Fix | Addressing failure on providing correct error message when symmetric key decryption fails using Always Encrypted. (#1948)

Javad · web-flow · commit 82353f819f6f · 2023-03-24T16:26:51.000-07:00
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -6080,6 +6080,13 @@ internal bool TryReadSqlValue(SqlBuffer value, SqlMetaDataPriv md, int length, T
                         }
                         catch (Exception e)
                         {
+                            if (stateObj is not null)
+                            {
+                                // call to decrypt column keys has failed. The data wont be decrypted.
+                                // Not setting the value to false, forces the driver to look for column value.
+                                // Packet received from Key Vault will throws invalid token header.
+                                stateObj.HasPendingData = false;
+                            }
                             throw SQL.ColumnDecryptionFailed(columnName, null, e);
                         }
                     }
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -6884,6 +6884,13 @@ internal bool TryReadSqlValue(SqlBuffer value,
                         }
                         catch (Exception e)
                         {
+                            if (stateObj is not null)
+                            {
+                                // call to decrypt column keys has failed. The data wont be decrypted.
+                                // Not setting the value to false, forces the driver to look for column value.
+                                // Packet received from Key Vault will throws invalid token header.
+                                stateObj._pendingData = false;
+                            }
                             throw SQL.ColumnDecryptionFailed(columnName, null, e);
                         }
                     }

Original file line number	Diff line number	Diff line change
`@@ -6080,6 +6080,13 @@ internal bool TryReadSqlValue(SqlBuffer value, SqlMetaDataPriv md, int length, T`
`6080`	`6080`	`}`
`6081`	`6081`	`catch (Exception e)`
`6082`	`6082`	`{`
	`6083`	`+ if (stateObj is not null)`
	`6084`	`+ {`
	`6085`	`+ // call to decrypt column keys has failed. The data wont be decrypted.`
	`6086`	`+ // Not setting the value to false, forces the driver to look for column value.`
	`6087`	`+ // Packet received from Key Vault will throws invalid token header.`
	`6088`	`+ stateObj.HasPendingData = false;`
	`6089`	`+ }`
`6083`	`6090`	`throw SQL.ColumnDecryptionFailed(columnName, null, e);`
`6084`	`6091`	`}`
`6085`	`6092`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6884,6 +6884,13 @@ internal bool TryReadSqlValue(SqlBuffer value,`
`6884`	`6884`	`}`
`6885`	`6885`	`catch (Exception e)`
`6886`	`6886`	`{`
	`6887`	`+ if (stateObj is not null)`
	`6888`	`+ {`
	`6889`	`+ // call to decrypt column keys has failed. The data wont be decrypted.`
	`6890`	`+ // Not setting the value to false, forces the driver to look for column value.`
	`6891`	`+ // Packet received from Key Vault will throws invalid token header.`
	`6892`	`+ stateObj._pendingData = false;`
	`6893`	`+ }`
`6887`	`6894`	`throw SQL.ColumnDecryptionFailed(columnName, null, e);`
`6888`	`6895`	`}`
`6889`	`6896`	`}`