--- old/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Digest.java	Fri Sep 30 01:32:59 2016
+++ new/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Digest.java	Fri Sep 30 01:32:59 2016
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,8 @@
 
 import sun.nio.ch.DirectBuffer;
 
+import sun.security.util.MessageDigestSpi2;
+
 import sun.security.pkcs11.wrapper.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
@@ -49,7 +51,8 @@
  * @author  Andreas Sterbenz
  * @since   1.5
  */
-final class P11Digest extends MessageDigestSpi implements Cloneable {
+final class P11Digest extends MessageDigestSpi implements Cloneable,
+    MessageDigestSpi2 {
 
     /* fields initialized, no session acquired */
     private final static int S_BLANK    = 1;
@@ -233,10 +236,11 @@
     }
 
     // Called by SunJSSE via reflection during the SSL 3.0 handshake if
-    // the master secret is sensitive. We may want to consider making this
-    // method public in a future release.
-    protected void implUpdate(SecretKey key) throws InvalidKeyException {
-
+    // the master secret is sensitive.
+    // Note: Change to protected after this method is moved from
+    // sun.security.util.MessageSpi2 interface to
+    // java.security.MessageDigestSpi class
+    public void engineUpdate(SecretKey key) throws InvalidKeyException {
         // SunJSSE calls this method only if the key does not have a RAW
         // encoding, i.e. if it is sensitive. Therefore, no point in calling
         // SecretKeyFactory to try to convert it. Just verify it ourselves.