Error while loading RSA private keyfile to generate CSR

I have generated RSA public and private key pair and now I am trying to generate CSR following https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_req.c I am getting an error while trying to load the private key file in pk context using mbedtls_pk_parse_keyfile() as in this https://tls.mbed.org/api/pk_8h.html#a935d710e542409462d0209f2381da83e This function is returning an error -15616. I checked the private key file by printing the key value and the path of private keyfile. I set the password as NULL. Has anyone of you come across this issue or know what this error means? Could anyone of you please help or guide me how to solve this? Any help is appreciated.

Thank you

What Arduino are you running this on?

"cert_req.c" is not a complete Arduino sketch. Can you provide a complete Arduino sketch that demonstrates the problem?

I am running on ESP32. Please find the relevant part of the sketch where I am facing problem.

#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/sha1.h"
#include "mbedtls/platform.h"
#include "mbedtls/config.h"
#include "mbedtls/oid.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/error.h"
#include<string.h>
#include "mbedtls/md.h"
#include "mbedtls/entropy.h"
#include "mbedtls/bignum.h"
#include "SPIFFS.h"
#include "FS.h"
#include <SD.h>
#include <SPI.h>

#define DFL_FILENAME            "/spiffs/client.key"
#define DFL_DEBUG_LEVEL         0
#define DFL_OUTPUT_FILENAME     "/spiffs/client.csr"
#define DFL_SUBJECT_NAME        "CN=Cert,O=mbed TLS,C=UK"
#define DFL_KEY_USAGE           0
#define DFL_NS_CERT_TYPE        0

#define mbedtls_printf printf

struct options
{
    const char *filename;       /* filename of the key file             */
    int debug_level;            /* level of debugging                   */
    const char *output_file;    /* where to store the constructed key file  */
    const char *subject_name;   /* subject name for certificate request */
    unsigned char key_usage;    /* key usage flags                      */
    unsigned char ns_cert_type; /* NS cert type                         */
} opt;
void setup() {
  // put your setup code here, to run once:
  Serial.begin(115200);
  Serial.println();
  int ret = 1;
  mbedtls_entropy_context entropy;
  mbedtls_ctr_drbg_context ctr_drbg;
  
  char buf[1024];
  
  mbedtls_ctr_drbg_init( &ctr_drbg );
  mbedtls_entropy_init( &entropy );
  if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                             (const unsigned char *) pers,
                             strlen( pers ) ) ) != 0 )
  {
      mbedtls_printf( " failed\n  !  mbedtls_ctr_drbg_seed returned %d", ret );
      return;
  }
  
  mbedtls_pk_context key;
  mbedtls_x509write_csr req;

  mbedtls_x509write_csr_init( &req );
  mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
  mbedtls_pk_init( &key );
  memset( buf, 0, sizeof( buf ) );
  
  opt.filename            = DFL_FILENAME;
  opt.debug_level         = DFL_DEBUG_LEVEL;
  opt.output_file         = DFL_OUTPUT_FILENAME;
  opt.subject_name        = DFL_SUBJECT_NAME;
  opt.key_usage           = DFL_KEY_USAGE;
  opt.ns_cert_type        = DFL_NS_CERT_TYPE;

  if( opt.key_usage )
      mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );

  if( opt.ns_cert_type )
      mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );

  mbedtls_printf( "  . Seeding the random number generator..." );
  
  mbedtls_entropy_init( &entropy );
  if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                             (const unsigned char *) pers,
                             strlen( pers ) ) ) != 0 )
  {
      mbedtls_printf( " failed\n  !  mbedtls_ctr_drbg_seed returned %d", ret );
      return;
  }

  mbedtls_printf( " ok\n" );

  /*
   * 1.0. Check the subject name for validity
   */
  mbedtls_printf( "  . Checking subject name..." );

  if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
  {
      mbedtls_printf( " failed\n  !  mbedtls_x509write_csr_set_subject_name returned %d", ret );
      return;
  }

  mbedtls_printf( " ok\n" );

  /*
   * 1.1. Load the key
   */
  mbedtls_printf( "  . Loading the private key ..." );
  SPIFFS.begin();

  ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
  Serial.println(ret);

  if( ret != 0 )
  {
      mbedtls_printf( " failed\n  !  mbedtls_pk_parse_keyfile returned %d", ret );
      return;
  }

  mbedtls_x509write_csr_set_key( &req, &key );

  mbedtls_printf( " ok\n" );

  /*
   * 1.2. Writing the request
   */
  mbedtls_printf( "  . Writing the certificate request ..." );

  if( ( ret = write_certificate_request( &req, opt.output_file,
                                         mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
  {
      mbedtls_printf( " failed\n  !  write_certifcate_request %d", ret );
      return;
  }

  mbedtls_printf( " ok\n" );

  mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
  mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
  mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
  mbedtls_rsa_free( &rsa );
  mbedtls_ctr_drbg_free( &ctr_drbg );
  mbedtls_entropy_free( &entropy );
  
  }

Path of already generated RSA private key is “/spiffs/client.key”