Changed every memcmp to SCA equivalent mbedtls_platform_memcmp

This makes physical attacks more difficult.
Selftest memcmp functions were not changed.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9810090..3cc6046 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2883,7 +2883,7 @@
      * Match record's CID with incoming CID.
      */
     if( rec->cid_len != transform->in_cid_len ||
-        memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
+        mbedtls_platform_memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
     {
         return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
     }
@@ -4634,8 +4634,8 @@
 static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
 {
     if( ssl->in_msglen < ssl->in_hslen ||
-        memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
-        memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
+        mbedtls_platform_memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
+        mbedtls_platform_memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
     {
         return( 1 );
     }
@@ -6013,7 +6013,7 @@
             else
             {
                 /* Make sure msg_type and length are consistent */
-                if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
+                if( mbedtls_platform_memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
                 {
                     MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
                     /* Ignore */
@@ -6872,7 +6872,7 @@
     if( peer_crt->raw.len != crt_buf_len )
         return( -1 );
 
-    return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
+    return( mbedtls_platform_memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
 }
 #elif defined(MBEDTLS_SSL_RENEGOTIATION)
 static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
@@ -6903,7 +6903,7 @@
     if( ret != 0 )
         return( -1 );
 
-    return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
+    return( mbedtls_platform_memcmp( tmp_digest, peer_cert_digest, digest_len ) );
 }
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE && MBEDTLS_SSL_RENEGOTIATION */
 #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
@@ -7086,7 +7086,7 @@
     if( ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
         ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE    &&
         ssl->in_msg[0]  == MBEDTLS_SSL_HS_CERTIFICATE   &&
-        memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
+        mbedtls_platform_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
         return( 0 );
@@ -9961,7 +9961,7 @@
         if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-        if( memcmp( p, ssl_serialized_session_header,
+        if( mbedtls_platform_memcmp( p, ssl_serialized_session_header,
                     sizeof( ssl_serialized_session_header ) ) != 0 )
         {
             return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
@@ -10403,9 +10403,9 @@
         return( 0 );
     }
 
-    in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
+    in_ctr_cmp = mbedtls_platform_memcmp( ssl->in_ctr + ep_len,
                         ssl->conf->renego_period + ep_len, 8 - ep_len );
-    out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
+    out_ctr_cmp = mbedtls_platform_memcmp( ssl->cur_out_ctr + ep_len,
                           ssl->conf->renego_period + ep_len, 8 - ep_len );
 
     if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
@@ -11448,7 +11448,7 @@
     if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
-    if( memcmp( p, ssl_serialized_context_header,
+    if( mbedtls_platform_memcmp( p, ssl_serialized_context_header,
                 sizeof( ssl_serialized_context_header ) ) != 0 )
     {
         return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
@@ -11615,7 +11615,7 @@
             for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
             {
                 if( strlen( *cur ) == alpn_len &&
-                    memcmp( p, cur, alpn_len ) == 0 )
+                    mbedtls_platform_memcmp( p, cur, alpn_len ) == 0 )
                 {
                     ssl->alpn_chosen = *cur;
                     break;