internal copy of signature */
+	free ( data );
+	data = NULL;
+
 	/* Use signature to verify image */
 	now = time ( NULL );
-	if ( ( rc = cms_verify ( &sig, image->data, image->len,
+	if ( ( rc = cms_verify ( sig, image->data, image->len,
 				 name, now, NULL ) ) != 0 )
 		goto err_verify;
 
+	/* Drop reference to signature */
+	cms_put ( sig );
+	sig = NULL;
+
 	/* Mark image as trusted */
 	image_trust ( image );
 	syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
 
-	/* Free internal copy of signature */
-	free ( data );
-
 	return 0;
 
  err_verify:
+	cms_put ( sig );
  err_parse:
 	free ( data );
  err_alloc: