Golang x/crypto/pkcs12: unknown digest algorithm 2.16.840.1.101.3.4.2.1

What version of Go are you using (go version)?

$ go version
go version go1.21.0 windows/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env
Can provide if necessary, but can't copy-paste right now.
Relevant Info should be in `go version`?

What did you do?

package main

import (
    "os"

    "golang.org/x/crypto/pkcs12" // version 0.12.0 (latest as of time of writing)
)

func main() {
    pfxData, err := os.ReadFile("./path/to/my/pfx")
    if err != nil {
        panic(err)
    }

    _, err := pkcs12.ToPEM(pfxData, "my-password")
    if err != nil {
        panic(err)  // <- error here
    }
}

What did you expect to see?

successfully getting the pem blocks

What did you see instead?

panic: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1

It seems like x/crypto does not support the algorithms defined in https://oidref.com/2.16.840.1.101.3.4.2.1 In x/crypto/pkcs12/mac.go verifyMac it expects the macData.Mac.Algorithm.Algorithm to be 1.3.14.3.2.26 and thus errors with "unknown digest algorithm".

Comment From: dmitshur

CC @golang/security.

Comment From: slynickel

(not part of the group that manages issues on this repo)

This issue can likely be closed. The doc header of crypto/pkcs12 states:

// This package is frozen. If it's missing functionality you need, consider
// an alternative like software.sslmate.com/src/go-pkcs12.

No changes are likely to be made, finding an alternative would be a better approach.

Comment From: gopherbot

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)