TLS debug logs show converted PSA status codes

[gilles-peskine-arm]

There is a widespread pattern in TLS code guarded by MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_SSL_PROTO_TLS1_3 that converts a PSA status code into an mbedtls code, and prints the converted code in the debug log. This loses information. The debug log should show the original PSA status.

For example

    if (status != PSA_SUCCESS) {
        ret = PSA_TO_MBEDTLS_ERR(status);
        MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
        return ret;

    }

should be

    if (status != PSA_SUCCESS) {
        ret = PSA_TO_MBEDTLS_ERR(status);
        MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", status);
        return ret;

    }

This makes it harder to diagnose issues such as https://github.com/Mbed-TLS/mbedtls/issues/8401 where the converted status is MBEDTLS_ERR_SSL_INTERNAL_ERROR.

[gilles-peskine-arm]

Listing the likely offenders:

grep 'DEBUG_RET.*psa_.*ret' library/*.c

Plus a few more in ssl_tls13_keys.c with a different idiom:

1055:        MBEDTLS_SSL_DEBUG_RET(
1056:            1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
1057:        return PSA_TO_MBEDTLS_ERR(status);
1071:            MBEDTLS_SSL_DEBUG_RET(
1072:                1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
1073:            return PSA_TO_MBEDTLS_ERR(status);
1082:            MBEDTLS_SSL_DEBUG_RET(
1083:                1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
1084:            return PSA_TO_MBEDTLS_ERR(status);

More complete search:

ag 'DEBUG_RET.*(\n.*)?psa.*(,\n.*)?(ret\)|TO_MBEDTLS)' library/*.c

Preferably we should report the unconverted PSA error code. If it's inconvenient (perhaps because the debug instruction gets a converted error code from an auxiliary function), the debug message should not claim that the printed code is the value returned by the PSA function.

Implementation note: conventionally, PSA error codes are psa_status_t status and mbedtls error codes are int ret.