Why do OpenSSL crypto functions return 1 on success, 0 on failure?

Question

Been writing code that uses OpenSSL, and I've noticed that, confusingly, most of the crypto library functions return 1 for success and 0 for failure:

• RSA_public_decrypt fails when using RSA_set0_key(key, n,e,d)?
• https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_verify.html
• https://github.com/openssl/openssl/blob/57d7b988b498ed34e98d1957fbbded8342f2a952/include/openssl/ec.h#L464
• https://github.com/openssl/openssl/blob/master/doc/man3/EVP_EncryptInit.pod#examples

So my question is, why does OpenSSL not use the typical C/POSIX standard return values ?

Answer 1

Traditionally, in C, an integer value of 0 stands for false and 1 stands for true and OpenSSL follows that convention. See this section of the Wikipedia page about the Boolean data type for some context:

Initial implementations of the language C (1972) provided no Boolean type, and to this day Boolean values are commonly represented by integers (ints) in C programs. The comparison operators (>, ==, etc.) are defined to return a signed integer (int) result, either 0 (for false) or 1 (for true).

This has changed somewhat with the introduction of the _Bool type in C99 but the initial implementation OpenSSL predates that -- hence the use of the integer values of 0 and 1. Also, in some cases OpenSSL functions use different integer values to indicate different types of results.

The SO answer on return values that you have pointed to is specifically about the special case of the exit value of a process, to be returned to its parent. Indeed, for that particular situation a value of zero indicates success. But that is not a typical approach applied to function return values in general.