From 4f1755878c3b8c2a4ee15dbaecdf815d7dc62bdd Mon Sep 17 00:00:00 2001
From: Ewerton Scaboro da Silva <ewertons@microsoft.com>
Date: Wed, 17 Jul 2024 16:28:52 -0700
Subject: [PATCH] Fix file upload openssl options with x509 authentication
 (#2635)

Signed-off-by: Mohit Malhotra <dev.mohitmalhotra@gmail.com>
Co-authored-by: Mohit Malhotra <dev.mohitmalhotra@gmail.com>
---
 .../src/iothub_client_ll_uploadtoblob.c       |  4 +-
 .../iothub_client_ll_u2b_ut.c                 | 46 ++++++++++++++++++-
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/iothub_client/src/iothub_client_ll_uploadtoblob.c b/iothub_client/src/iothub_client_ll_uploadtoblob.c
index 1f2756881..b9f122db8 100644
--- a/iothub_client/src/iothub_client_ll_uploadtoblob.c
+++ b/iothub_client/src/iothub_client_ll_uploadtoblob.c
@@ -1315,7 +1315,7 @@ IOTHUB_CLIENT_RESULT IoTHubClient_LL_UploadToBlob_SetOption(IOTHUB_CLIENT_LL_UPL
         }
         else if (strcmp(OPTION_OPENSSL_PRIVATE_KEY_TYPE, optionName) == 0)
         {
-            if (upload_data->cred_type != IOTHUB_CREDENTIAL_TYPE_X509)
+            if (upload_data->cred_type != IOTHUB_CREDENTIAL_TYPE_X509 && upload_data->cred_type != IOTHUB_CREDENTIAL_TYPE_X509_ECC)
             {
                 LogError("trying to set a x509 private key type while the authentication scheme is not x509");
                 result = IOTHUB_CLIENT_INVALID_ARG;
@@ -1347,7 +1347,7 @@ IOTHUB_CLIENT_RESULT IoTHubClient_LL_UploadToBlob_SetOption(IOTHUB_CLIENT_LL_UPL
         }
         else if (strcmp(OPTION_OPENSSL_ENGINE, optionName) == 0)
         {
-            if (upload_data->cred_type != IOTHUB_CREDENTIAL_TYPE_X509)
+            if (upload_data->cred_type != IOTHUB_CREDENTIAL_TYPE_X509 && upload_data->cred_type != IOTHUB_CREDENTIAL_TYPE_X509_ECC)
             {
                 LogError("trying to set an openssl engine while the authentication scheme is not x509");
                 result = IOTHUB_CLIENT_INVALID_ARG;
diff --git a/iothub_client/tests/iothubclient_ll_u2b_ut/iothub_client_ll_u2b_ut.c b/iothub_client/tests/iothubclient_ll_u2b_ut/iothub_client_ll_u2b_ut.c
index a0073a9ef..43204c90b 100644
--- a/iothub_client/tests/iothubclient_ll_u2b_ut/iothub_client_ll_u2b_ut.c
+++ b/iothub_client/tests/iothubclient_ll_u2b_ut/iothub_client_ll_u2b_ut.c
@@ -2266,7 +2266,7 @@ TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_x509_cert_succeeds)
     IoTHubClient_LL_UploadToBlob_Destroy(h);
 }
 
-TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_openssl_private_key_type_succeeds)
+TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_x509_openssl_private_key_type_succeeds)
 {
     int privateKeyType = 1;
     //arrange
@@ -2286,7 +2286,27 @@ TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_openssl_private_key_type_su
     IoTHubClient_LL_UploadToBlob_Destroy(h);
 }
 
-TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_openssl_engine_type_succeeds)
+TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_x509_ecc_openssl_private_key_type_succeeds)
+{
+    int privateKeyType = 1;
+    //arrange
+    setExpectedCallsFor_IoTHubClient_LL_UploadToBlob_Create(IOTHUB_CREDENTIAL_TYPE_X509_ECC);
+    IOTHUB_CLIENT_LL_UPLOADTOBLOB_HANDLE h = IoTHubClient_LL_UploadToBlob_Create(&TEST_CONFIG_SAS, TEST_AUTH_HANDLE);
+    umock_c_reset_all_calls();
+
+    //act
+    STRICT_EXPECTED_CALL(gballoc_malloc(sizeof(privateKeyType)));
+    IOTHUB_CLIENT_RESULT result = IoTHubClient_LL_UploadToBlob_SetOption(h, OPTION_OPENSSL_PRIVATE_KEY_TYPE, &privateKeyType);
+
+    //assert
+    ASSERT_ARE_EQUAL(IOTHUB_CLIENT_RESULT, IOTHUB_CLIENT_OK, result);
+    ASSERT_ARE_EQUAL(char_ptr, umock_c_get_expected_calls(), umock_c_get_actual_calls());
+
+    //cleanup
+    IoTHubClient_LL_UploadToBlob_Destroy(h);
+}
+
+TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_x509_openssl_engine_type_succeeds)
 {
     const char* engine = "pkcs11";
     //arrange
@@ -2308,6 +2328,28 @@ TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_openssl_engine_type_succeed
     IoTHubClient_LL_UploadToBlob_Destroy(h);
 }
 
+TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_x509_ecc_openssl_engine_type_succeeds)
+{
+    const char* engine = "pkcs11";
+    //arrange
+    setExpectedCallsFor_IoTHubClient_LL_UploadToBlob_Create(IOTHUB_CREDENTIAL_TYPE_X509_ECC);
+    IOTHUB_CLIENT_LL_UPLOADTOBLOB_HANDLE h = IoTHubClient_LL_UploadToBlob_Create(&TEST_CONFIG_SAS, TEST_AUTH_HANDLE);
+
+    umock_c_reset_all_calls();
+    STRICT_EXPECTED_CALL(mallocAndStrcpy_s(IGNORED_PTR_ARG, engine));
+    STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG));  // Within mallocAndStrcpy_s hook.
+
+    //act
+    IOTHUB_CLIENT_RESULT result = IoTHubClient_LL_UploadToBlob_SetOption(h, OPTION_OPENSSL_ENGINE, engine);
+
+    //assert
+    ASSERT_ARE_EQUAL(IOTHUB_CLIENT_RESULT, IOTHUB_CLIENT_OK, result);
+    ASSERT_ARE_EQUAL(char_ptr, umock_c_get_expected_calls(), umock_c_get_actual_calls());
+
+    //cleanup
+    IoTHubClient_LL_UploadToBlob_Destroy(h);
+}
+
 TEST_FUNCTION(IoTHubClient_LL_UploadToBlob_SetOption_Network_Interface)
 {
     //arrange