为什么即使发生错误,OpenSSL仍返回0? [英] Why does OpenSSL return 0 even though there's an error?
问题描述
我表演了
openssl rsa -check -in foo.key
并收到
RSA密钥错误:dmq1与d不一致
RSA key error: dmq1 not congruent to d
尽管如此,
shell> echo $?
shell> echo $?
0
即使出现错误,为什么我仍应收到返回码0?
Why should I receive a return code of 0 even though there's an error?
推荐答案
不确定这是否是设计选择,但是如果您检查OpenSSL
源,则会观察到以下内容:
Not sure if this is a design choice, but if you check the OpenSSL
source you will observe the following:
apps/rsa.c
使用RSA_check_key()
检查密钥的有效性.该手册页告诉我们:
apps/rsa.c
uses RSA_check_key()
to check the validity of a key. The manpage tells us:
man RSA_check_key
:
说明
This function validates RSA keys. It checks that p and q are in fact prime, and that n = p*q.
It also checks that d*e = 1 mod (p-1*q-1), and that dmp1, dmq1 and iqmp are set correctly or are NULL.
[...]
返回值
RSA_check_key() returns 1 if rsa is a valid RSA key, and 0 otherwise. -1 is returned if an error occurs while checking the key.
If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).
因此,
区分根本无法解析的键(-1
)和具有无效属性的键(0
),例如非素数.
As such, it differenciates between keys that it cannot parse at all (-1
) and keys that have invalid properties (0
), e.g. non-primes.
在RSA_check_key()
返回-1
的情况下,包装代码(apps/rsa.c
)确实以错误(1
)退出,但在返回0
的情况下则不存在(请参阅控制流程wrt/设置goto end;
).
The wrapping code (apps/rsa.c
) does exit with an error (1
) in case RSA_check_key()
returns -1
but does not in case it returns 0
(see the control flow wrt/ setting ret
and goto end;
).
当然看起来就像是故意选择不要在这种情况下出错的选择,但我同意,这似乎很奇怪.您可能想在OpenSSL
邮件列表中询问,我确定那里的某人可以阐明这种特殊行为(毕竟这可能是一个错误).
It certainly looks like it's a deliberate choice not to error out in this case, but I agree, it seems strange. You might want to ask on the OpenSSL
mailing list, I'm sure someone there can shed some light on this particular behavior (and it might be a bug after all).
这篇关于为什么即使发生错误,OpenSSL仍返回0?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!