为什么即使发生错误，OpenSSL仍返回0? [英] Why does OpenSSL return 0 even though there's an error?

问题描述

我表演了

openssl rsa -check -in foo.key

并收到

RSA密钥错误:dmq1与d不一致

RSA key error: dmq1 not congruent to d

尽管如此，

shell> echo $?

shell> echo $?

0

即使出现错误，为什么我仍应收到返回码0?

Why should I receive a return code of 0 even though there's an error?

推荐答案

不确定这是否是设计选择，但是如果您检查OpenSSL源，则会观察到以下内容:

Not sure if this is a design choice, but if you check the OpenSSL source you will observe the following:

apps/rsa.c使用RSA_check_key()检查密钥的有效性.该手册页告诉我们:

apps/rsa.c uses RSA_check_key() to check the validity of a key. The manpage tells us:

man RSA_check_key:

说明

  This function validates RSA keys. It checks that p and q are in fact prime, and that n = p*q.
  It also checks that d*e = 1 mod (p-1*q-1), and that dmp1, dmq1 and iqmp are set correctly or are NULL.

[...]

返回值

  RSA_check_key() returns 1 if rsa is a valid RSA key, and 0 otherwise.  -1 is returned if an error occurs while checking the key.
  If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

因此，

区分根本无法解析的键(-1)和具有无效属性的键(0)，例如非素数.

As such, it differenciates between keys that it cannot parse at all (-1) and keys that have invalid properties (0), e.g. non-primes.

在RSA_check_key()返回-1的情况下，包装代码(apps/rsa.c)确实以错误(1)退出，但在返回0的情况下则不存在(请参阅控制流程wrt/设置和goto end;).

The wrapping code (apps/rsa.c) does exit with an error (1) in case RSA_check_key() returns -1 but does not in case it returns 0 (see the control flow wrt/ setting ret and goto end;).

当然看起来就像是故意选择不要在这种情况下出错的选择，但我同意，这似乎很奇怪.您可能想在OpenSSL邮件列表中询问，我确定那里的某人可以阐明这种特殊行为(毕竟这可能是一个错误).

It certainly looks like it's a deliberate choice not to error out in this case, but I agree, it seems strange. You might want to ask on the OpenSSL mailing list, I'm sure someone there can shed some light on this particular behavior (and it might be a bug after all).

这篇关于为什么即使发生错误，OpenSSL仍返回0?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！