Get MBEDTLS_ERR_ASN1_UNEXPECTED_TAG when call the mbedtls_pk_parse_key

[fengxinfreedom]

Summary

here is the private key and public key

-----BEGIN RSA PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCfoBxxC6h/ZzDr
0d+4Wg4+PVBIU8yTdnkcJpBHAp/2dWXF5g4LNS6HWJHL9EYmEMHIoFnXsL8CxcvB
xLeJCfLLag6CQ09lf7ZNYVqaSjtdtFZSvdiknxYbX/ndEIOhxVnyh4SBL2exqAxI
5RDEVe4FPxxrBGIRfZSogLHqU3MPHrfoXss4BKT+Vklw7pnjtU5NGJ0XkJWMiqtp
nUUOtY3juSGhGn9HHjPxcKrX6Ys8S+M7KM+gHJ/Qxa3aDjoSP9CFUr6VoUv8mE7v
rrcqebnLHInrBiiULCk48Z9/gchxdP6nkMkKtOhR2Il9sim0ctfPgdqJOEvK/6HQ
U4/sKdHOb3lcJI4+uRKnvabee1GhGuFt3+XDEfLXuGkvLkKlub68r6LVjstOSZ1B
ub5mgR1Eq+hkwQuJQAORlDIMt+skc6ElWxjJuko2vTuJ2oz0/dyUJOKnIekEcs2h
nQfYlJc3snApQoZqHqC7FoCSQtE/6cezqZ2RJUd2HGlf7QMg+SsCAwEAAQKCAYEA
g9PLKWEjavRh5p+RT8Kv+J7SaqkqTq6NHr6KcNquGPCjeGiiOIdXQdfXsMSwGkfE
glhLWmJRnYyU1hYMLVTV+0A/czz7mSt79zPri3i6xoxkrjizbmEj9L+yruswiq1d
t3pL6BSqYoISgzEKQ9tjk1mnsooQI7m+x9phFNCOOXJ5F6MR2dWcHaBNTsL+vJvD
atBlDE0P9N2g6rxDh/5QjD0clNw5ORasdz1BGsd5gfZ6VyVBM03wfo6DIY6WTvP7
h8Vuc2f/yFUnvwVp+Hj6qJKjQG3Ck5hfUITEk3f4egc6VOqiR1Zhc3gBQ+ce4aDQ
qcDOArdkOLd5wf3KmH5ylAHd7pd8b+sWLqTyUZr1eJIDCMmteFmYort25ncBkS4c
sNUx0MsUR5CXh57gd4wJe8XfUNnVErFaMR499rapg1ezDEV55wLZHh1A2zwWG0eM
eVYt1nSL3RoazJmU4x0Rvf+anQgM33TWyxVa9uwq7yfQiAmfOp6/+UrgvqsO60aB
AoHBANFnkayDJJ9tW/zmljRZrnWcf/VnAv4sE6TlJ+IuC9NQOfG4T/QeO51tutGJ
QcmlPNsYMtKJ03A39EdNl9mKkAeazA0nhwe3nXcA5X9AIkTR4Lr6HwXsVVY8kD1t
EIkzCS90XRL0eJ+3MiGfvkrZjqbxcEBUMgOvpPwm96neevYkjIMm1hRXSRv/G9lR
450UUCgykJek9jo1/FdZC/4TvRGzZkXLzG0Hjd4rKiF0FG9FxuJ0U7yd6GJH9Tuy
YlVVMQKBwQDDJPH0FFt3evprtbciuTOulgYy6obh8sBNx/4JX7aN1h5GT3sHEkqA
8wFlavqHzHprgQ9IA77UTS5jnx6oYlJR1JK+Tdthk61CeBKtD18sHldRa7wYs/Ev
beo6SHhb1RpScI5m1sQJAMyZBhPnwYKCL0OIfC8v1ACn0Hv057PT3i0w9+WkIOr2
zaSFbkMuVpoO9qgytHdZ7AgbJ3cN3E4Xda4WiKwQ8pE6DzMKedsW5QzLQdq7z3/O
2tHmOw5FjRsCgcAeXgaiHeKRvCo64rWlodvK8ocb73Rfp8SxhQnjownT+y5r/26Y
2EmM6vzMpjsEIxJQM5IrNhGTlIm4TWhYA+AfOjOdNL5AQEB1oYumiIZvtIACnYMi
OMOnXeENB2P+gYgzeYyF0y4q+0Yp2iCeei5Vx22f5pXaMv6aEoyX9cufJm26F0e0
a3QOu1Auk9GOVgPJ0ItncmTCzFFr2V4D2pjwmDOcq5FZvl60eU4Cy/KqsFPHQ1dh
YwTwO780iQn5lgECgcEAjNamNRVYKjQ8de4xHUNy9GbcVHUFIh90AO78/kDw3Q8S
zIXicekWklhPwqVh6Q5/sAT2RXBGkqyddVLK6pYDeYGk4uoIEjVlz1ofiH1Wn93K
AT5zA5Ui1atLaAMTsptrouIPNFN+Kk1EXJCRXys/CLwZznBqEee9DWCfhdKP67In
BXd0am9DhRpHyfEZVWE1UOVd4TJ0DRcXhpmGCB/e0HmjSiobnSOkArYjjUUDBVQM
VsnRlsicImu1H6exlirPAoHAJ3i51lJkA68tj8NPp8rdMGzs5zewRXi9yv2kPVOn
JObabovUFsNHePBV+OYMCaueYZV9E1ONsqmy+GiphSQIMsFoo0O1PhUe3EHczR83
vXmbd+kZbbHw4PxtUom7YpNJeK+hzRz4sC3cEnX3xLEdFL1e8KfpKJ63ZeW312rC
1KICPq1sB7x5gUtYRjFP9jOwf3DK5VyN83HjHQQoVSOqS+WJmFrUZDHRjpD+Y56X
8XeQ+HPK2jXuRh47zPpyQXUe
-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAn6AccQuof2cw69HfuFoO
Pj1QSFPMk3Z5HCaQRwKf9nVlxeYOCzUuh1iRy/RGJhDByKBZ17C/AsXLwcS3iQny
y2oOgkNPZX+2TWFamko7XbRWUr3YpJ8WG1/53RCDocVZ8oeEgS9nsagMSOUQxFXu
BT8cawRiEX2UqICx6lNzDx636F7LOASk/lZJcO6Z47VOTRidF5CVjIqraZ1FDrWN
47khoRp/Rx4z8XCq1+mLPEvjOyjPoByf0MWt2g46Ej/QhVK+laFL/JhO7663Knm5
yxyJ6wYolCwpOPGff4HIcXT+p5DJCrToUdiJfbIptHLXz4HaiThLyv+h0FOP7CnR
zm95XCSOPrkSp72m3ntRoRrhbd/lwxHy17hpLy5Cpbm+vK+i1Y7LTkmdQbm+ZoEd
RKvoZMELiUADkZQyDLfrJHOhJVsYybpKNr07idqM9P3clCTipyHpBHLNoZ0H2JSX
N7JwKUKGah6guxaAkkLRP+nHs6mdkSVHdhxpX+0DIPkrAgMBAAE=
-----END PUBLIC KEY-----

    static const char private_key[] = "-----BEGIN RSA PRIVATE KEY-----\n"    \
"MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCfoBxxC6h/ZzDr\n"    \
"0d+4Wg4+PVBIU8yTdnkcJpBHAp/2dWXF5g4LNS6HWJHL9EYmEMHIoFnXsL8CxcvB\n"    \
"xLeJCfLLag6CQ09lf7ZNYVqaSjtdtFZSvdiknxYbX/ndEIOhxVnyh4SBL2exqAxI\n"    \
"5RDEVe4FPxxrBGIRfZSogLHqU3MPHrfoXss4BKT+Vklw7pnjtU5NGJ0XkJWMiqtp\n"    \
"nUUOtY3juSGhGn9HHjPxcKrX6Ys8S+M7KM+gHJ/Qxa3aDjoSP9CFUr6VoUv8mE7v\n"    \
"rrcqebnLHInrBiiULCk48Z9/gchxdP6nkMkKtOhR2Il9sim0ctfPgdqJOEvK/6HQ\n"    \
"U4/sKdHOb3lcJI4+uRKnvabee1GhGuFt3+XDEfLXuGkvLkKlub68r6LVjstOSZ1B\n"    \
"ub5mgR1Eq+hkwQuJQAORlDIMt+skc6ElWxjJuko2vTuJ2oz0/dyUJOKnIekEcs2h\n"    \
"nQfYlJc3snApQoZqHqC7FoCSQtE/6cezqZ2RJUd2HGlf7QMg+SsCAwEAAQKCAYEA\n"    \
"g9PLKWEjavRh5p+RT8Kv+J7SaqkqTq6NHr6KcNquGPCjeGiiOIdXQdfXsMSwGkfE\n"    \
"glhLWmJRnYyU1hYMLVTV+0A/czz7mSt79zPri3i6xoxkrjizbmEj9L+yruswiq1d\n"    \
"t3pL6BSqYoISgzEKQ9tjk1mnsooQI7m+x9phFNCOOXJ5F6MR2dWcHaBNTsL+vJvD\n"    \
"atBlDE0P9N2g6rxDh/5QjD0clNw5ORasdz1BGsd5gfZ6VyVBM03wfo6DIY6WTvP7\n"    \
"h8Vuc2f/yFUnvwVp+Hj6qJKjQG3Ck5hfUITEk3f4egc6VOqiR1Zhc3gBQ+ce4aDQ\n"    \
"qcDOArdkOLd5wf3KmH5ylAHd7pd8b+sWLqTyUZr1eJIDCMmteFmYort25ncBkS4c\n"    \
"sNUx0MsUR5CXh57gd4wJe8XfUNnVErFaMR499rapg1ezDEV55wLZHh1A2zwWG0eM\n"    \
"eVYt1nSL3RoazJmU4x0Rvf+anQgM33TWyxVa9uwq7yfQiAmfOp6/+UrgvqsO60aB\n"    \
"AoHBANFnkayDJJ9tW/zmljRZrnWcf/VnAv4sE6TlJ+IuC9NQOfG4T/QeO51tutGJ\n"    \
"QcmlPNsYMtKJ03A39EdNl9mKkAeazA0nhwe3nXcA5X9AIkTR4Lr6HwXsVVY8kD1t\n"    \
"EIkzCS90XRL0eJ+3MiGfvkrZjqbxcEBUMgOvpPwm96neevYkjIMm1hRXSRv/G9lR\n"    \
"450UUCgykJek9jo1/FdZC/4TvRGzZkXLzG0Hjd4rKiF0FG9FxuJ0U7yd6GJH9Tuy\n"    \
"YlVVMQKBwQDDJPH0FFt3evprtbciuTOulgYy6obh8sBNx/4JX7aN1h5GT3sHEkqA\n"    \
"8wFlavqHzHprgQ9IA77UTS5jnx6oYlJR1JK+Tdthk61CeBKtD18sHldRa7wYs/Ev\n"    \
"beo6SHhb1RpScI5m1sQJAMyZBhPnwYKCL0OIfC8v1ACn0Hv057PT3i0w9+WkIOr2\n"    \
"zaSFbkMuVpoO9qgytHdZ7AgbJ3cN3E4Xda4WiKwQ8pE6DzMKedsW5QzLQdq7z3/O\n"    \
"2tHmOw5FjRsCgcAeXgaiHeKRvCo64rWlodvK8ocb73Rfp8SxhQnjownT+y5r/26Y\n"    \
"2EmM6vzMpjsEIxJQM5IrNhGTlIm4TWhYA+AfOjOdNL5AQEB1oYumiIZvtIACnYMi\n"    \
"OMOnXeENB2P+gYgzeYyF0y4q+0Yp2iCeei5Vx22f5pXaMv6aEoyX9cufJm26F0e0\n"    \
"a3QOu1Auk9GOVgPJ0ItncmTCzFFr2V4D2pjwmDOcq5FZvl60eU4Cy/KqsFPHQ1dh\n"    \
"YwTwO780iQn5lgECgcEAjNamNRVYKjQ8de4xHUNy9GbcVHUFIh90AO78/kDw3Q8S\n"    \
"zIXicekWklhPwqVh6Q5/sAT2RXBGkqyddVLK6pYDeYGk4uoIEjVlz1ofiH1Wn93K\n"    \
"AT5zA5Ui1atLaAMTsptrouIPNFN+Kk1EXJCRXys/CLwZznBqEee9DWCfhdKP67In\n"    \
"BXd0am9DhRpHyfEZVWE1UOVd4TJ0DRcXhpmGCB/e0HmjSiobnSOkArYjjUUDBVQM\n"    \
"VsnRlsicImu1H6exlirPAoHAJ3i51lJkA68tj8NPp8rdMGzs5zewRXi9yv2kPVOn\n"    \
"JObabovUFsNHePBV+OYMCaueYZV9E1ONsqmy+GiphSQIMsFoo0O1PhUe3EHczR83\n"    \
"vXmbd+kZbbHw4PxtUom7YpNJeK+hzRz4sC3cEnX3xLEdFL1e8KfpKJ63ZeW312rC\n"    \
"1KICPq1sB7x5gUtYRjFP9jOwf3DK5VyN83HjHQQoVSOqS+WJmFrUZDHRjpD+Y56X\n"    \
"8XeQ+HPK2jXuRh47zPpyQXUe\n"    \
"-----END RSA PRIVATE KEY-----";
    mbedtls_pk_context privateKey;
    int ret = 0;

    // Load private key
    mbedtls_pk_init(&privateKey);

    printf("%d", ret);
    ret = mbedtls_pk_parse_key(&privateKey, (const unsigned char*)private_key, strlen(private_key) + 1, NULL, 0, NULL, NULL);
    printf("%d", ret);

Always return the -3D00 + 0x62

The private key were generage from internet.

System information

Mbed TLS version (number or commit id): Operating system and version: Configuration (if not default, please attach mbedtls_config.h): Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information:

Expected behavior

return 0

Actual behavior

return -3D00 - 0x62

Steps to reproduce

Additional information

[gilles-peskine-arm]

This is a PKCS#8-encoded private key (PrivateKeyInfo containing an OID and an OCTET STRING containing an RSAPrivateKey) in a PEM encoding with the header BEGIN RSA PRIVATE KEY. Normally, PKCS#8 keys in PEM have the header BEGIN PRIVATE KEY, because the key type is identified inside. The header BEGIN RSA PRIVATE KEY is normally used with PKCS#1-encoded private keys, which just contain the RSAPrivateKey structure with no metadata to indicate that it's an RSA key.

Mbed TLS supports both PKCS#8 and PKCS#1, but requires the PEM header to match the format. If you change BEGIN RSA PRIVATE KEY to BEGIN PRIVATE KEY and END RSA PRIVATE KEY to END PRIVATE KEY, Mbed TLS accepts the key. If you convert the key from PEM to DER, Mbed TLS accepts the key.

I don't think it would be wrong to be more liberal here, but it would make the code even more complicated.

How did you generate the private key file exactly? If there's a popular program that outputs keys in this form, we may need to support it. But I suspect that it's just an uncommon misconfiguration.