GitLab

Assume we have two trusted CAs with the same name, the first uses ECDSA 256
bits, the second RSA 2048; cert is signed by the second. If we do the keysize
check before we checked the key types match, we'll raise the badkey flags when
checking the EC-256 CA and it will remain up even when we finally find the
correct CA. So, move the check for the key size after signature verification,
which implicitly checks the key type.

When we build with Visual Studio in debug mode, the invalid parameter handler
aborts the application (and offers to debug it) when n is 0. We want to
just return -1 instead (as calls with n == 0 are expected and happen in our
tests).

Name chosen to match the existing make target.

- all spaces no tabs
- indent with 4 spaces everywhere

Timing belongs in libcrypto (due to havege depending on it)
while net.c was put in libtls (only test ssl servers use it)

certs.c belongs to the X.509 library, while DHM belongs to the crypto lib.

We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.

With the default config, it noticed the accept_comp was always 0, so the rest
of the test was dead code.

Found using Codenomicon Defensics.

Found by Coverity Scan.

May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.

(Found with Clang's scan-build.)

scan-build was reporting NULL dereferences

Probably a bad merge from the 1.3 branch

- avoids dependency on snprintf
- allows using "smtps" instead of "456" if desired

Caused issues in threading situations

When someone defines MBEDTLS_MD5_ALT for example, the init function may need
to do more that just zeroizing the context

Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.

After all it looks like those won't become standard.

Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.

Introduced when moving from gmtime_r() to gmtime().
Found with fbinfer.

Found with fbinfer.