Segmentation fault in test_fapi.py::TestFapiECC::test_policy_signed

[aplanas]

When running the test test_policy_signed I have a segmentation error, when running with tpm2-tss 3.2.0 with and without LTO optimizations:

abuild@localhost:~/rpmbuild/BUILD/tpm2-pytss-1.2.0> pytest-3.10 --ignore=_build.python3 -v -s test/test_fapi.py::TestFapiECC::test_policy_signed
============================================================================================================================ test session starts =============================================================================================================================
platform linux -- Python 3.10.5, pytest-7.1.1, pluggy-1.0.0 -- /usr/bin/python3.10
cachedir: .pytest_cache
rootdir: /home/abuild/rpmbuild/BUILD/tpm2-pytss-1.2.0
collected 1 item                                                                                                                                                                                                                                                             

test/test_fapi.py::TestFapiECC::test_policy_signed WARNING:fapi:src/tss2-fapi/ifapi_io.c:339:ifapi_io_check_create_dir() Directory /tmp/tmpapivxu2k/policy does not exist, creating 
ERROR:fapi:src/tss2-fapi/ifapi_policy_callbacks.c:704:ifapi_sign_buffer() ErrorCode (0x0006002a) No signature callback. 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:471:execute_policy_signed() ErrorCode (0x0006002a) Execute policy signature callback. 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:1507:execute_policy_element() ErrorCode (0x0006002a) Execute policy signed 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:1722:ifapi_policyeval_execute() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/ifapi_policyutil_execute.c:296:ifapi_policyutil_execute() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/fapi_util.c:2117:ifapi_authorize_object() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/fapi_util.c:2812:ifapi_key_sign() ErrorCode (0x0006002a) Authorize signature key. 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:299:Fapi_Sign_Finish() Fapi sign. ErrorCode (0x0006002a) 
ERROR:esys:src/tss2-esys/esys_iutil.c:1096:esys_GetResourceObject() Error: Esys handle does not exist (70018). 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x00070018) 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x00070018) 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:130:Fapi_Sign() ErrorCode (0x0006002a) Key_Sign 
ERROR:fapi:src/tss2-fapi/fapi_crypto.c:740:ifapi_ecc_der_sig_to_tpm() Invalid DER signature  
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:477:execute_policy_signed() ErrorCode (0x00060001) Convert der signature into TPM format 
Fatal Python error: Segmentation fault

Current thread 0x00007f5d93756440 (most recent call first):
  File "/home/abuild/rpmbuild/BUILDROOT/python-tpm2-pytss-1.2.0-0.x86_64/usr/lib64/python3.10/site-packages/tpm2_pytss/FAPI.py", line 335 in sign
  File "/home/abuild/rpmbuild/BUILD/tpm2-pytss-1.2.0/test/test_fapi.py", line 777 in test_policy_signed
  File "/usr/lib/python3.10/site-packages/_pytest/python.py", line 192 in pytest_pyfunc_call
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/python.py", line 1761 in runtest
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 166 in pytest_runtest_call
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 259 in <lambda>
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 338 in from_call
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 258 in call_runtest_hook
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 219 in call_and_report
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 130 in runtestprotocol
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 111 in pytest_runtest_protocol
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 347 in pytest_runtestloop
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 322 in _main
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 268 in wrap_session
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 315 in pytest_cmdline_main
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/config/__init__.py", line 164 in main
  File "/usr/lib/python3.10/site-packages/_pytest/config/__init__.py", line 187 in console_main
  File "/usr/bin/pytest-3.10", line 33 in <module>

Extension modules: _cffi_backend (total: 1)
Segmentation fault (core dumped)

[whooo]

Could you get a backtrace from the coredump?

[aplanas]

#0  0x00007f97297186bc in __pthread_kill_implementation () from /lib64/libc.so.6
#1  0x00007f97296c56f6 in raise () from /lib64/libc.so.6
#2  <signal handler called>
#3  0x00007f97297279e9 in free () from /lib64/libc.so.6
#4  0x00007f9728018542 in execute_policy_signed (esys_ctx=0x55d30f27dfc0, policy=<optimized out>, current_policy=0x55d30f296bf0) at src/tss2-fapi/ifapi_policy_execute.c:528
#5  0x00007f972801ccdc in execute_policy_element (current_policy=0x55d30f296bf0, hash_alg=11, policy=0x55d30f296018, esys_ctx=0x55d30f27dfc0) at src/tss2-fapi/ifapi_policy_execute.c:1504
#6  ifapi_policyeval_execute (current_policy=<optimized out>, esys_ctx=0x55d30f27dfc0) at src/tss2-fapi/ifapi_policy_execute.c:1709
#7  ifapi_policyutil_execute (context=0x55d30f2728d0, session=0x7ffd85e3fc50) at src/tss2-fapi/ifapi_policyutil_execute.c:290
#8  0x00007f9727ff4f42 in ifapi_authorize_object (context=context@entry=0x55d30f2728d0, object=object@entry=0x55d30f27c470, session=session@entry=0x7ffd85e3fc50) at src/tss2-fapi/fapi_util.c:2113
#9  0x00007f9727ff6bbe in ifapi_key_sign (context=0x55d30f2728d0, sig_key_object=0x55d30f27c470, padding=0x0, digest=0x55d30f27defc, tpm_signature=0x55d30f27df50, publicKey=0x55d30f27df88, certificate=0x55d30f27df70) at src/tss2-fapi/fapi_util.c:2811
#10 0x00007f9727fe843b in Fapi_Sign_Finish (context=context@entry=0x55d30f2728d0, signature=signature@entry=0x55d30f2c1a50, signatureSize=signatureSize@entry=0x55d30f29d750, publicKey=publicKey@entry=0x55d30f285080, certificate=certificate@entry=0x55d30f282180)
    at src/tss2-fapi/api/Fapi_Sign.c:294
#11 0x00007f9727fe8898 in Fapi_Sign (context=0x55d30f2728d0, keyPath=<optimized out>, padding=0x0, digest=0x7f972858f570 '\021' <repeats 32 times>, digestSize=32, signature=0x55d30f2c1a50, signatureSize=0x55d30f29d750, publicKey=0x55d30f285080, 
    certificate=0x55d30f282180) at src/tss2-fapi/api/Fapi_Sign.c:122

The Fapi_Sing call comes from https://github.com/tpm2-software/tpm2-pytss/blob/master/src/tpm2_pytss/FAPI.py#L335

[whooo]

Sorry for the late response.
It seems from the tracebacks that the sign callback is never called or it fails in a bad way, could you try with the following print-debuggung patch applied:

diff --git a/src/tpm2_pytss/FAPI.py b/src/tpm2_pytss/FAPI.py
index d4b8c6c..dfe1636 100644
--- a/src/tpm2_pytss/FAPI.py
+++ b/src/tpm2_pytss/FAPI.py
@@ -1309,6 +1309,7 @@ class FAPI:
             signature_len,
             user_data,
         ):
+            print("sign callback_wrapper called")
             path = ffi.string(path).decode()
             description = ffi.string(description).decode()
             public_key = ffi.string(public_key).decode()
@@ -1321,6 +1322,7 @@ class FAPI:
                     ffi.unpack(ffi.cast("uint8_t *", user_data), user_data_len,)
                 )
             try:
+                print("calling wrapped sign callback")
                 signature_value = callback(
                     path,
                     description,
@@ -1330,6 +1332,7 @@ class FAPI:
                     data_to_sign,
                     user_data,
                 )
+                print("called wrapped sign callback")
             except Exception:
                 return lib.TSS2_FAPI_RC_CB_FAILURE
 
diff --git a/test/test_fapi.py b/test/test_fapi.py
index 11f2d21..d40b998 100644
--- a/test/test_fapi.py
+++ b/test/test_fapi.py
@@ -760,12 +760,14 @@ class Common:
             data_to_sign,
             user_data,
         ):
+            print("pre sign_callback assert")
             assert key_path.endswith(path)
             assert description == "PolicySigned"
             assert public_key == sign_key_public_pem
             assert public_key_hint == "Test key hint"
             assert hash_alg == lib.TPM2_ALG_SHA256
             assert user_data == b"123456"
+            print("post sign_callback assert")
 
             # signing authority signs external to TPM (via openssl) to authorize usage of key (policy Signed)
             return sign_key.sign(data_to_sign, ec.ECDSA(hashes.SHA256()))

[aplanas]

Seems that the callback is not called:

ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x00070018) 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x00070018) 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:130:Fapi_Sign() ErrorCode (0x0006002a) Key_Sign 
pre sign_callback assert
post sign_callback assert
ERROR:fapi:src/tss2-fapi/fapi_crypto.c:740:ifapi_ecc_der_sig_to_tpm() Invalid DER signature  
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:477:execute_policy_signed() ErrorCode (0x00060001) Convert der signature into TPM format 
Fatal Python error: Segmentation fault

I am wondering, this #3 0x00007f97297279e9 in free () from /lib64/libc.so.6 does not hint about a wrong free call?

[whooo]

The callback is called (pre(post sign_callback assert is from the callback), so now it seems that the signature is broken in some way and when it tries to free the signature it segfaults, could you try with (instead of the other patch):

diff --git a/src/tpm2_pytss/FAPI.py b/src/tpm2_pytss/FAPI.py
index d4b8c6c..dc8f7df 100644
--- a/src/tpm2_pytss/FAPI.py
+++ b/src/tpm2_pytss/FAPI.py
@@ -1336,6 +1336,7 @@ class FAPI:
             # signature is cleaned up by the FAPI
             signature[0] = ffi_malloc("char[]", signature_value)
             signature_len[0] = len(signature_value)
+            print("wrapper sig:", signature, signature[0], signature_len, signature_len[0])
             return lib.TPM2_RC_SUCCESS
 
         c_callback = self._register_callback(
diff --git a/test/test_fapi.py b/test/test_fapi.py
index 11f2d21..acd261f 100644
--- a/test/test_fapi.py
+++ b/test/test_fapi.py
@@ -3,6 +3,7 @@
 import random
 import string
 import sys
+from binascii import hexlify
 
 import pytest
 
@@ -768,7 +769,9 @@ class Common:
             assert user_data == b"123456"
 
             # signing authority signs external to TPM (via openssl) to authorize usage of key (policy Signed)
-            return sign_key.sign(data_to_sign, ec.ECDSA(hashes.SHA256()))
+            sig = sign_key.sign(data_to_sign, ec.ECDSA(hashes.SHA256()))
+            print("callback sig:", hexlify(sig))
+            return sig
 
         # set signing callback, will be called if policy Signed is to be satisfied
         self.fapi.set_sign_callback(callback=sign_callback, user_data=b"123456")

[aplanas]

I write prints in the first line of "callback_wrapper" and I do not see them.

abuild@localhost:~/rpmbuild/BUILD/tpm2-pytss-1.2.0> pytest-3.10 --ignore=_build.python3 -v -s test/test_fapi.py::TestFapiECC::test_policy_signed
============================================ test session starts =============================================
platform linux -- Python 3.10.5, pytest-7.1.1, pluggy-1.0.0 -- /usr/bin/python3.10
cachedir: .pytest_cache
rootdir: /home/abuild/rpmbuild/BUILD/tpm2-pytss-1.2.0
collected 1 item                                                                                             

test/test_fapi.py::TestFapiECC::test_policy_signed WARNING:fapi:src/tss2-fapi/ifapi_io.c:339:ifapi_io_check_create_dir() Directory /tmp/tmpwganufj1/policy does not exist, creating 
ERROR:fapi:src/tss2-fapi/ifapi_policy_callbacks.c:704:ifapi_sign_buffer() ErrorCode (0x0006002a) No signature callback. 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:471:execute_policy_signed() ErrorCode (0x0006002a) Execute policy signature callback. 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:1507:execute_policy_element() ErrorCode (0x0006002a) Execute policy signed 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:1722:ifapi_policyeval_execute() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/ifapi_policyutil_execute.c:296:ifapi_policyutil_execute() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/fapi_util.c:2117:ifapi_authorize_object() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/fapi_util.c:2812:ifapi_key_sign() ErrorCode (0x0006002a) Authorize signature key. 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:299:Fapi_Sign_Finish() Fapi sign. ErrorCode (0x0006002a) 
ERROR:esys:src/tss2-esys/esys_iutil.c:1096:esys_GetResourceObject() Error: Esys handle does not exist (70018). 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x00070018) 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x00070018) 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:130:Fapi_Sign() ErrorCode (0x0006002a) Key_Sign 
callback sig: b'3046022100bb21468c9f22c30f9701af79fde80bbaf4945d0b351af189cda7752f3956945c022100cdc9dd3e07bb556565c381dd21fd930b73cc25ae0480a384216a520d69fb7ed0'
ERROR:fapi:src/tss2-fapi/fapi_crypto.c:740:ifapi_ecc_der_sig_to_tpm() Invalid DER signature  
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:477:execute_policy_signed() ErrorCode (0x00060001) Convert der signature into TPM format 
Fatal Python error: Segmentation fault

Current thread 0x00007f93db6a9440 (most recent call first):
  File "/home/abuild/rpmbuild/BUILDROOT/python-tpm2-pytss-1.2.0-0.x86_64/usr/lib64/python3.10/site-packages/tpm2_pytss/FAPI.py", line 335 in sign
  File "/home/abuild/rpmbuild/BUILD/tpm2-pytss-1.2.0/test/test_fapi.py", line 780 in test_policy_signed
  File "/usr/lib/python3.10/site-packages/_pytest/python.py", line 192 in pytest_pyfunc_call
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/python.py", line 1761 in runtest
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 166 in pytest_runtest_call
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 259 in <lambda>
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 338 in from_call
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 258 in call_runtest_hook
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 219 in call_and_report
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 130 in runtestprotocol
  File "/usr/lib/python3.10/site-packages/_pytest/runner.py", line 111 in pytest_runtest_protocol
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 347 in pytest_runtestloop
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 322 in _main
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 268 in wrap_session
  File "/usr/lib/python3.10/site-packages/_pytest/main.py", line 315 in pytest_cmdline_main
  File "/usr/lib/python3.10/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/usr/lib/python3.10/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/usr/lib/python3.10/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/usr/lib/python3.10/site-packages/_pytest/config/__init__.py", line 164 in main
  File "/usr/lib/python3.10/site-packages/_pytest/config/__init__.py", line 187 in console_main
  File "/usr/bin/pytest-3.10", line 33 in <module>

Extension modules: _cffi_backend (total: 1)
Segmentation fault (core dumped)

[whooo]

I'm having a hard time figuring out exactly where it goes wrong, I have one last patch you can try, but if that doesn't tell us anything I'll try to reproduce your environment, which steps do I need to do for a similar environment in for a VM?
The patch:

diff --git a/src/tpm2_pytss/FAPI.py b/src/tpm2_pytss/FAPI.py
index d4b8c6c..02b974e 100644
--- a/src/tpm2_pytss/FAPI.py
+++ b/src/tpm2_pytss/FAPI.py
@@ -1309,18 +1309,19 @@ class FAPI:
             signature_len,
             user_data,
         ):
-            path = ffi.string(path).decode()
-            description = ffi.string(description).decode()
-            public_key = ffi.string(public_key).decode()
-            public_key_hint = ffi.string(public_key_hint).decode()
-            data_to_sign = bytes(ffi.unpack(data_to_sign, data_to_sign_len))
-            if user_data == ffi.NULL:
-                user_data = None
-            else:
-                user_data = bytes(
-                    ffi.unpack(ffi.cast("uint8_t *", user_data), user_data_len,)
-                )
             try:
+                path = ffi.string(path).decode()
+                description = ffi.string(description).decode()
+                public_key = ffi.string(public_key).decode()
+                public_key_hint = ffi.string(public_key_hint).decode()
+                data_to_sign = bytes(ffi.unpack(data_to_sign, data_to_sign_len))
+                if user_data == ffi.NULL:
+                    user_data = None
+                else:
+                    user_data = bytes(
+                        ffi.unpack(ffi.cast("uint8_t *", user_data), user_data_len,)
+                    )
+
                 signature_value = callback(
                     path,
                     description,
@@ -1330,12 +1331,14 @@ class FAPI:
                     data_to_sign,
                     user_data,
                 )
-            except Exception:
+                signature[0] = ffi_malloc("char[]", signature_value)
+                signature_len[0] = len(signature_value)
+            except Exception as e:
+                print("sign callback_wrapper: ", e)
                 return lib.TSS2_FAPI_RC_CB_FAILURE
 
             # signature is cleaned up by the FAPI
-            signature[0] = ffi_malloc("char[]", signature_value)
-            signature_len[0] = len(signature_value)
+            print(signature[0], signature_len[0])
             return lib.TPM2_RC_SUCCESS
 
         c_callback = self._register_callback(

[aplanas]

I'm having a hard time figuring out exactly where it goes wrong

It is my fault. I am providing wrong data. I realized that I am executing the code from one place and the tests for another, and I was mixing the edits. I am sorry.

I added the different patches in a single run, and this is the output now:

======================================================== test session starts ========================================================
platform linux -- Python 3.10.5, pytest-7.1.1, pluggy-1.0.0 -- /usr/bin/python3.10
cachedir: .pytest_cache
rootdir: /home/abuild/rpmbuild/BUILD/tpm2-pytss-1.2.0
collected 1 item                                                                                                                    

test/test_fapi.py::TestFapiECC::test_policy_signed WARNING:fapi:src/tss2-fapi/ifapi_io.c:339:ifapi_io_check_create_dir() Directory /tmp/tmpukax2sl8/policy does not exist, creating 
ERROR:fapi:src/tss2-fapi/ifapi_policy_callbacks.c:704:ifapi_sign_buffer() ErrorCode (0x0006002a) No signature callback. 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:471:execute_policy_signed() ErrorCode (0x0006002a) Execute policy signature callback. 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:1507:execute_policy_element() ErrorCode (0x0006002a) Execute policy signed 
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:1722:ifapi_policyeval_execute() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/ifapi_policyutil_execute.c:296:ifapi_policyutil_execute() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/fapi_util.c:2117:ifapi_authorize_object() Execute policy. ErrorCode (0x0006002a) 
ERROR:fapi:src/tss2-fapi/fapi_util.c:2812:ifapi_key_sign() ErrorCode (0x0006002a) Authorize signature key. 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:299:Fapi_Sign_Finish() Fapi sign. ErrorCode (0x0006002a) 
ERROR:esys:src/tss2-esys/esys_iutil.c:1096:esys_GetResourceObject() Error: Esys handle does not exist (70018). 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x00070018) 
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x00070018) 
ERROR:fapi:src/tss2-fapi/api/Fapi_Sign.c:130:Fapi_Sign() ErrorCode (0x0006002a) Key_Sign 
sign callback_wrapper called
calling wrapped sign callback
called wrapped sign callback
wrapper sig: <cdata 'uint8_t * *' 0x7ffd8550de00> <cdata 'uint8_t *' 0x5619769c0700> <cdata 'size_t *' 0x7ffd8550de08> 70
<cdata 'uint8_t *' 0x5619769c0700> 70
ERROR:fapi:src/tss2-fapi/fapi_crypto.c:740:ifapi_ecc_der_sig_to_tpm() Invalid DER signature  
ERROR:fapi:src/tss2-fapi/ifapi_policy_execute.c:477:execute_policy_signed() ErrorCode (0x00060001) Convert der signature into TPM format 
Fatal Python error: Segmentation fault

Current thread 0x00007f660fa06440 (most recent call first):
  File "/home/abuild/rpmbuild/BUILDROOT/python-tpm2-pytss-1.2.0-0.x86_64/usr/lib64/python3.10/site-packages/tpm2_pytss/FAPI.py", line 335 in sign

[whooo]

I'm sadly a bit stuck on this issue, if I want to setup a VM to reproduce which distribution do I need to run and are there any other steps I need to take?