Applying the openCryptoki 2.4-0.11.1 patch breaks results in the following error when trying to access the crypto engine:
Error initializing the PKCS11 library: 0x6 (CKR_FUNCTION_FAILED)
The issue has been reported to engineering, but the following workaround will remedy the issue:
In a terminal logged in as root, browse to the /var/lock folder and change the permissions on the opencryptoki folder form 700 to 770. This will allow group read/write/execute permissions to the folder, which the group needs for openCryptoki to work.
1. cd /var/lock
2. chmod 770 opencryptoki
When looking at the long out put file permissions it should look like:
drwxrwx--- 2 root pkcs11 4096 Nov 14 23:49 opencryptoki/
When installed openCryptoki 2.4-0.11.1 creates a folder
/var/lock/opencryptoki. Upon creation, the default permissions are set
drwx------ 2 root pkcs11 4096 Nov 14 23:49 opencryptoki/
which does not allow group access to the directory for pksc11. Without group access, root is the only user that can use the crypto engine.