From 62261fe0993199085c797997cb4273851fef40f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Nov 2023 05:02:06 +0000
Subject: [PATCH 1/2] Bump software.sslmate.com/src/go-pkcs12 from 0.2.1 to
 0.4.0

Bumps software.sslmate.com/src/go-pkcs12 from 0.2.1 to 0.4.0.

---
updated-dependencies:
- dependency-name: software.sslmate.com/src/go-pkcs12
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d4570154..e02abf7c 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651
 	github.com/wagoodman/go-progress v0.0.0-20220614130704-4b1c25a33c7c
-	software.sslmate.com/src/go-pkcs12 v0.2.1
+	software.sslmate.com/src/go-pkcs12 v0.4.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 307b2eb6..3eda0d4e 100644
--- a/go.sum
+++ b/go.sum
@@ -709,5 +709,5 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-software.sslmate.com/src/go-pkcs12 v0.2.1 h1:tbT1jjaeFOF230tzOIRJ6U5S1jNqpsSyNjzDd58H3J8=
-software.sslmate.com/src/go-pkcs12 v0.2.1/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
+software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=
+software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=

From 914957c4f07c12038f23c75e20181ccf1d84cc25 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Mon, 6 Nov 2023 09:41:07 -0500
Subject: [PATCH 2/2] feat: update library usage to migrate to new Modern2023
 implementation of pkcs12

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 cmd/quill/cli/commands/p12_attach_chain.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/cmd/quill/cli/commands/p12_attach_chain.go b/cmd/quill/cli/commands/p12_attach_chain.go
index dc0851dc..5dc35b57 100644
--- a/cmd/quill/cli/commands/p12_attach_chain.go
+++ b/cmd/quill/cli/commands/p12_attach_chain.go
@@ -1,7 +1,6 @@
 package commands
 
 import (
-	"crypto/rand"
 	"crypto/x509"
 	"fmt"
 	"os"
@@ -104,7 +103,7 @@ func writeP12WithChain(p12Path, password, keychainPath string, failWithoutFullCh
 	}
 	certs = append(certs, remainingCerts...)
 
-	p12Bytes, err := pkcs12.Encode(rand.Reader, p12Contents.PrivateKey, p12Contents.Certificate, certs, password)
+	p12Bytes, err := pkcs12.Modern2023.Encode(p12Contents.PrivateKey, p12Contents.Certificate, certs, password)
 	if err != nil {
 		return "", fmt.Errorf("unable to encode p12 file: %w", err)
 	}