After upgrading the Oracle Solaris hosts used by our CI pipelines from 11.4.70.170.1 to 11.4.83.195.1, PKCS#11 signature verification via the default SunPKCS11-Solaris provider regressed. Calls to C_Verify/C_VerifyFinal that previously returned specific error codes for invalid signatures (CKR_SIGNATURE_INVALID or CKR_ATTRIBUTE_VALUE_INVALID) now return CKR_FUNCTION_FAILED. This breaks tests and application logic in CI that rely on specific error codes to detect and handle invalid signatures.

Many tests were impacted by this upgrade, for example:
- java/security/Signature/SignatureLength.java
- sun/security/pkcs11/ec/TestECDSA.java
- sun/security/pkcs11/ec/TestCurves.java
- sun/security/pkcs11/ec/ReadCertificates.java

Affected versions:
- Works as expected on Oracle Solaris 11.4.70.170.1
- Regresses on Oracle Solaris 11.4.83.195.1

We observed the following behaviors:
- Invalid signature verification returns ProviderException caused by PKCS11Exception: CKR_FUNCTION_FAILED
- Tests that expect CKR_SIGNATURE_INVALID or CKR_ATTRIBUTE_VALUE_INVALID now fail due to the generic CKR_FUNCTION_FAILED


Here is an example stack trace:
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_FAILED
at sun.security.pkcs11.P11Signature.engineVerify(P11Signature.java:682)
at java.security.Signature$Delegate.engineVerify(Signature.java:1393)
at java.security.Signature.verify(Signature.java:770)
at TestECDSA.verify(TestECDSA.java:87)
at TestECDSA.test(TestECDSA.java:180)
at TestECDSA.main(TestECDSA.java:157)
at PKCS11Test.premain(PKCS11Test.java:880)
at PKCS11Test.testDefault(PKCS11Test.java:256)
at PKCS11Test.main(PKCS11Test.java:171)
at PKCS11Test.main(PKCS11Test.java:142)