PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, PKCS12_set_pbmac1_pbkdf2, PKCS12_verify_mac,

       IETF RFC 7292 (<https://tools.ietf.org/html/rfc7292>) IETF RFC 9579
       (<https://tools.ietf.org/html/rfc9579>)

       Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use this file except in compliance
       with the License.  You can obtain a copy in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.5.0                                              2025-06-04                               PKCS12_GEN_MAC(3SSL)

PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the supplied password along with
       a set of already configured parameters.  The default key generation mechanism used is PKCS12KDF.

       PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied password.

       PKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied parameters.

       PKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object.  PKCS12_set_pbmac1_pbkdf2()
       sets the MAC and MAC parameters into the PKCS#12 object when PBMAC1 with PBKDF2 is used for protection of
       the PKCS#12 object.

       pass is the passphrase to use in the HMAC. salt is the salt value to use, iter is the iteration count and
       md_type is the message digest function to use. prf_md_name specifies the digest used for the PBKDF2 in
       PBMAC1 KDF.

       PKCS12_get0_mac() retrieves any included MAC value, X509_ALGOR object, salt, and iter count from the
       PKCS12 object.

       The PKCS12_set_pbmac1_pbkdf2 function was added in OpenSSL 3.4.

       PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, PKCS12_set_pbmac1_pbkdf2, PKCS12_verify_mac,
       PKCS12_get0_mac - Functions to create and manipulate a PKCS#12 MAC structure

       If salt is NULL then a suitable salt will be generated and used.

       If iter is 1 then an iteration count will be omitted from the PKCS#12 structure.

       PKCS12_gen_mac(), PKCS12_verify_mac(), PKCS12_set_mac() and PKCS12_set_pbmac1_pbkdf2() make assumptions
       regarding the encoding of the given passphrase. See passphrase-encoding(7) for more information.

       All functions returning an integer return 1 on success and 0 if an error occurred.

d2i_PKCS12(3), EVP_KDF-PKCS12KDF(7), PKCS12_create(3), passphrase-encoding(7)

        #include <openssl/pkcs12.h>

        int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                           unsigned char *mac, unsigned int *maclen);
        int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
        int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
                           unsigned char *salt, int saltlen, int iter,
                           const EVP_MD *md_type);
        int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
                                          unsigned char *salt, int saltlen, int iter,
                                          const EVP_MD *md_type,
                                          const char *prf_md_name);
        int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
                             int saltlen, const EVP_MD *md_type);

        void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
                             const X509_ALGOR **pmacalg,
                             const ASN1_OCTET_STRING **psalt,
                             const ASN1_INTEGER **piter,
                             const PKCS12 *p12);