如何利用openssl定义新的数据结构

        依赖openssl实现国密相关的结构时，虽然openssl中也有类似结构定义，但因为oid的差异、国密算法支持度不高等原因导致无法直接使用openssl接口，这时就需要自定义数据结构。

实战：依据GMT0033定义时间戳响应

// 定义数据结构
typedef struct SignerInfo_st {
  ASN1_INTEGER *version;
  PKCS7_ISSUER_AND_SERIAL *issuerAndSerialNumber;
  X509_ALGOR *digestAlgorithm;
  STACK_OF(X509_ATTRIBUTE) *authenticatedAttributes;
  X509_ALGOR *digestEncryptionAlgorithm;
  ASN1_OCTET_STRING *encryptedDigest;
  STACK_OF(X509_ATTRIBUTE) *unauthenticatedAttributes;
} SIGNERINFO;

typedef struct Data_st {
  ASN1_OBJECT *contentType;
  ASN1_OCTET_STRING *data;
} DATA;

typedef struct SignedData_st {
  ASN1_INTEGER *version;
  STACK_OF(X509_ALGOR) *digestAlgorithms;
  DATA *contentInfo;
  STACK_OF(X509) *certificates;
  STACK_OF(X509_CRL) *crls;
  STACK_OF(SIGNERINFO) *signerInfos;
} SIGNEDDATA;

typedef struct ContentInfo_st {
  ASN1_OBJECT *contentType;
  SIGNEDDATA *content;
} CONTENTINFO;

typedef struct PKIStatusInfo_st {
  ASN1_INTEGER *status;
  ASN1_UTF8STRING *statusString;
  ASN1_BIT_STRING *failInfo;
} PKISTATUSINFO;

typedef struct TSResp_st {
  PKISTATUSINFO *statusInfo;
  CONTENTINFO *tstoken;
} TSRESP;

// 声明四个基本函数，xx_new/xx_free/i2d_xx/d2i_xx
DECLARE_ASN1_FUNCTIONS(SIGNERINFO)
DECLARE_ASN1_FUNCTIONS(DATA)
DECLARE_ASN1_FUNCTIONS(SIGNEDDATA)
DECLARE_ASN1_FUNCTIONS(CONTENTINFO)
DECLARE_ASN1_FUNCTIONS(PKISTATUSINFO)
DECLARE_ASN1_FUNCTIONS(TSRESP)

DEFINE_STACK_OF(SIGNERINFO)

// 定义ASN1结构
ASN1_SEQUENCE(SIGNERINFO) = {
  // ASN1_SIMPLE 简单类型或者结构类型，且是必须项
  ASN1_SIMPLE(SIGNERINFO, version, ASN1_INTEGER),
  ASN1_SIMPLE(SIGNERINFO, issuerAndSerialNumber, PKCS7_ISSUER_AND_SERIAL),
  ASN1_SIMPLE(SIGNERINFO, digestAlgorithm, X509_ALGOR),
  // IMP 隐式标记；OPT 可选项；SEQUENCE_OF sequence序列
  ASN1_IMP_SEQUENCE_OF_OPT(SIGNERINFO, authenticatedAttributes, X509_ATTRIBUTE, 0),
  ASN1_SIMPLE(SIGNERINFO, digestEncryptionAlgorithm, X509_ALGOR),
  ASN1_SIMPLE(SIGNERINFO, encryptedDigest, ASN1_OCTET_STRING),
  ASN1_IMP_SET_OF_OPT(SIGNERINFO, unauthenticatedAttributes, X509_ATTRIBUTE, 1)
} ASN1_SEQUENCE_END(SIGNERINFO)
// 实现四个基本函数
IMPLEMENT_ASN1_FUNCTIONS(SIGNERINFO)

ASN1_SEQUENCE(DATA) = {
  ASN1_SIMPLE(DATA, contentType, ASN1_OBJECT),
  ASN1_EXP_OPT(DATA, data, ASN1_OCTET_STRING, 0)
} ASN1_SEQUENCE_END(DATA)
IMPLEMENT_ASN1_FUNCTIONS(DATA)

ASN1_SEQUENCE(SIGNEDDATA) = {
  ASN1_SIMPLE(SIGNEDDATA, version, ASN1_INTEGER),
  ASN1_SET_OF(SIGNEDDATA, digestAlgorithms, X509_ALGOR),
  ASN1_SIMPLE(SIGNEDDATA, contentInfo, GMT0010_DATA),
  ASN1_IMP_SEQUENCE_OF_OPT(SIGNEDDATA, certificates, X509, 0),
  ASN1_IMP_SET_OF_OPT(SIGNEDDATA, crls, X509_CRL, 1),
  ASN1_SET_OF(SIGNEDDATA, signerInfos, GMT0010_SIGNER_INFO),
} ASN1_SEQUENCE_END(SIGNEDDATA)
// 实现四个基本函数
IMPLEMENT_ASN1_FUNCTIONS(SIGNEDDATA)

ASN1_SEQUENCE(CONTENTINFO) = {
  ASN1_SIMPLE(CONTENTINFO, contentType, ASN1_OBJECT),
  ASN1_EXP_OPT(CONTENTINFO, content, GMT0010_SIGNED_DATA, 0)
} ASN1_SEQUENCE_END(CONTENTINFO)
// 实现四个基本函数
IMPLEMENT_ASN1_FUNCTIONS(CONTENTINFO)

ASN1_SEQUENCE(PKISTATUSINFO) = {
  ASN1_SIMPLE(PKISTATUSINFO, status, ASN1_INTEGER),
  ASN1_SEQUENCE_OF_OPT(PKISTATUSINFO, statusString, ASN1_UTF8STRING),
  ASN1_OPT(PKISTATUSINFO, failInfo, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(PKISTATUSINFO)
// 实现四个基本函数
IMPLEMENT_ASN1_FUNCTIONS(PKISTATUSINFO)

ASN1_SEQUENCE(TSRESP) = {
  ASN1_SIMPLE(TSRESP, statusInfo, GMT0033_PKI_STATUS_INFO),
  ASN1_OPT(TSRESP, tstoken, GMT0010_CONTENT_INFO)
} ASN1_SEQUENCE_END(TSRESP)
// 实现四个基本函数
IMPLEMENT_ASN1_FUNCTIONS(TSRESP)