Mbedtls_x509_crt_parse return -0x3B00

Evgeniy_Vasyliev · June 23, 2019, 8:46pm

Hi all!

I enabled MBEDTLS_RSA_C and am trying to use built-in certificate (from certs.c) using:

mbedtls_x509_crt_parse(&serverCertificate, (const unsigned char *)mbedtls_test_srv_crt, mbedtls_test_srv_crt_len);

However it returns -0x3B00! What could be a reason for it?

Here is the certificate:

const char mbedtls_test_srv_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n"
"oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n"
"UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n"
"iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n"
"wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n"
"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
"zhuYwjVuX6JHG0c=\r\n"
"-----END CERTIFICATE-----\r\n";
const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );

I tried many combinations with settings, however situation is still the same… What am I doing wrong? What are the required options to make handshake function return success?

Thanks in advance.

roneld01 · June 24, 2019, 9:02am

Hi @Evgeniy_Vasyliev
The error you are encountering is:

programs/util/strerror -0x3B00
Last error was: -0x3b00 - PK - The pubkey tag or value is invalid (only RSA and EC are supported)

It is cause by a parsing error of you certificate.
Could this be related to your other post and you have memory issues on your platform?
Regards,
Mbed TLS Team member
Ron

akremtoujani · March 18, 2020, 6:50pm

Hi roneld21,

I have the same problem
I use NUCLEO-L476RG board
error : [00002882ms][ERR ][TLSW]: mbedtls_ssl_handshake() failed: -0x3b00 (-15104): PK - The pubkey tag or value is invalid (only RSA and EC are supported)
can you help me please
thanks
Regards,
Akrem

Topic		Replies	Views
Error using mbedtls_x509_crt_parse Generic	3	4664	December 6, 2018
Mbedtls_x509_crt_parse CRT returns -0x3B00 MBEDTLS_ERR_PK_INVALID_PUBKEY Generic	4	2238	August 25, 2019
Certificate parsing to mbedtls_x509_crt to char buffer Crypto and SSL questions mbed_tls	3	4039	March 7, 2019
X509_verify_cert() -0x2700 & mbedtls_ssl_handshake 0x4380-0x4c80 Crypto and SSL questions mbed_tls	1	967	May 12, 2021
Mbedtls_x509_crt_verify 2700 on embedded platform Generic	12	2585	February 4, 2020

Mbedtls_x509_crt_parse return -0x3B00

Related Topics