use another pkcs12 library to fix #443

OJ · Sep 8, 2023 · d4c93a4 · d4c93a4
1 parent 84697b7
commit d4c93a4
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -32,6 +32,7 @@ All funds that are donated to this project will be donated to charity. A full lo
 - renamed `show-cname` to `check-cname` in dns mode
 - get rid of `verbose` flag
 - the version command now also shows some build variables for more info
+- switched to another pkcs12 library to support p12s generated with openssl3 that use SHA256 HMAC
 
 ## 3.6
 

diff --git a/cli/options.go b/cli/options.go
@@ -3,7 +3,6 @@ package cli
 import (
 	"bufio"
 	"crypto/tls"
-	"encoding/pem"
 	"fmt"
 	"os"
 	"regexp"
@@ -15,8 +14,8 @@ import (
 	"github.com/OJ/gobuster/v3/libgobuster"
 	"github.com/fatih/color"
 	"github.com/urfave/cli/v2"
-	"golang.org/x/crypto/pkcs12"
 	"golang.org/x/term"
+	"software.sslmate.com/src/go-pkcs12"
 )
 
 func BasicHTTPOptions() []cli.Flag {
@@ -72,19 +71,14 @@ func ParseBasicHTTPOptions(c *cli.Context) (libgobuster.BasicHTTPOptions, error)
 		if err != nil {
 			return opts, fmt.Errorf("could not read p12 %s: %w", p12File, err)
 		}
-		blocks, err := pkcs12.ToPEM(p12Content, p12Pass)
+		privKey, pubKey, _, err := pkcs12.DecodeChain(p12Content, p12Pass)
 		if err != nil {
 			return opts, fmt.Errorf("could not load P12: %w", err)
 		}
-		var pemData []byte
-		for _, b := range blocks {
-			pemData = append(pemData, pem.EncodeToMemory(b)...)
+		opts.TLSCertificate = &tls.Certificate{
+			Certificate: [][]byte{pubKey.Raw},
+			PrivateKey:  privKey,
 		}
-		cert, err := tls.X509KeyPair(pemData, pemData)
-		if err != nil {
-			return opts, fmt.Errorf("could not load certificate from P12: %w", err)
-		}
-		opts.TLSCertificate = &cert
 	}
 
 	return opts, nil

diff --git a/go.mod b/go.mod
@@ -7,8 +7,8 @@ require (
 	github.com/google/uuid v1.3.1
 	github.com/pin/tftp/v3 v3.0.0
 	github.com/urfave/cli/v2 v2.25.7
-	golang.org/x/crypto v0.12.0
 	golang.org/x/term v0.12.0
+	software.sslmate.com/src/go-pkcs12 v0.2.1
 )
 
 require (
@@ -17,6 +17,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/crypto v0.13.0 // indirect
+	golang.org/x/net v0.15.0 // indirect
 	golang.org/x/sys v0.12.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -18,11 +18,11 @@ github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6S
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -31,3 +31,5 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+software.sslmate.com/src/go-pkcs12 v0.2.1 h1:tbT1jjaeFOF230tzOIRJ6U5S1jNqpsSyNjzDd58H3J8=
+software.sslmate.com/src/go-pkcs12 v0.2.1/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=