Why does OpenSSL return 0 even though there's an error?

Question

I performed

openssl rsa -check -in foo.key

and received

RSA key error: dmq1 not congruent to d

Nevertheless,

shell> echo $?

0

Why should I receive a return code of 0 even though there's an error?

Answer 1

Not sure if this is a design choice, but if you check the OpenSSL source you will observe the following:

apps/rsa.c uses RSA_check_key() to check the validity of a key. The manpage tells us:

man RSA_check_key:

DESCRIPTION

  This function validates RSA keys. It checks that p and q are in fact prime, and that n = p*q.
  It also checks that d*e = 1 mod (p-1*q-1), and that dmp1, dmq1 and iqmp are set correctly or are NULL.

[...]

RETURN VALUE

  RSA_check_key() returns 1 if rsa is a valid RSA key, and 0 otherwise.  -1 is returned if an error occurs while checking the key.
  If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

As such, it differenciates between keys that it cannot parse at all (-1) and keys that have invalid properties (0), e.g. non-primes.

The wrapping code (apps/rsa.c) does exit with an error (1) in case RSA_check_key() returns -1 but does not in case it returns 0 (see the control flow wrt/ setting ret and goto end;).

It certainly looks like it's a deliberate choice not to error out in this case, but I agree, it seems strange. You might want to ask on the OpenSSL mailing list, I'm sure someone there can shed some light on this particular behavior (and it might be a bug after all).