MbedTLS: Store error codes properly.

OpenSSL uses `unsigned long' type for its error codes, so that's
what (lib)ratbox used to store the error values.

Unfortunately, MbedTLS uses int, and its error codes are negative.
On machines where `int' and `long' are the same size, this could
result in storing a truncated error code.

This patch inverts the sign bit on error codes and then casts them
to unsigned long for storage.

MbedTLS itself (specifically, `mbedtls_strerror()') will function
properly with negative or positive input values. It even converts
negative input values to positive before checking them against the
list of known error codes!

See also: `library/error.c' in the MbedTLS 2.1+ distribution.

libratbox/src/mbedtls.c

@@ -244,7 +244,7 @@ rb_ssl_accept_common(rb_fde_t *const F, void *const data)
 		return;
 	default:
 		errno = EIO;
-		F->ssl_errno = ret;
+		F->ssl_errno = (unsigned long) -ret;
 		F->accept->callback(F, RB_ERROR_SSL, NULL, 0, F->accept->data);
 		return;
 	}
@@ -279,7 +279,7 @@ rb_ssl_tryconn_cb(rb_fde_t *const F, void *const data)
 		return;
 	default:
 		errno = EIO;
-		F->ssl_errno = ret;
+		F->ssl_errno = (unsigned long) -ret;
 		rb_ssl_connect_realcb(F, RB_ERROR_SSL, data);
 		return;
 	}
@@ -531,7 +531,7 @@ rb_get_random(void *const buf, size_t length)
 const char *
 rb_get_ssl_strerror(rb_fde_t *const F)
 {
-	return rb_ssl_strerror(F->ssl_errno);
+	return rb_ssl_strerror((int) F->ssl_errno);
 }
 
 int
@@ -627,7 +627,7 @@ rb_ssl_read(rb_fde_t *const F, void *const buf, size_t count)
 		return RB_RW_SSL_NEED_WRITE;
 	default:
 		errno = EIO;
-		F->ssl_errno = ret;
+		F->ssl_errno = (unsigned long) -ret;
 		return RB_RW_SSL_ERROR;
 	}
 }
@@ -653,7 +653,7 @@ rb_ssl_write(rb_fde_t *const F, const void *const buf, size_t count)
 		return RB_RW_SSL_NEED_WRITE;
 	default:
 		errno = EIO;
-		F->ssl_errno = ret;
+		F->ssl_errno = (unsigned long) -ret;
 		return RB_RW_SSL_ERROR;
 	}
 }