For more security spongycastle -> bouncycastle

[Neustradamus]

For more security, can you change old spongycastle (based on old bouncycastle) to bouncycastle?

• https://www.bouncycastle.org/
• https://www.bouncycastle.org/releasenotes.html
• http://www.bouncycastle.org/latest_releases.html
• https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bouncy%20castle
• https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=bouncycastle
• https://www.cvedetails.com/vulnerability-list/vendor_id-7637/Bouncycastle.html

[esaulpaugh]

Sure; I was probably going to ditch spongycastle eventually anyway. https://github.com/esaulpaugh/headlong/commit/1fa753af853df5bcf309b9cd42c84038ab8bc813

[Neustradamus]

@esaulpaugh: Thanks! Please do not close it before integration of BouncyCastle.

[esaulpaugh]

spongycastle was only used for tests and bouncycastle 1.65 is already a dependency

[Neustradamus]

@esaulpaugh: Ok! No tests with BouncyCastle?

[esaulpaugh]

bouncycastle is used in main and test https://github.com/esaulpaugh/headlong/blob/87474b767c6fd2cda4bd431d6e2dfbdff29cb09d/src/main/java/com/esaulpaugh/headlong/abi/util/WrappedKeccak.java but only bcprov-jdk15on v1.65

[Neustradamus]

@esaulpaugh: Perfect :)