SSL debug reports translated PSA error codes

[gilles-peskine-arm]

The SSL debug code sometimes reports that psa_xxx() returned -NNN where psa_xxx is a PSA function and -NNN is not the value returned by the function, but the result of translating the PSA_ERROR_xxx error code to an MBEDTLS_ERR_xxx error code. This is misleading (although technically not ambiguous since the numerical values are in different ranges). It's also less informative than it could be since the translation collapses some error codes into one (for example, in https://github.com/Mbed-TLS/mbedtls/issues/9046, several PSA errors might have caused -0x6c00 which is MBEDTLS_ERR_SSL_INTERNAL_ERROR).

Listing the likely offenders:

grep 'DEBUG_RET.*psa_.*ret' library/*.c

Plus a few more in ssl_tls13_keys.c with a different idiom:

1055:        MBEDTLS_SSL_DEBUG_RET(
1056:            1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
1057:        return PSA_TO_MBEDTLS_ERR(status);
1071:            MBEDTLS_SSL_DEBUG_RET(
1072:                1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
1073:            return PSA_TO_MBEDTLS_ERR(status);
1082:            MBEDTLS_SSL_DEBUG_RET(
1083:                1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
1084:            return PSA_TO_MBEDTLS_ERR(status);

More complete search:

ag 'DEBUG_RET.*(\n.*)?psa.*(,\n.*)?(ret\)|TO_MBEDTLS)' library/*.c

Preferably we should report the unconverted PSA error code. If it's inconvenient (perhaps because the debug instruction gets a converted error code from an auxiliary function), the debug message should not claim that the printed code is the value returned by the PSA function.

Implementation note: conventionally, PSA error codes are psa_status_t status and mbedtls error codes are int ret.