Add support for specifying PKCS#12 MAC parameters

[paihu]

Issue #654 closed but it doesn't seem to be resolved.

Here's what we created using the legacy provider:

openssl pkcs12 -in xx.p12 -info -noout -legacy
Enter Import Password:
MAC: sha256, Iteration 1
MAC length: 32, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

It uses sha256 instead of sha1.

current OpenSSL::PKCS12.create not support -macalg

pyca/cryptography#7293 (comment)

[rhenium]

You are right, the example code provided in #654 had another error and I skipped the main question.

Should we add a binding for PKCS12_set_mac()?

[paihu]

I think adding the PKCS12_set_mac() binding would be beneficial to maintain backward compatibility with legacy OpenSSL.