From 67bb2ffb87d1af0b620b0569e66183806166da9b Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Thu, 12 Aug 2021 18:26:08 -0700 Subject: [PATCH 1/6] Encrypt default true --- doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml | 2 +- .../netcore/src/Microsoft/Data/SqlClient/SqlConnectionString.cs | 2 +- .../netfx/src/Microsoft/Data/SqlClient/SqlConnectionString.cs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml b/doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml index ea70cb5f9d..600ee6a58b 100644 --- a/doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml +++ b/doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml @@ -537,7 +537,7 @@ End Module |Current Language

-or-

Language|N/A|Sets the language used for database server warning or error messages.

The language name can be 128 characters or less.| |Data Source

-or-

Server

-or-

Address

-or-

Addr

-or-

Network Address|N/A|The name or network address of the instance of SQL Server to which to connect. The port number can be specified after the server name:

`server=tcp:servername, portnumber`

When specifying a local instance, always use (local). To force a protocol, add one of the following prefixes:

`np:(local), tcp:(local), lpc:(local)`

You can also connect to a LocalDB database as follows:

`server=(localdb)\\myInstance`

For more information about LocalDB, see [SqlClient Support for LocalDB](/sql/connect/ado-net/sql/sqlclient-support-localdb).

**Data Source** must use the TCP format or the Named Pipes format.

TCP format is as follows:

- tcp:\\\
- tcp:\,\

The TCP format must start with the prefix "tcp:" and is followed by the database instance, as specified by a host name and an instance name. This format is not applicable when connecting to Azure SQL Database. TCP is automatically selected for connections to Azure SQL Database when no protocol is specified.

The host name MUST be specified in one of the following ways:

- NetBIOSName
- IPv4Address
- IPv6Address

The instance name is used to resolve to a particular TCP/IP port number on which a database instance is hosted. Alternatively, specifying a TCP/IP port number directly is also allowed. If both instance name and port number are not present, the default database instance is used.

The Named Pipes format is as follows:

- np:\\\\\pipe\\

The Named Pipes format MUST start with the prefix "np:" and is followed by a named pipe name.

The host name MUST be specified in one of the following ways:

- NetBIOSName
- IPv4Address
- IPv6Address

The pipe name is used to identify the database instance to which the .NET application will connect.

If the value of the **Network** key is specified, the prefixes "tcp:" and "np:" should not be specified. **Note:** You can force the use of TCP instead of shared memory, either by prefixing **tcp:** to the server name in the connection string, or by using **localhost**.| |Enclave Attestation Url|N/A|Gets or sets the enclave attestation URL to be used with enclave based Always Encrypted.| -|Encrypt|'false'|When `true`, SQL Server uses SSL encryption for all data sent between the client and server if the server has a certificate installed. Recognized values are `true`, `false`, `yes`, and `no`. For more information, see [Connection String Syntax](/sql/connect/ado-net/connection-string-syntax).

When `TrustServerCertificate` is false and `Encrypt` is true, the server name (or IP address) in a SQL Server SSL certificate must exactly match the server name (or IP address) specified in the connection string. Otherwise, the connection attempt will fail. For information about support for certificates whose subject starts with a wildcard character (*), see [Accepted wildcards used by server certificates for server authentication](https://support.microsoft.com/kb/258858).| +|Encrypt|'true'|When `true`, SQL Server uses SSL encryption for all data sent between the client and server if the server has a certificate installed. Recognized values are `true`, `false`, `yes`, and `no`. For more information, see [Connection String Syntax](/sql/connect/ado-net/connection-string-syntax).

When `TrustServerCertificate` is false and `Encrypt` is true, the server name (or IP address) in a SQL Server SSL certificate must exactly match the server name (or IP address) specified in the connection string. Otherwise, the connection attempt will fail. For information about support for certificates whose subject starts with a wildcard character (*), see [Accepted wildcards used by server certificates for server authentication](https://support.microsoft.com/kb/258858).| |Enlist|'true'|`true` indicates that the SQL Server connection pooler automatically enlists the connection in the creation thread's current transaction context.| |Failover Partner|N/A|The name of the failover partner server where database mirroring is configured.

If the value of this key is "", then **Initial Catalog** must be present, and its value must not be "".

The server name can be 128 characters or less.

If you specify a failover partner but the failover partner server is not configured for database mirroring and the primary server (specified with the Server keyword) is not available, then the connection will fail.

If you specify a failover partner and the primary server is not configured for database mirroring, the connection to the primary server (specified with the Server keyword) will succeed if the primary server is available.| |Initial Catalog

-or-

Database|N/A|The name of the database.

The database name can be 128 characters or less.| diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnectionString.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnectionString.cs index d7c38b4ac0..55b92e920e 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnectionString.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnectionString.cs @@ -28,7 +28,7 @@ internal static partial class DEFAULT internal const int Connect_Timeout = ADP.DefaultConnectionTimeout; internal const string Current_Language = _emptyString; internal const string Data_Source = _emptyString; - internal const bool Encrypt = false; + internal const bool Encrypt = true; internal const bool Enlist = true; internal const string FailoverPartner = _emptyString; internal const string Initial_Catalog = _emptyString; diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionString.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionString.cs index bbe2de7c35..7cde4cf58e 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionString.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionString.cs @@ -31,7 +31,7 @@ internal static class DEFAULT internal const bool Context_Connection = false; internal const string Current_Language = _emptyString; internal const string Data_Source = _emptyString; - internal const bool Encrypt = false; + internal const bool Encrypt = true; internal const bool Enlist = true; internal const string FailoverPartner = _emptyString; internal const string Initial_Catalog = _emptyString; From 961910c548053f44d963222f92e77ca5490548d7 Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Thu, 12 Aug 2021 18:29:08 -0700 Subject: [PATCH 2/6] Improve prelogin --- .../Data/SqlClient/SNI/SNILoadHandle.cs | 6 +++ .../src/Microsoft/Data/SqlClient/TdsParser.cs | 27 ++++++++++-- .../Data/SqlClient/TdsParserSafeHandles.cs | 40 +++++++++++++----- .../TdsParserStateObjectFactory.Managed.cs | 21 ++++------ .../TdsParserStateObjectFactory.Windows.cs | 23 ++++------- .../src/Microsoft/Data/SqlClient/TdsParser.cs | 30 +++++++++++--- .../Data/SqlClient/TdsParserSafeHandles.cs | 41 +++++++++++++------ 7 files changed, 126 insertions(+), 62 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs index 5f932703af..82705aa2e1 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs @@ -55,5 +55,11 @@ public EncryptionOptions Options return _encryptionOption; } } + + /// + /// Verify client encryption possibility + /// + // TODO: by adding support ENCRYPT_NOT_SUP, it could be calculated. + public bool EncryptClientPossible => true; } } diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs index c84a8e3230..6025416f2e 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -47,6 +47,11 @@ internal sealed partial class TdsParser internal readonly int _objectID = Interlocked.Increment(ref _objectTypeCount); internal int ObjectID => _objectID; + /// + /// Verify client encryption possibility. + /// + private bool EncryptClientPossible => TdsParserStateObjectFactory.Singleton.EncryptClientPossible; + // Default state object for parser internal TdsParserStateObject _physicalStateObj = null; // Default stateObj and connection for Dbnetlib and non-MARS SNI. @@ -464,6 +469,11 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) _physicalStateObj.AssignPendingDNSInfo(serverInfo.UserProtocol, FQDNforDNSCahce, ref _connHandler.pendingSQLDNSObject); } + if (encrypt && !EncryptClientPossible) + { + _encryptionOption = EncryptionOptions.NOT_SUP; + } + SqlClientEventSource.Log.TryTraceEvent(" Sending prelogin handshake"); SendPreLoginHandshake(instanceName, encrypt); @@ -674,8 +684,13 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt) case (int)PreLoginOptions.ENCRYPT: if (_encryptionOption == EncryptionOptions.NOT_SUP) { - // If OS doesn't support encryption, inform server not supported. - payload[payloadLength] = (byte)EncryptionOptions.NOT_SUP; + //If encryption is required, an error will throw. + if (encrypt) + { + _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); + _physicalStateObj.Dispose(); + ThrowExceptionAndWarning(_physicalStateObj); + } } else { @@ -877,8 +892,11 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(bool encrypt, bool trus case (EncryptionOptions.OFF): if (serverOption == EncryptionOptions.OFF) { - // Only encrypt login. - _encryptionOption = EncryptionOptions.LOGIN; + if (EncryptClientPossible) + { + // Only encrypt login. + _encryptionOption = EncryptionOptions.LOGIN; + } } else if (serverOption == EncryptionOptions.REQ) { @@ -889,6 +907,7 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(bool encrypt, bool trus break; case (EncryptionOptions.NOT_SUP): + // Server required encryption if (serverOption == EncryptionOptions.REQ) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs index 62411969ff..957cff47c2 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs @@ -18,7 +18,8 @@ internal sealed partial class SNILoadHandle : SafeHandle internal readonly SNINativeMethodWrapper.SqlAsyncCallbackDelegate WriteAsyncCallbackDispatcher = new SNINativeMethodWrapper.SqlAsyncCallbackDelegate(WriteDispatcher); private readonly uint _sniStatus = TdsEnums.SNI_UNINITIALIZED; - private readonly EncryptionOptions _encryptionOption; + private readonly EncryptionOptions _encryptionOption = EncryptionOptions.OFF; + private bool? _encryptClientPossible = null; private SNILoadHandle() : base(IntPtr.Zero, true) { @@ -30,19 +31,36 @@ private SNILoadHandle() : base(IntPtr.Zero, true) finally { _sniStatus = SNINativeMethodWrapper.SNIInitialize(); + base.handle = (IntPtr)1; // Initialize to non-zero dummy variable. + } + } - uint value = 0; - - // VSDevDiv 479597: If initialize fails, don't call QueryInfo. - if (TdsEnums.SNI_SUCCESS == _sniStatus) + /// + /// Verify client encryption possibility. + /// + public bool EncryptClientPossible + { + get + { + if (_encryptClientPossible is null) { - // Query OS to find out whether encryption is supported. - SNINativeMethodWrapper.SNIQueryInfo(SNINativeMethodWrapper.QTypes.SNI_QUERY_CLIENT_ENCRYPT_POSSIBLE, ref value); + // VSDevDiv 479597: If initialize fails, don't call QueryInfo. + if (TdsEnums.SNI_SUCCESS == _sniStatus) + { + try + { + UInt32 value = 0; + // Query OS to find out whether encryption is supported. + SNINativeMethodWrapper.SNIQueryInfo(SNINativeMethodWrapper.QTypes.SNI_QUERY_CLIENT_ENCRYPT_POSSIBLE, ref value); + _encryptClientPossible = value != 0; + } + catch (Exception e) + { + SqlClientEventSource.Log.TryTraceEvent(" Exception occurs during resolving encryption possibility: {0}", e.Message); + } + } } - - _encryptionOption = (value == 0) ? EncryptionOptions.NOT_SUP : EncryptionOptions.OFF; - - base.handle = (IntPtr)1; // Initialize to non-zero dummy variable. + return _encryptClientPossible.Value; } } diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs index 5c6a463d7c..47cfb903c8 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs @@ -13,21 +13,14 @@ internal sealed class TdsParserStateObjectFactory public static readonly TdsParserStateObjectFactory Singleton = new TdsParserStateObjectFactory(); - public EncryptionOptions EncryptionOptions - { - get - { - return SNI.SNILoadHandle.SingletonInstance.Options; - } - } + public EncryptionOptions EncryptionOptions => SNI.SNILoadHandle.SingletonInstance.Options; - public uint SNIStatus - { - get - { - return SNI.SNILoadHandle.SingletonInstance.Status; - } - } + public uint SNIStatus => SNI.SNILoadHandle.SingletonInstance.Status; + + /// + /// Verify client encryption possibility. + /// + public bool EncryptClientPossible => SNI.SNILoadHandle.SingletonInstance.EncryptClientPossible; public TdsParserStateObject CreateTdsParserStateObject(TdsParser parser) { diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs index add6430499..f91c55335d 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs @@ -16,24 +16,17 @@ internal sealed class TdsParserStateObjectFactory private static bool shouldUseManagedSNI; // If the appcontext switch is set then Use Managed SNI based on the value. Otherwise Native SNI.dll will be used by default. - public static bool UseManagedSNI { get; } = + public static bool UseManagedSNI => AppContext.TryGetSwitch(UseManagedNetworkingOnWindows, out shouldUseManagedSNI) ? shouldUseManagedSNI : false; - public EncryptionOptions EncryptionOptions - { - get - { - return UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.Options : SNILoadHandle.SingletonInstance.Options; - } - } + public EncryptionOptions EncryptionOptions => UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.Options : SNILoadHandle.SingletonInstance.Options; - public uint SNIStatus - { - get - { - return UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.Status : SNILoadHandle.SingletonInstance.Status; - } - } + public uint SNIStatus => UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.Status : SNILoadHandle.SingletonInstance.Status; + + /// + /// Verify client encryption possibility. + /// + public bool EncryptClientPossible => UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.EncryptClientPossible : SNILoadHandle.SingletonInstance.EncryptClientPossible; public TdsParserStateObject CreateTdsParserStateObject(TdsParser parser) { diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs index 14822bedf2..537767da9e 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -58,6 +58,10 @@ internal int ObjectID } } + /// + /// Verify client encryption possibility. + /// + private bool EncryptClientPossible => SNILoadHandle.SingletonInstance.EncryptClientPossible; // ReliabilitySection Usage: // @@ -644,6 +648,11 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) // for DNS Caching phase 1 AssignPendingDNSInfo(serverInfo.UserProtocol, FQDNforDNSCahce); + if(encrypt && !EncryptClientPossible) + { + _encryptionOption = EncryptionOptions.NOT_SUP; + } + // UNDONE - send "" for instance now, need to fix later SqlClientEventSource.Log.TryTraceEvent(" Sending prelogin handshake"); SendPreLoginHandshake(instanceName, encrypt, !string.IsNullOrEmpty(certificate), useOriginalAddressInfo); @@ -683,8 +692,8 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) AssignPendingDNSInfo(serverInfo.UserProtocol, FQDNforDNSCahce); SendPreLoginHandshake(instanceName, encrypt, !string.IsNullOrEmpty(certificate), useOriginalAddressInfo); - status = ConsumePreLoginHandshake(authType, encrypt, trustServerCert, integratedSecurity, serverCallback, clientCallback, out marsCapable, - out _connHandler._fedAuthRequired); + status = ConsumePreLoginHandshake(authType, encrypt, trustServerCert, integratedSecurity, serverCallback, clientCallback, + out marsCapable, out _connHandler._fedAuthRequired); // Don't need to check for Sphinx failure, since we've already consumed // one pre-login packet and know we are connecting to Shiloh. @@ -983,8 +992,13 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien case (int)PreLoginOptions.ENCRYPT: if (_encryptionOption == EncryptionOptions.NOT_SUP) { - // If OS doesn't support encryption, inform server not supported. - payload[payloadLength] = (byte)EncryptionOptions.NOT_SUP; + //If encryption is required, an error will throw. + if (encrypt) + { + _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); + _physicalStateObj.Dispose(); + ThrowExceptionAndWarning(_physicalStateObj); + } } else { @@ -1201,8 +1215,11 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien case (EncryptionOptions.OFF): if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.OFF) { - // Only encrypt login. - _encryptionOption = EncryptionOptions.LOGIN | (_encryptionOption & ~EncryptionOptions.OPTIONS_MASK); + if (EncryptClientPossible) + { + // Only encrypt login. + _encryptionOption = EncryptionOptions.LOGIN | (_encryptionOption & ~EncryptionOptions.OPTIONS_MASK); + } } else if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.REQ) { @@ -1213,6 +1230,7 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien break; case (EncryptionOptions.NOT_SUP): + // Server required encryption if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.REQ) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs index b61ed1dd34..bd04e3144d 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs @@ -20,7 +20,8 @@ internal sealed class SNILoadHandle : SafeHandle internal readonly SNINativeMethodWrapper.SqlAsyncCallbackDelegate WriteAsyncCallbackDispatcher = new SNINativeMethodWrapper.SqlAsyncCallbackDelegate(WriteDispatcher); private readonly UInt32 _sniStatus = TdsEnums.SNI_UNINITIALIZED; - private readonly EncryptionOptions _encryptionOption; + private readonly EncryptionOptions _encryptionOption = EncryptionOptions.OFF; + private bool? _encryptClientPossible = null; private SNILoadHandle() : base(IntPtr.Zero, true) { @@ -32,21 +33,37 @@ private SNILoadHandle() : base(IntPtr.Zero, true) { } finally { - _sniStatus = SNINativeMethodWrapper.SNIInitialize(); + base.handle = (IntPtr)1; // Initialize to non-zero dummy variable. + } + } - UInt32 value = 0; - - // VSDevDiv 479597: If initialize fails, don't call QueryInfo. - if (TdsEnums.SNI_SUCCESS == _sniStatus) + /// + /// Verify client encryption possibility. + /// + public bool EncryptClientPossible + { + get + { + if (_encryptClientPossible is null) { - // Query OS to find out whether encryption is supported. - SNINativeMethodWrapper.SNIQueryInfo(SNINativeMethodWrapper.QTypes.SNI_QUERY_CLIENT_ENCRYPT_POSSIBLE, ref value); + // VSDevDiv 479597: If initialize fails, don't call QueryInfo. + if (TdsEnums.SNI_SUCCESS == _sniStatus) + { + try + { + UInt32 value = 0; + // Query OS to find out whether encryption is supported. + SNINativeMethodWrapper.SNIQueryInfo(SNINativeMethodWrapper.QTypes.SNI_QUERY_CLIENT_ENCRYPT_POSSIBLE, ref value); + _encryptClientPossible = value != 0; + } + catch (Exception e) + { + SqlClientEventSource.Log.TryTraceEvent(" Exception occurs during resolving encryption possibility: {0}", e.Message); + } + } } - - _encryptionOption = (value == 0) ? EncryptionOptions.NOT_SUP : EncryptionOptions.OFF; - - base.handle = (IntPtr)1; // Initialize to non-zero dummy variable. + return _encryptClientPossible.Value; } } From afa5e4bf8e7873a1d701299ad8c7580507aa625e Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Thu, 12 Aug 2021 18:57:28 -0700 Subject: [PATCH 3/6] fix test --- .../tests/FunctionalTests/SqlConnectionBasicTests.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlConnectionBasicTests.cs b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlConnectionBasicTests.cs index e34a04a18e..edd24a7c53 100644 --- a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlConnectionBasicTests.cs +++ b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/SqlConnectionBasicTests.cs @@ -51,7 +51,8 @@ public void TransientFaultTest() SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder() { DataSource = "localhost," + server.Port, - IntegratedSecurity = true + IntegratedSecurity = true, + Encrypt = false }; using (SqlConnection connection = new SqlConnection(builder.ConnectionString)) From 85d1178df6cf2e37bc51a811edb062e6789a746b Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Tue, 17 Aug 2021 18:15:37 -0700 Subject: [PATCH 4/6] Address comments --- .../Data/SqlClient/SNI/SNILoadHandle.cs | 2 +- .../src/Microsoft/Data/SqlClient/TdsParser.cs | 33 +++++++++--------- .../Data/SqlClient/TdsParserSafeHandles.cs | 34 +++++-------------- .../TdsParserStateObjectFactory.Managed.cs | 2 +- .../TdsParserStateObjectFactory.Windows.cs | 2 +- .../src/Microsoft/Data/SqlClient/TdsParser.cs | 33 +++++++++--------- .../Data/SqlClient/TdsParserSafeHandles.cs | 34 +++++-------------- 7 files changed, 51 insertions(+), 89 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs index 82705aa2e1..c1a5e1a573 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNILoadHandle.cs @@ -60,6 +60,6 @@ public EncryptionOptions Options /// Verify client encryption possibility /// // TODO: by adding support ENCRYPT_NOT_SUP, it could be calculated. - public bool EncryptClientPossible => true; + public bool ClientOSEncryptionSupport => true; } } diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs index 6025416f2e..38dbbaa739 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -50,7 +50,7 @@ internal sealed partial class TdsParser /// /// Verify client encryption possibility. /// - private bool EncryptClientPossible => TdsParserStateObjectFactory.Singleton.EncryptClientPossible; + private bool ClientOSEncryptionSupport => TdsParserStateObjectFactory.Singleton.ClientOSEncryptionSupport; // Default state object for parser internal TdsParserStateObject _physicalStateObj = null; // Default stateObj and connection for Dbnetlib and non-MARS SNI. @@ -469,8 +469,15 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) _physicalStateObj.AssignPendingDNSInfo(serverInfo.UserProtocol, FQDNforDNSCahce, ref _connHandler.pendingSQLDNSObject); } - if (encrypt && !EncryptClientPossible) + if (!ClientOSEncryptionSupport) { + //If encryption is required, an error will throw. + if (encrypt) + { + _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); + _physicalStateObj.Dispose(); + ThrowExceptionAndWarning(_physicalStateObj); + } _encryptionOption = EncryptionOptions.NOT_SUP; } @@ -684,13 +691,8 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt) case (int)PreLoginOptions.ENCRYPT: if (_encryptionOption == EncryptionOptions.NOT_SUP) { - //If encryption is required, an error will throw. - if (encrypt) - { - _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); - _physicalStateObj.Dispose(); - ThrowExceptionAndWarning(_physicalStateObj); - } + //If encryption is not required. + payload[payloadLength] = (byte)EncryptionOptions.NOT_SUP; } else { @@ -880,7 +882,7 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(bool encrypt, bool trus switch (_encryptionOption) { case (EncryptionOptions.ON): - if (serverOption == EncryptionOptions.NOT_SUP) + if (serverOption != EncryptionOptions.ON) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByServer(), "", 0)); _physicalStateObj.Dispose(); @@ -892,23 +894,20 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(bool encrypt, bool trus case (EncryptionOptions.OFF): if (serverOption == EncryptionOptions.OFF) { - if (EncryptClientPossible) - { - // Only encrypt login. - _encryptionOption = EncryptionOptions.LOGIN; - } + // Only encrypt login. + _encryptionOption = EncryptionOptions.LOGIN; } else if (serverOption == EncryptionOptions.REQ) { // Encrypt all. _encryptionOption = EncryptionOptions.ON; } - + // NOT_SUP: No encryption. break; case (EncryptionOptions.NOT_SUP): // Server required encryption - if (serverOption == EncryptionOptions.REQ) + if (serverOption != EncryptionOptions.NOT_SUP) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); _physicalStateObj.Dispose(); diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs index 957cff47c2..980e0d556c 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs @@ -19,7 +19,7 @@ internal sealed partial class SNILoadHandle : SafeHandle private readonly uint _sniStatus = TdsEnums.SNI_UNINITIALIZED; private readonly EncryptionOptions _encryptionOption = EncryptionOptions.OFF; - private bool? _encryptClientPossible = null; + private bool? _clientOSEncryptionSupport = null; private SNILoadHandle() : base(IntPtr.Zero, true) { @@ -38,11 +38,11 @@ private SNILoadHandle() : base(IntPtr.Zero, true) /// /// Verify client encryption possibility. /// - public bool EncryptClientPossible + public bool ClientOSEncryptionSupport { get { - if (_encryptClientPossible is null) + if (_clientOSEncryptionSupport is null) { // VSDevDiv 479597: If initialize fails, don't call QueryInfo. if (TdsEnums.SNI_SUCCESS == _sniStatus) @@ -52,7 +52,7 @@ public bool EncryptClientPossible UInt32 value = 0; // Query OS to find out whether encryption is supported. SNINativeMethodWrapper.SNIQueryInfo(SNINativeMethodWrapper.QTypes.SNI_QUERY_CLIENT_ENCRYPT_POSSIBLE, ref value); - _encryptClientPossible = value != 0; + _clientOSEncryptionSupport = value != 0; } catch (Exception e) { @@ -60,17 +60,11 @@ public bool EncryptClientPossible } } } - return _encryptClientPossible.Value; + return _clientOSEncryptionSupport.Value; } } - public override bool IsInvalid - { - get - { - return (IntPtr.Zero == base.handle); - } - } + public override bool IsInvalid => (IntPtr.Zero == base.handle); override protected bool ReleaseHandle() { @@ -87,21 +81,9 @@ override protected bool ReleaseHandle() return true; } - public uint Status - { - get - { - return _sniStatus; - } - } + public uint Status => _sniStatus; - public EncryptionOptions Options - { - get - { - return _encryptionOption; - } - } + public EncryptionOptions Options => _encryptionOption; private static void ReadDispatcher(IntPtr key, IntPtr packet, uint error) { diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs index 47cfb903c8..86bc3013a9 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Managed.cs @@ -20,7 +20,7 @@ internal sealed class TdsParserStateObjectFactory /// /// Verify client encryption possibility. /// - public bool EncryptClientPossible => SNI.SNILoadHandle.SingletonInstance.EncryptClientPossible; + public bool ClientOSEncryptionSupport => SNI.SNILoadHandle.SingletonInstance.ClientOSEncryptionSupport; public TdsParserStateObject CreateTdsParserStateObject(TdsParser parser) { diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs index f91c55335d..6785d7c2fd 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectFactory.Windows.cs @@ -26,7 +26,7 @@ internal sealed class TdsParserStateObjectFactory /// /// Verify client encryption possibility. /// - public bool EncryptClientPossible => UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.EncryptClientPossible : SNILoadHandle.SingletonInstance.EncryptClientPossible; + public bool ClientOSEncryptionSupport => UseManagedSNI ? SNI.SNILoadHandle.SingletonInstance.ClientOSEncryptionSupport : SNILoadHandle.SingletonInstance.ClientOSEncryptionSupport; public TdsParserStateObject CreateTdsParserStateObject(TdsParser parser) { diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs index 537767da9e..e95925c5de 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -61,7 +61,7 @@ internal int ObjectID /// /// Verify client encryption possibility. /// - private bool EncryptClientPossible => SNILoadHandle.SingletonInstance.EncryptClientPossible; + private bool ClientOSEncryptionSupport => SNILoadHandle.SingletonInstance.ClientOSEncryptionSupport; // ReliabilitySection Usage: // @@ -648,8 +648,15 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) // for DNS Caching phase 1 AssignPendingDNSInfo(serverInfo.UserProtocol, FQDNforDNSCahce); - if(encrypt && !EncryptClientPossible) + if(!ClientOSEncryptionSupport) { + //If encryption is required, an error will throw. + if (encrypt) + { + _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); + _physicalStateObj.Dispose(); + ThrowExceptionAndWarning(_physicalStateObj); + } _encryptionOption = EncryptionOptions.NOT_SUP; } @@ -992,13 +999,8 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien case (int)PreLoginOptions.ENCRYPT: if (_encryptionOption == EncryptionOptions.NOT_SUP) { - //If encryption is required, an error will throw. - if (encrypt) - { - _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); - _physicalStateObj.Dispose(); - ThrowExceptionAndWarning(_physicalStateObj); - } + //If encryption is not required. + payload[payloadLength] = (byte)EncryptionOptions.NOT_SUP; } else { @@ -1203,7 +1205,7 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien switch (_encryptionOption & EncryptionOptions.OPTIONS_MASK) { case (EncryptionOptions.ON): - if (serverOption == EncryptionOptions.NOT_SUP) + if ((serverOption & EncryptionOptions.OPTIONS_MASK) != EncryptionOptions.ON) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByServer(), "", 0)); _physicalStateObj.Dispose(); @@ -1215,23 +1217,20 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien case (EncryptionOptions.OFF): if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.OFF) { - if (EncryptClientPossible) - { - // Only encrypt login. - _encryptionOption = EncryptionOptions.LOGIN | (_encryptionOption & ~EncryptionOptions.OPTIONS_MASK); - } + // Only encrypt login. + _encryptionOption = EncryptionOptions.LOGIN | (_encryptionOption & ~EncryptionOptions.OPTIONS_MASK); } else if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.REQ) { // Encrypt all. _encryptionOption = EncryptionOptions.ON | (_encryptionOption & ~EncryptionOptions.OPTIONS_MASK); } - + // NOT_SUP: No encryption. break; case (EncryptionOptions.NOT_SUP): // Server required encryption - if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.REQ) + if ((serverOption & EncryptionOptions.OPTIONS_MASK) != EncryptionOptions.NOT_SUP) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); _physicalStateObj.Dispose(); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs index bd04e3144d..591bd4f0a7 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserSafeHandles.cs @@ -21,7 +21,7 @@ internal sealed class SNILoadHandle : SafeHandle private readonly UInt32 _sniStatus = TdsEnums.SNI_UNINITIALIZED; private readonly EncryptionOptions _encryptionOption = EncryptionOptions.OFF; - private bool? _encryptClientPossible = null; + private bool? _clientOSEncryptionSupport = null; private SNILoadHandle() : base(IntPtr.Zero, true) { @@ -41,11 +41,11 @@ private SNILoadHandle() : base(IntPtr.Zero, true) /// /// Verify client encryption possibility. /// - public bool EncryptClientPossible + public bool ClientOSEncryptionSupport { get { - if (_encryptClientPossible is null) + if (_clientOSEncryptionSupport is null) { // VSDevDiv 479597: If initialize fails, don't call QueryInfo. if (TdsEnums.SNI_SUCCESS == _sniStatus) @@ -55,7 +55,7 @@ public bool EncryptClientPossible UInt32 value = 0; // Query OS to find out whether encryption is supported. SNINativeMethodWrapper.SNIQueryInfo(SNINativeMethodWrapper.QTypes.SNI_QUERY_CLIENT_ENCRYPT_POSSIBLE, ref value); - _encryptClientPossible = value != 0; + _clientOSEncryptionSupport = value != 0; } catch (Exception e) { @@ -63,17 +63,11 @@ public bool EncryptClientPossible } } } - return _encryptClientPossible.Value; + return _clientOSEncryptionSupport.Value; } } - public override bool IsInvalid - { - get - { - return (IntPtr.Zero == base.handle); - } - } + public override bool IsInvalid => (IntPtr.Zero == base.handle); override protected bool ReleaseHandle() { @@ -90,21 +84,9 @@ override protected bool ReleaseHandle() return true; } - public UInt32 SNIStatus - { - get - { - return _sniStatus; - } - } + public UInt32 SNIStatus => _sniStatus; - public EncryptionOptions Options - { - get - { - return _encryptionOption; - } - } + public EncryptionOptions Options => _encryptionOption; static private void ReadDispatcher(IntPtr key, IntPtr packet, UInt32 error) { From 557ef6ee79aaa9714eca2288fc01721eb289c67e Mon Sep 17 00:00:00 2001 From: Davoud Eshtehari Date: Wed, 18 Aug 2021 11:39:06 -0700 Subject: [PATCH 5/6] Address comments --- .../netcore/src/Microsoft/Data/SqlClient/TdsParser.cs | 5 ++--- .../netfx/src/Microsoft/Data/SqlClient/TdsParser.cs | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs index 38dbbaa739..089d8a9295 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -882,7 +882,7 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(bool encrypt, bool trus switch (_encryptionOption) { case (EncryptionOptions.ON): - if (serverOption != EncryptionOptions.ON) + if (serverOption == EncryptionOptions.NOT_SUP) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByServer(), "", 0)); _physicalStateObj.Dispose(); @@ -906,8 +906,7 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(bool encrypt, bool trus break; case (EncryptionOptions.NOT_SUP): - // Server required encryption - if (serverOption != EncryptionOptions.NOT_SUP) + if (serverOption == EncryptionOptions.REQ) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); _physicalStateObj.Dispose(); diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs index e95925c5de..a92e85fd23 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -1205,7 +1205,7 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien switch (_encryptionOption & EncryptionOptions.OPTIONS_MASK) { case (EncryptionOptions.ON): - if ((serverOption & EncryptionOptions.OPTIONS_MASK) != EncryptionOptions.ON) + if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.NOT_SUP) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByServer(), "", 0)); _physicalStateObj.Dispose(); @@ -1229,8 +1229,7 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien break; case (EncryptionOptions.NOT_SUP): - // Server required encryption - if ((serverOption & EncryptionOptions.OPTIONS_MASK) != EncryptionOptions.NOT_SUP) + if ((serverOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.REQ) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); _physicalStateObj.Dispose(); From 4368648f481ba388b41192c1705ac9c4fab2ed45 Mon Sep 17 00:00:00 2001 From: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com> Date: Wed, 18 Aug 2021 17:17:22 -0700 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Cheena Malhotra --- .../netcore/src/Microsoft/Data/SqlClient/TdsParser.cs | 4 ++-- .../netfx/src/Microsoft/Data/SqlClient/TdsParser.cs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs index 089d8a9295..84867ed20c 100644 --- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -471,7 +471,7 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) if (!ClientOSEncryptionSupport) { - //If encryption is required, an error will throw. + //If encryption is required, an error will be thrown. if (encrypt) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); @@ -691,7 +691,7 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt) case (int)PreLoginOptions.ENCRYPT: if (_encryptionOption == EncryptionOptions.NOT_SUP) { - //If encryption is not required. + //If OS doesn't support encryption and encryption is not required, inform server "not supported" by client. payload[payloadLength] = (byte)EncryptionOptions.NOT_SUP; } else diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs index a92e85fd23..c72a02daba 100644 --- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs +++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs @@ -650,7 +650,7 @@ internal void ProcessPendingAck(TdsParserStateObject stateObj) if(!ClientOSEncryptionSupport) { - //If encryption is required, an error will throw. + //If encryption is required, an error will be thrown. if (encrypt) { _physicalStateObj.AddError(new SqlError(TdsEnums.ENCRYPTION_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.EncryptionNotSupportedByClient(), "", 0)); @@ -999,7 +999,7 @@ private void SendPreLoginHandshake(byte[] instanceName, bool encrypt, bool clien case (int)PreLoginOptions.ENCRYPT: if (_encryptionOption == EncryptionOptions.NOT_SUP) { - //If encryption is not required. + //If OS doesn't support encryption and encryption is not required, inform server "not supported" by client. payload[payloadLength] = (byte)EncryptionOptions.NOT_SUP; } else