Fix Windows DLL boundary issues

tss-esapi/src/context.rs

@@ -15,7 +15,7 @@ use handle_manager::HandleManager;
 use log::{debug, error};
 use malloced::Malloced;
 use std::collections::HashMap;
-use std::ptr::null_mut;
+use std::{ffi::c_void, ptr, ptr::null_mut};
 
 /// Safe abstraction over an ESYS_CONTEXT.
 ///
@@ -454,12 +454,16 @@ impl Context {
 
     /// Private function for handling that has been allocated with
     /// C memory allocation functions in TSS.
-    fn ffi_data_to_owned<T: Copy>(data_ptr: *mut T) -> T {
-        let out = unsafe { *data_ptr };
+    fn ffi_data_to_owned<T: Copy>(data_ptr: *mut T) -> Result<T> {
+        if data_ptr.is_null() {
+            error!("Null pointer received from TSS");
+            return Err(Error::local_error(ErrorKind::WrongValueFromTpm));
+        }
+
+        let out = unsafe { ptr::read(data_ptr) };
+        unsafe { Esys_Free(data_ptr.cast::<c_void>()) };
 
-        // Free the malloced data.
-        drop(unsafe { Malloced::from_raw(data_ptr) });
-        out
+        Ok(out)
     }
 }
 

tss-esapi/src/context/general_esys_tr.rs

@@ -139,7 +139,7 @@ impl Context {
                 error!("Error in getting name: {:#010X}", ret);
             },
         )?;
-        Name::try_from(Context::ffi_data_to_owned(name_ptr))
+        Name::try_from(Context::ffi_data_to_owned(name_ptr)?)
     }
 
     /// Used to construct an esys object from the resources inside the TPM.

tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs

@@ -39,7 +39,7 @@ impl Context {
                 error!("Error when performing RSA encryption: {:#010X}", ret);
             },
         )?;
-        PublicKeyRsa::try_from(Context::ffi_data_to_owned(out_data_ptr))
+        PublicKeyRsa::try_from(Context::ffi_data_to_owned(out_data_ptr)?)
     }
 
     /// Perform an asymmetric RSA decryption.
@@ -69,7 +69,7 @@ impl Context {
                 error!("Error when performing RSA decryption: {:#010X}", ret);
             },
         )?;
-        PublicKeyRsa::try_from(Context::ffi_data_to_owned(message_ptr))
+        PublicKeyRsa::try_from(Context::ffi_data_to_owned(message_ptr)?)
     }
 
     /// Generate an ephemeral key pair.
@@ -199,8 +199,8 @@ impl Context {
             },
         )?;
 
-        let z_point = Context::ffi_data_to_owned(z_point_ptr);
-        let pub_point = Context::ffi_data_to_owned(pub_point_ptr);
+        let z_point = Context::ffi_data_to_owned(z_point_ptr)?;
+        let pub_point = Context::ffi_data_to_owned(pub_point_ptr)?;
         Ok((
             EccPoint::try_from(z_point.point)?,
             EccPoint::try_from(pub_point.point)?,
@@ -335,7 +335,7 @@ impl Context {
                 error!("Error when performing ECDH ZGen: {:#010X}", ret);
             },
         )?;
-        let out_point = Context::ffi_data_to_owned(out_point_ptr);
+        let out_point = Context::ffi_data_to_owned(out_point_ptr)?;
         EccPoint::try_from(out_point.point)
     }
 

tss-esapi/src/context/tpm_commands/attestation_commands.rs

@@ -147,8 +147,8 @@ impl Context {
             },
         )?;
 
-        let certify_info = Context::ffi_data_to_owned(certify_info_ptr);
-        let signature = Context::ffi_data_to_owned(signature_ptr);
+        let certify_info = Context::ffi_data_to_owned(certify_info_ptr)?;
+        let signature = Context::ffi_data_to_owned(signature_ptr)?;
         Ok((
             Attest::try_from(AttestBuffer::try_from(certify_info)?)?,
             Signature::try_from(signature)?,
@@ -272,8 +272,8 @@ impl Context {
             },
         )?;
 
-        let certify_info = Context::ffi_data_to_owned(certify_info_ptr);
-        let signature = Context::ffi_data_to_owned(signature_ptr);
+        let certify_info = Context::ffi_data_to_owned(certify_info_ptr)?;
+        let signature = Context::ffi_data_to_owned(signature_ptr)?;
         Ok((
             Attest::try_from(AttestBuffer::try_from(certify_info)?)?,
             Signature::try_from(signature)?,
@@ -313,8 +313,8 @@ impl Context {
             },
         )?;
 
-        let quoted = Context::ffi_data_to_owned(quoted_ptr);
-        let signature = Context::ffi_data_to_owned(signature_ptr);
+        let quoted = Context::ffi_data_to_owned(quoted_ptr)?;
+        let signature = Context::ffi_data_to_owned(signature_ptr)?;
         Ok((
             Attest::try_from(AttestBuffer::try_from(quoted)?)?,
             Signature::try_from(signature)?,
@@ -426,8 +426,8 @@ impl Context {
             },
         )?;
 
-        let timeinfo = Context::ffi_data_to_owned(timeinfo_ptr);
-        let signature = Context::ffi_data_to_owned(signature_ptr);
+        let timeinfo = Context::ffi_data_to_owned(timeinfo_ptr)?;
+        let signature = Context::ffi_data_to_owned(signature_ptr)?;
         Ok((
             Attest::try_from(AttestBuffer::try_from(timeinfo)?)?,
             Signature::try_from(signature)?,

tss-esapi/src/context/tpm_commands/capability_commands.rs

@@ -69,7 +69,7 @@ impl Context {
         )?;
 
         Ok((
-            CapabilityData::try_from(Context::ffi_data_to_owned(capability_data_ptr))?,
+            CapabilityData::try_from(Context::ffi_data_to_owned(capability_data_ptr)?)?,
             YesNo::try_from(more_data)?.into(),
         ))
     }

tss-esapi/src/context/tpm_commands/context_management.rs

@@ -26,7 +26,7 @@ impl Context {
                 error!("Error in saving context: {:#010X}", ret);
             },
         )?;
-        SavedTpmContext::try_from(Context::ffi_data_to_owned(context_ptr))
+        SavedTpmContext::try_from(Context::ffi_data_to_owned(context_ptr)?)
     }
 
     /// Load a previously saved context into the TPM and return the object handle.

tss-esapi/src/context/tpm_commands/duplication_commands.rs

@@ -327,9 +327,9 @@ impl Context {
         )?;
 
         Ok((
-            Data::try_from(Context::ffi_data_to_owned(encryption_key_out_ptr))?,
-            Private::try_from(Context::ffi_data_to_owned(duplicate_ptr))?,
-            EncryptedSecret::try_from(Context::ffi_data_to_owned(out_sym_seed_ptr))?,
+            Data::try_from(Context::ffi_data_to_owned(encryption_key_out_ptr)?)?,
+            Private::try_from(Context::ffi_data_to_owned(duplicate_ptr)?)?,
+            EncryptedSecret::try_from(Context::ffi_data_to_owned(out_sym_seed_ptr)?)?,
         ))
     }
 
@@ -683,6 +683,6 @@ impl Context {
                 error!("Error when performing import: {:#010X}", ret);
             },
         )?;
-        Private::try_from(Context::ffi_data_to_owned(out_private_ptr))
+        Private::try_from(Context::ffi_data_to_owned(out_private_ptr)?)
     }
 }

tss-esapi/src/context/tpm_commands/enhanced_authorization_ea_commands.rs

@@ -64,8 +64,8 @@ impl Context {
             },
         )?;
         Ok((
-            Timeout::try_from(Context::ffi_data_to_owned(out_timeout_ptr))?,
-            AuthTicket::try_from(Context::ffi_data_to_owned(out_policy_ticket_ptr))?,
+            Timeout::try_from(Context::ffi_data_to_owned(out_timeout_ptr)?)?,
+            AuthTicket::try_from(Context::ffi_data_to_owned(out_policy_ticket_ptr)?)?,
         ))
     }
 
@@ -106,8 +106,8 @@ impl Context {
             },
         )?;
         Ok((
-            Timeout::try_from(Context::ffi_data_to_owned(out_timeout_ptr))?,
-            AuthTicket::try_from(Context::ffi_data_to_owned(out_policy_ticket_ptr))?,
+            Timeout::try_from(Context::ffi_data_to_owned(out_timeout_ptr)?)?,
+            AuthTicket::try_from(Context::ffi_data_to_owned(out_policy_ticket_ptr)?)?,
         ))
     }
 
@@ -533,7 +533,7 @@ impl Context {
             },
         )?;
 
-        Digest::try_from(Context::ffi_data_to_owned(policy_digest_ptr))
+        Digest::try_from(Context::ffi_data_to_owned(policy_digest_ptr)?)
     }
 
     /// Cause conditional gating of a policy based on NV written state.

tss-esapi/src/context/tpm_commands/hierarchy_commands.rs

@@ -70,10 +70,10 @@ impl Context {
                 error!("Error in creating primary key: {:#010X}", ret);
             },
         )?;
-        let out_public_owned = Context::ffi_data_to_owned(out_public_ptr);
-        let creation_data_owned = Context::ffi_data_to_owned(creation_data_ptr);
-        let creation_hash_owned = Context::ffi_data_to_owned(creation_hash_ptr);
-        let creation_ticket_owned = Context::ffi_data_to_owned(creation_ticket_ptr);
+        let out_public_owned = Context::ffi_data_to_owned(out_public_ptr)?;
+        let creation_data_owned = Context::ffi_data_to_owned(creation_data_ptr)?;
+        let creation_hash_owned = Context::ffi_data_to_owned(creation_hash_ptr)?;
+        let creation_ticket_owned = Context::ffi_data_to_owned(creation_ticket_ptr)?;
         let primary_key_handle = KeyHandle::from(object_handle);
         self.handle_manager
             .add_handle(primary_key_handle.into(), HandleDropAction::Flush)?;

tss-esapi/src/context/tpm_commands/integrity_collection_pcr.rs

@@ -175,8 +175,8 @@ impl Context {
 
         Ok((
             pcr_update_counter,
-            PcrSelectionList::try_from(Context::ffi_data_to_owned(pcr_selection_out_ptr))?,
-            DigestList::try_from(Context::ffi_data_to_owned(pcr_values_ptr))?,
+            PcrSelectionList::try_from(Context::ffi_data_to_owned(pcr_selection_out_ptr)?)?,
+            DigestList::try_from(Context::ffi_data_to_owned(pcr_values_ptr)?)?,
         ))
     }
 

tss-esapi/src/context/tpm_commands/non_volatile_storage.rs

@@ -476,8 +476,8 @@ impl Context {
         )?;
 
         Ok((
-            NvPublic::try_from(Context::ffi_data_to_owned(nv_public_ptr))?,
-            Name::try_from(Context::ffi_data_to_owned(nv_name_ptr))?,
+            NvPublic::try_from(Context::ffi_data_to_owned(nv_public_ptr)?)?,
+            Name::try_from(Context::ffi_data_to_owned(nv_name_ptr)?)?,
         ))
     }
 
@@ -825,7 +825,7 @@ impl Context {
                 error!("Error when reading NV: {:#010X}", ret);
             },
         )?;
-        MaxNvBuffer::try_from(Context::ffi_data_to_owned(data_ptr))
+        MaxNvBuffer::try_from(Context::ffi_data_to_owned(data_ptr)?)
     }
 
     // Missing function: NV_ReadLock

tss-esapi/src/context/tpm_commands/object_commands.rs

@@ -216,9 +216,9 @@ impl Context {
             },
         )?;
         Ok((
-            Public::try_from(Context::ffi_data_to_owned(out_public_ptr))?,
-            Name::try_from(Context::ffi_data_to_owned(name_ptr))?,
-            Name::try_from(Context::ffi_data_to_owned(qualified_name_ptr))?,
+            Public::try_from(Context::ffi_data_to_owned(out_public_ptr)?)?,
+            Name::try_from(Context::ffi_data_to_owned(name_ptr)?)?,
+            Name::try_from(Context::ffi_data_to_owned(qualified_name_ptr)?)?,
         ))
     }
 
@@ -250,7 +250,7 @@ impl Context {
             },
         )?;
 
-        Digest::try_from(Context::ffi_data_to_owned(cert_info_ptr))
+        Digest::try_from(Context::ffi_data_to_owned(cert_info_ptr)?)
     }
 
     /// Perform actions to create a [IdObject] containing an activation credential.
@@ -283,8 +283,8 @@ impl Context {
             },
         )?;
         Ok((
-            IdObject::try_from(Context::ffi_data_to_owned(credential_blob_ptr))?,
-            EncryptedSecret::try_from(Context::ffi_data_to_owned(secret_ptr))?,
+            IdObject::try_from(Context::ffi_data_to_owned(credential_blob_ptr)?)?,
+            EncryptedSecret::try_from(Context::ffi_data_to_owned(secret_ptr)?)?,
         ))
     }
 
@@ -307,7 +307,7 @@ impl Context {
                 error!("Error in unsealing: {:#010X}", ret);
             },
         )?;
-        SensitiveData::try_from(Context::ffi_data_to_owned(out_data_ptr))
+        SensitiveData::try_from(Context::ffi_data_to_owned(out_data_ptr)?)
     }
 
     /// Change authorization for a TPM-resident object.
@@ -335,7 +335,7 @@ impl Context {
                 error!("Error changing object auth: {:#010X}", ret);
             },
         )?;
-        Private::try_from(Context::ffi_data_to_owned(out_private_ptr))
+        Private::try_from(Context::ffi_data_to_owned(out_private_ptr)?)
     }
 
     // Missing function: CreateLoaded

tss-esapi/src/context/tpm_commands/object_commands/create_command_output.rs

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::{
+    ffi::take_from_esys,
     structures::{CreateKeyResult, CreationData, CreationTicket, Digest, Private, Public},
     tss2_esys::{TPM2B_CREATION_DATA, TPM2B_DIGEST, TPM2B_PRIVATE, TPM2B_PUBLIC, TPMT_TK_CREATION},
     Error, Result,
@@ -61,17 +62,28 @@ impl CreateCommandOutputHandler {
 impl TryFrom<CreateCommandOutputHandler> for CreateKeyResult {
     type Error = Error;
 
-    fn try_from(ffi_data_handler: CreateCommandOutputHandler) -> Result<CreateKeyResult> {
-        let out_private_owned =
-            crate::ffi::to_owned_with_zeroized_source(ffi_data_handler.ffi_out_private_ptr);
-        let out_public_owned =
-            crate::ffi::to_owned_with_zeroized_source(ffi_data_handler.ffi_out_public_ptr);
+    fn try_from(mut ffi_data_handler: CreateCommandOutputHandler) -> Result<CreateKeyResult> {
+        // Take and free with Esys_Free; then null out the handler's fields so Drop (if any)
+        // won't free them a second time.
+
+        let out_private_owned = unsafe { take_from_esys(ffi_data_handler.ffi_out_private_ptr)? };
+        ffi_data_handler.ffi_out_private_ptr = null_mut();
+
+        let out_public_owned = unsafe { take_from_esys(ffi_data_handler.ffi_out_public_ptr)? };
+        ffi_data_handler.ffi_out_public_ptr = null_mut();
+
         let creation_data_owned =
-            crate::ffi::to_owned_with_zeroized_source(ffi_data_handler.ffi_creation_data_ptr);
+            unsafe { take_from_esys(ffi_data_handler.ffi_creation_data_ptr)? };
+        ffi_data_handler.ffi_creation_data_ptr = null_mut();
+
         let creation_hash_owned =
-            crate::ffi::to_owned_with_zeroized_source(ffi_data_handler.ffi_creation_hash_ptr);
+            unsafe { take_from_esys(ffi_data_handler.ffi_creation_hash_ptr)? };
+        ffi_data_handler.ffi_creation_hash_ptr = null_mut();
+
         let creation_ticket_owned =
-            crate::ffi::to_owned_with_zeroized_source(ffi_data_handler.ffi_creation_ticket_ptr);
+            unsafe { take_from_esys(ffi_data_handler.ffi_creation_ticket_ptr)? };
+        ffi_data_handler.ffi_creation_ticket_ptr = null_mut();
+
         Ok(CreateKeyResult {
             out_private: Private::try_from(out_private_owned)?,
             out_public: Public::try_from(out_public_owned)?,

tss-esapi/src/context/tpm_commands/random_number_generator.rs

@@ -33,7 +33,7 @@ impl Context {
                 error!("Error in getting random bytes: {:#010X}", ret);
             },
         )?;
-        Digest::try_from(Context::ffi_data_to_owned(random_bytes_ptr))
+        Digest::try_from(Context::ffi_data_to_owned(random_bytes_ptr)?)
     }
 
     /// Add additional information into the TPM RNG state

tss-esapi/src/context/tpm_commands/signing_and_signature_verification.rs

@@ -36,7 +36,7 @@ impl Context {
                 error!("Error when verifying signature: {:#010X}", ret);
             },
         )?;
-        VerifiedTicket::try_from(Context::ffi_data_to_owned(validation_ptr))
+        VerifiedTicket::try_from(Context::ffi_data_to_owned(validation_ptr)?)
     }
 
     /// Sign a digest with a key present in the TPM and return the signature.
@@ -118,6 +118,6 @@ impl Context {
                 error!("Error when signing: {:#010X}", ret);
             },
         )?;
-        Signature::try_from(Context::ffi_data_to_owned(signature_ptr))
+        Signature::try_from(Context::ffi_data_to_owned(signature_ptr)?)
     }
 }

tss-esapi/src/context/tpm_commands/symmetric_primitives.rs

@@ -215,8 +215,8 @@ impl Context {
             },
         )?;
         Ok((
-            MaxBuffer::try_from(Context::ffi_data_to_owned(out_data_ptr))?,
-            InitialValue::try_from(Context::ffi_data_to_owned(iv_out_ptr))?,
+            MaxBuffer::try_from(Context::ffi_data_to_owned(out_data_ptr)?)?,
+            InitialValue::try_from(Context::ffi_data_to_owned(iv_out_ptr)?)?,
         ))
     }
 
@@ -290,8 +290,8 @@ impl Context {
             },
         )?;
         Ok((
-            Digest::try_from(Context::ffi_data_to_owned(out_hash_ptr))?,
-            HashcheckTicket::try_from(Context::ffi_data_to_owned(validation_ptr))?,
+            Digest::try_from(Context::ffi_data_to_owned(out_hash_ptr)?)?,
+            HashcheckTicket::try_from(Context::ffi_data_to_owned(validation_ptr)?)?,
         ))
     }
 
@@ -369,7 +369,7 @@ impl Context {
                 error!("Error in hmac: {:#010X}", ret);
             },
         )?;
-        Digest::try_from(Context::ffi_data_to_owned(out_hmac_ptr))
+        Digest::try_from(Context::ffi_data_to_owned(out_hmac_ptr)?)
     }
 
     // Missing function: MAC

tss-esapi/src/context/tpm_commands/testing.rs

@@ -75,7 +75,7 @@ impl Context {
             },
         )?;
         Ok((
-            MaxBuffer::try_from(Context::ffi_data_to_owned(out_data_ptr))?,
+            MaxBuffer::try_from(Context::ffi_data_to_owned(out_data_ptr)?)?,
             ReturnCode::ensure_success(test_result, |_| {}),
         ))
     }