Issue-973 (part1) - Removing direct dependency on BouncyCastle librar…

build.gradle

@@ -86,8 +86,8 @@ testing {
       useJUnitJupiter()
       dependencies {
         implementation "org.slf4j:slf4j-api:2.0.13"
-        implementation 'org.spockframework:spock-core:2.3-groovy-3.0'
-        implementation "org.mockito:mockito-core:4.11.0"
+        implementation "org.spockframework:spock-core:2.4-M5-groovy-4.0"
+        implementation "org.mockito:mockito-core:5.15.2"
         implementation "org.assertj:assertj-core:3.24.2"
         implementation "ru.vyarus:spock-junit5:1.2.0"
         implementation "org.apache.sshd:sshd-core:$sshdVersion"

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

src/main/java/net/schmizz/sshj/DefaultConfig.java

@@ -59,7 +59,8 @@
  * net.schmizz.sshj.transport.mac.HMACMD596}</li>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setKeyAlgorithms KeyAlgorithm}: {@link net.schmizz.sshj.signature.SignatureRSA}, {@link net.schmizz.sshj.signature.SignatureDSA}</li>
- * <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory PRNG}: {@link net.schmizz.sshj.transport.random.BouncyCastleRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory BC}: {@link net.schmizz.sshj.transport.random.BouncyCastleRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory BCFIPS}: {@link net.schmizz.sshj.transport.random.BouncyCastleFipsRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setFileKeyProviderFactories Key file support}: {@link net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile}*, {@link
  * net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile}*</li>
  * <li>{@link net.schmizz.sshj.ConfigImpl#setVersion Client version}: {@code "NET_3_0"}</li>

src/main/java/net/schmizz/sshj/transport/random/BouncyCastleFipsRandom.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.random;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+
+/**
+ * BouncyCastle <code>Random</code>. This pseudo random number generator uses BouncyCastle fips.
+ * The JRE random will be used when creating a new generator to add some random data to the seed.
+ */
+public class BouncyCastleFipsRandom
+        implements Random {
+
+    private static final Logger logger = LoggerFactory.getLogger(BouncyCastleFipsRandom.class);
+
+    /** Named factory for the BouncyCastle <code>Random</code> */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory<Random> {
+
+        @Override
+        public Random create() {
+            return new BouncyCastleFipsRandom();
+        }
+
+    }
+    private byte[] tmp = new byte[16];
+    private final SecureRandom random;
+
+    public BouncyCastleFipsRandom() {
+        logger.info("Generating random seed from SecureRandom of BCFIPS.");
+        long t = System.currentTimeMillis();
+        try {
+            // Use SecureRandom with the BCFIPS provider
+            random = SecureRandom.getInstance("DEFAULT", "BCFIPS");
+        } catch (NoSuchProviderException e) {
+            throw new RuntimeException("BCFIPS provider is not available", e);
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to initialize SecureRandom with BCFIPS provider", e);
+        }
+        logger.debug("Creating random seed took {} ms", System.currentTimeMillis() - t);
+    }
+
+    @Override
+    public synchronized void fill(byte[] bytes, int start, int len) {
+        if (start == 0 && len == bytes.length) {
+            random.nextBytes(bytes);
+        } else {
+            synchronized (this) {
+                if (len > tmp.length) tmp = new byte[len];
+                random.nextBytes(tmp);
+                System.arraycopy(tmp, 0, bytes, start, len);
+            }
+        }
+    }
+
+    @Override
+    public void fill(byte[] bytes) {
+        random.nextBytes(bytes);
+    }
+
+}

src/main/java/net/schmizz/sshj/transport/random/BouncyCastleRandom.java

@@ -15,15 +15,14 @@
  */
 package net.schmizz.sshj.transport.random;
 
-import org.bouncycastle.crypto.prng.RandomGenerator;
-import org.bouncycastle.crypto.prng.VMPCRandomGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 
 /**
- * BouncyCastle <code>Random</code>. This pseudo random number generator uses the a very fast PRNG from BouncyCastle.
+ * BouncyCastle <code>Random</code>. This pseudo random number generator uses BouncyCastle non fips.
  * The JRE random will be used when creating a new generator to add some random data to the seed.
  */
 public class BouncyCastleRandom
@@ -41,21 +40,35 @@ public Random create() {
         }
 
     }
+    private byte[] tmp = new byte[16];
+    private final SecureRandom random;
 
-    private final RandomGenerator random = new VMPCRandomGenerator();
-
-    public BouncyCastleRandom() {
-        logger.info("Generating random seed from SecureRandom.");
-        long t = System.currentTimeMillis();
-        byte[] seed = new SecureRandom().generateSeed(8);
-        logger.debug("Creating random seed took {} ms", System.currentTimeMillis() - t);
-        random.addSeedMaterial(seed);
+  public BouncyCastleRandom() {
+    logger.info("Generating random seed from SecureRandom of BC.");
+    long t = System.currentTimeMillis();
+    try {
+      // Use SecureRandom with the BC provider
+      random = SecureRandom.getInstance("DEFAULT", "BC");
+    } catch (NoSuchProviderException e) {
+      throw new RuntimeException("BC provider is not in the classpath", e);
+    } catch (Exception e) {
+      throw new RuntimeException("Failed to initialize SecureRandom with BC provider", e);
     }
+    logger.debug("Creating random seed took {} ms", System.currentTimeMillis() - t);
+  }
 
-    @Override
-    public void fill(byte[] bytes, int start, int len) {
-        random.nextBytes(bytes, start, len);
+  @Override
+  public synchronized void fill(byte[] bytes, int start, int len) {
+    if (start == 0 && len == bytes.length) {
+      random.nextBytes(bytes);
+    } else {
+      synchronized (this) {
+        if (len > tmp.length) tmp = new byte[len];
+        random.nextBytes(tmp);
+        System.arraycopy(tmp, 0, bytes, start, len);
+      }
     }
+  }
 
     @Override
     public void fill(byte[] bytes) {