* include/ntsecpkg.h: New file.

	* include/schannel.h: New file.
	* include/schnlsp.h: New file.
	* include/security.h: New file.
	* include/sspi.h: New file.
	* include/ntsecapi.h (KERB_WRAP_NO_ENCRYPT,
	MICROSOFT_KERBEROS_NAME_[AW]): Add missing constants
	* include/wincrypt.h (CALG_*, X509_ASN_ENCODING.
	PKCS_7_ASN_ENCODING, CERT_*, USAGE_MATCH_TYPE_AND,
	USAGE_MATCH_TYPE_OR, szOID_*): Add missing constants
	(struct _CRYPTOAPI_BLOB): Add structure and typedefs.
	(SSL_EXTRA_CERT_CHAIN_POLICY_PARA,HTTPSPolicyCallbackData,
	CERT_CHAIN_POLICY_PARA,CERT_CHAIN_POLICY_STATUS,
	CRYPT_ALGORITHM_IDENTIFIER, CRYPT_BIT_BLOB,
	CERT_PUBLIC_KEY_INFO, CERT_EXTENSION, CERT_INFO, CERT_CONTEXT,
	CTL_USAGE, CERT_ENHKEY_USAGE, CERT_USAGE_MATCH,
	CERT_CHAIN_PARA, CERT_CHAIN_FIND_BY_ISSUER_PARA,
	CERT_TRUST_STATUS, CRL_ENTRY, CRL_INFO, CRL_CONTEXT,
	CERT_REVOCATION_CRL_INFO, CERT_REVOCATION_INFO,
	CERT_CHAIN_ELEMENT, CRYPT_ATTRIBUTE, CTL_ENTRY, CTL_INFO,
	CTL_CONTEXT, CERT_TRUST_LIST_INFO, CERT_SIMPLE_CHAIN,
	CERT_CHAIN_CONTEXT): Add missing structures.
	(CertCloseStore, CertGetCertificateChain,
	CertVerifyCertificateChainPolicy, CertFreeCertificateChain,
	CertNameToStr[AW], CertOpenSystemStore[AW], CertOpenStore,
	CertFindCertificateInStore, CertFreeCertificateContext,
	CertGetIssuerCertificateFromStore,
	CertFindChainInStore): Add missing functions.
	(CertNameToStr, CertOpenSystemStore, CERT_FIND_SUBJECT_STR,
	CERT_FIND_ISSUER_STR): Add Unicode mappings.
	* lib/crypt32.def: New file.
	* lib/secur32.def: Add mising stubs.
	* lib/test.c: Include new headers.

11 files changed, 953 insertions, 1 deletions

diff --git a/winsup/w32api/ChangeLog b/winsup/w32api/ChangeLog
index e84ca53a8..cccf09408 100644
--- a/winsup/w32api/ChangeLog
+++ b/winsup/w32api/ChangeLog
@@ -1,3 +1,39 @@
+2002-02-14 Mattia Barbon  <mbarbon@users.sourceforge.net>
+
+	* include/ntsecpkg.h: New file.
+	* include/schannel.h: New file.
+	* include/schnlsp.h: New file.
+	* include/security.h: New file.
+	* include/sspi.h: New file.
+	* include/ntsecapi.h (KERB_WRAP_NO_ENCRYPT,
+	MICROSOFT_KERBEROS_NAME_[AW]): Add missing constants
+	* include/wincrypt.h (CALG_*, X509_ASN_ENCODING.
+	PKCS_7_ASN_ENCODING, CERT_*, USAGE_MATCH_TYPE_AND,
+	USAGE_MATCH_TYPE_OR, szOID_*): Add missing constants
+	(struct _CRYPTOAPI_BLOB): Add structure and typedefs.
+	(SSL_EXTRA_CERT_CHAIN_POLICY_PARA,HTTPSPolicyCallbackData,
+	CERT_CHAIN_POLICY_PARA,CERT_CHAIN_POLICY_STATUS,
+	CRYPT_ALGORITHM_IDENTIFIER, CRYPT_BIT_BLOB,
+	CERT_PUBLIC_KEY_INFO, CERT_EXTENSION, CERT_INFO, CERT_CONTEXT,
+	CTL_USAGE, CERT_ENHKEY_USAGE, CERT_USAGE_MATCH,
+	CERT_CHAIN_PARA, CERT_CHAIN_FIND_BY_ISSUER_PARA,
+	CERT_TRUST_STATUS, CRL_ENTRY, CRL_INFO, CRL_CONTEXT,
+	CERT_REVOCATION_CRL_INFO, CERT_REVOCATION_INFO,
+	CERT_CHAIN_ELEMENT, CRYPT_ATTRIBUTE, CTL_ENTRY, CTL_INFO,
+	CTL_CONTEXT, CERT_TRUST_LIST_INFO, CERT_SIMPLE_CHAIN,
+	CERT_CHAIN_CONTEXT): Add missing structures.
+	(CertCloseStore, CertGetCertificateChain,
+	CertVerifyCertificateChainPolicy, CertFreeCertificateChain,
+	CertNameToStr[AW], CertOpenSystemStore[AW], CertOpenStore,
+	CertFindCertificateInStore, CertFreeCertificateContext,
+	CertGetIssuerCertificateFromStore,
+	CertFindChainInStore): Add missing functions.
+	(CertNameToStr, CertOpenSystemStore, CERT_FIND_SUBJECT_STR,
+	CERT_FIND_ISSUER_STR): Add Unicode mappings.
+	* lib/crypt32.def: New file.
+	* lib/secur32.def: Add mising stubs.
+	* lib/test.c: Include new headers.
+
 2002-02-14  Danny Smith  <dannysmith@users.sourceforge.net>
 
 	* include/windef.h (PROC,FARPROC,NEARPROC): Remove void
diff --git a/winsup/w32api/include/ntsecapi.h b/winsup/w32api/include/ntsecapi.h
index b752f7ab0..a5c81f908 100644
--- a/winsup/w32api/include/ntsecapi.h
+++ b/winsup/w32api/include/ntsecapi.h
@@ -3,6 +3,7 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
+#define KERB_WRAP_NO_ENCRYPT 0x80000001
 #define LOGON_GUEST 1
 #define LOGON_NOENCRYPTION 2
 #define LOGON_CACHED_ACCOUNT 4
@@ -19,6 +20,8 @@ extern "C" {
 #define LSA_MODE_MANDATORY_ACCESS 3
 #define LSA_MODE_LOG_FULL 4
 #define LSA_SUCCESS(x) ((LONG)(x)>=0)
+#define MICROSOFT_KERBEROS_NAME_A "Kerberos"
+#define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 32
 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 2048
 #define MSV1_0_CHALLENGE_LENGTH 8
diff --git a/winsup/w32api/include/ntsecpkg.h b/winsup/w32api/include/ntsecpkg.h
new file mode 100644
index 000000000..4e7696b98
--- /dev/null
+++ b/winsup/w32api/include/ntsecpkg.h
@@ -0,0 +1,41 @@
+#ifndef _NTSECPKG_H
+#define _NTSECPKG_H
+
+#define ISC_REQ_DELEGATE 1
+#define ISC_REQ_MUTUAL_AUTH 2
+#define ISC_REQ_REPLAY_DETECT 4
+#define ISC_REQ_SEQUENCE_DETECT 8
+#define ISC_REQ_CONFIDENTIALITY  16
+#define ISC_REQ_USE_SESSION_KEY 32
+#define ISC_REQ_PROMPT_FOR_CREDS 64
+#define ISC_REQ_USE_SUPPLIED_CREDS  128
+#define ISC_REQ_ALLOCATE_MEMORY 256
+#define ISC_REQ_USE_DCE_STYLE 512
+#define ISC_REQ_DATAGRAM 1024
+#define ISC_REQ_CONNECTION 2048
+#define ISC_REQ_EXTENDED_ERROR 16384
+#define ISC_REQ_STREAM 32768
+#define ISC_REQ_INTEGRITY 65536
+#define ISC_REQ_MANUAL_CRED_VALIDATION 524288
+#define ISC_REQ_HTTP  268435456
+
+#define ISC_RET_EXTENDED_ERROR 16384
+
+#define ASC_REQ_DELEGATE 1
+#define ASC_REQ_MUTUAL_AUTH 2
+#define ASC_REQ_REPLAY_DETECT 4
+#define ASC_REQ_SEQUENCE_DETECT 8
+#define ASC_REQ_CONFIDENTIALITY 16
+#define ASC_REQ_USE_SESSION_KEY 32
+#define ASC_REQ_ALLOCATE_MEMORY 256
+#define ASC_REQ_USE_DCE_STYLE 512
+#define ASC_REQ_DATAGRAM 1024
+#define ASC_REQ_CONNECTION 2048
+#define ASC_REQ_EXTENDED_ERROR 32768
+#define ASC_REQ_STREAM 65536
+#define ASC_REQ_INTEGRITY 131072
+
+#define SECURITY_NATIVE_DREP  16
+#define SECURITY_NETWORK_DREP 0
+
+#endif /* _NTSECPKG_H */
diff --git a/winsup/w32api/include/schannel.h b/winsup/w32api/include/schannel.h
new file mode 100644
index 000000000..ae16a4547
--- /dev/null
+++ b/winsup/w32api/include/schannel.h
@@ -0,0 +1,87 @@
+#ifndef _SCHANNEL_H
+#define _SCHANNEL_H
+
+#include <wincrypt.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SCHANNEL_CRED_VERSION 4
+#define SCHANNEL_SHUTDOWN 1
+/* ? Do these belong here or in wincrypt.h */
+#define AUTHTYPE_CLIENT 1
+#define AUTHTYPE_SERVER 2
+
+#define SP_PROT_TLS1_CLIENT 128
+#define SP_PROT_TLS1_SERVER 64
+#define SP_PROT_SSL3_CLIENT 32
+#define SP_PROT_SSL3_SERVER 16
+#define SP_PROT_SSL2_CLIENT 8
+#define SP_PROT_SSL2_SERVER 4
+#define SP_PROT_PCT1_SERVER 1
+#define SP_PROT_PCT1_CLIENT 2
+
+#define SP_PROT_PCT1 (SP_PROT_PCT1_CLIENT|SP_PROT_PCT1_SERVER)
+#define SP_PROT_TLS1 (SP_PROT_TLS1_CLIENT|SP_PROT_TLS1_SERVER)
+#define SP_PROT_SSL2 (SP_PROT_SSL2_CLIENT|SP_PROT_SSL2_SERVER)
+#define SP_PROT_SSL3 (SP_PROT_SSL3_CLIENT|SP_PROT_SSL3_SERVER)
+
+#define SCH_CRED_NO_SYSTEM_MAPPER 2
+#define SCH_CRED_NO_SERVERNAME_CHECK 4
+#define SCH_CRED_MANUAL_CRED_VALIDATION 8
+#define SCH_CRED_NO_DEFAULT_CREDS 16
+#define SCH_CRED_AUTO_CRED_VALIDATION 32
+#define SCH_CRED_REVOCATION_CHECK_CHAIN 512
+#define SCH_CRED_REVOCATION_CHECK_END_CERT 256
+#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 1024
+#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 2048
+#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 4096
+#define SCH_CRED_USE_DEFAULT_CREDS 64
+
+typedef struct _SCHANNEL_CRED {
+	DWORD dwVersion;
+	DWORD cCreds;
+	PCCERT_CONTEXT* paCred;
+	HCERTSTORE hRootStore;
+	DWORD cMappers;
+	struct _HMAPPER** aphMappers;
+	DWORD cSupportedAlgs;
+	ALG_ID* palgSupportedAlgs;
+	DWORD grbitEnabledProtocols;
+	DWORD dwMinimumCypherStrength;
+	DWORD dwMaximumCypherStrength;
+	DWORD dwSessionLifespan;
+	DWORD dwFlags;
+	DWORD reserved;
+} SCHANNEL_CRED, *PSCHANNEL_CRED;
+typedef struct _SecPkgCred_SupportedAlgs {
+	DWORD cSupportedAlgs;
+	ALG_ID* palgSupportedAlgs;
+} SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs;
+typedef struct _SecPkgCred_CypherStrengths {
+	DWORD dwMinimumCypherStrength;
+	DWORD dwMaximumCypherStrength;
+} SecPkgCred_CypherStrengths, *PSecPkgCred_CypherStrengths;
+typedef struct _SecPkgCred_SupportedProtocols {
+	DWORD grbitProtocol;
+} SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols;
+typedef struct _SecPkgContext_IssuerListInfoEx {
+	PCERT_NAME_BLOB aIssuers;
+	DWORD cIssuers;
+} SecPkgContext_IssuerListInfoEx, *PSecPkgContext_IssuerListInfoEx;
+typedef struct _SecPkgContext_ConnectionInfo {
+	DWORD dwProtocol;
+	ALG_ID aiCipher;
+	DWORD dwCipherStrength;
+	ALG_ID aiHash;
+	DWORD dwHashStrength;
+	ALG_ID aiExch;
+	DWORD dwExchStrength;
+} SecPkgContext_ConnectionInfo, *PSecPkgContext_ConnectionInfo;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _SCHANNEL_H */
diff --git a/winsup/w32api/include/schnlsp.h b/winsup/w32api/include/schnlsp.h
new file mode 100644
index 000000000..b72a4c25c
--- /dev/null
+++ b/winsup/w32api/include/schnlsp.h
@@ -0,0 +1,10 @@
+#ifndef _SCHNLSP_H
+#define _SCHNLSP_H
+
+#define SECPKG_ATTR_SUPPORTED_ALGS 86
+#define SECPKG_ATTR_CIPHER_STRENGTHS 87
+#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 88
+
+#include <schannel.h>
+
+#endif /* _SCHNLSP_H */
diff --git a/winsup/w32api/include/security.h b/winsup/w32api/include/security.h
new file mode 100644
index 000000000..bdf8e4116
--- /dev/null
+++ b/winsup/w32api/include/security.h
@@ -0,0 +1,37 @@
+#ifndef _SECURITY_H
+#define _SECURITY_H
+
+#define SEC_E_OK 0
+#define SEC_E_CERT_EXPIRED (-2146893016)
+#define SEC_E_INCOMPLETE_MESSAGE (-2146893032)
+#define SEC_E_INSUFFICIENT_MEMORY (-2146893056)
+#define SEC_E_INTERNAL_ERROR (-2146893052)
+#define SEC_E_INVALID_HANDLE (-2146893055)
+#define SEC_E_INVALID_TOKEN (-2146893048)
+#define SEC_E_LOGON_DENIED (-2146893044)
+#define SEC_E_NO_AUTHENTICATING_AUTHORITY (-2146893039)
+#define SEC_E_NO_CREDENTIALS (-2146893042)
+#define SEC_E_TARGET_UNKNOWN (-2146893053)
+#define SEC_E_UNSUPPORTED_FUNCTION (-2146893054)
+#define SEC_E_UNTRUSTED_ROOT (-2146893019)
+#define SEC_E_WRONG_PRINCIPAL (-2146893022)
+#define SEC_E_SECPKG_NOT_FOUND (-2146893051)
+#define SEC_E_QOP_NOT_SUPPORTED (-2146893046)
+#define SEC_E_UNKNOWN_CREDENTIALS (-2146893043)
+#define SEC_E_NOT_OWNER (-2146893050)
+#define SEC_I_RENEGOTIATE 590625
+#define SEC_I_COMPLETE_AND_CONTINUE 590612
+#define SEC_I_COMPLETE_NEEDED 590611
+#define SEC_I_CONTINUE_NEEDED 590610
+#define SEC_I_INCOMPLETE_CREDENTIALS 590624
+
+/* always a char */
+typedef char SEC_CHAR;
+typedef wchar_t SEC_WCHAR;
+typedef long SECURITY_STATUS;
+#define SEC_FAR
+
+#include <sspi.h>
+#include <ntsecpkg.h>
+
+#endif /* _SECURITY_H */
diff --git a/winsup/w32api/include/sspi.h b/winsup/w32api/include/sspi.h
new file mode 100644
index 000000000..f24c42084
--- /dev/null
+++ b/winsup/w32api/include/sspi.h
@@ -0,0 +1,332 @@
+#ifndef _SSPI_H
+#define _SSPI_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SECPKG_CRED_INBOUND 1
+#define SECPKG_CRED_OUTBOUND 2
+#define SECPKG_CRED_BOTH (SECPKG_CRED_OUTBOUND|SECPKG_CRED_INBOUND)
+#define SECPKG_CRED_ATTR_NAMES 1
+
+#define SECPKG_FLAG_INTEGRITY 1
+#define SECPKG_FLAG_PRIVACY 2
+#define SECPKG_FLAG_TOKEN_ONLY 4
+#define SECPKG_FLAG_DATAGRAM 8
+#define SECPKG_FLAG_CONNECTION 16
+#define SECPKG_FLAG_MULTI_REQUIRED 32
+#define SECPKG_FLAG_CLIENT_ONLY 64
+#define SECPKG_FLAG_EXTENDED_ERROR 128
+#define SECPKG_FLAG_IMPERSONATION 256
+#define SECPKG_FLAG_ACCEPT_WIN32_NAME 512
+#define SECPKG_FLAG_STREAM 1024
+
+#define SECPKG_ATTR_AUTHORITY 6
+#define SECPKG_ATTR_CONNECTION_INFO 90
+#define SECPKG_ATTR_ISSUER_LIST 80
+#define SECPKG_ATTR_ISSUER_LIST_EX 89
+#define SECPKG_ATTR_KEY_INFO 5
+#define SECPKG_ATTR_LIFESPAN 2
+#define SECPKG_ATTR_LOCAL_CERT_CONTEXT 84
+#define SECPKG_ATTR_LOCAL_CRED 82
+#define SECPKG_ATTR_NAMES 1
+#define SECPKG_ATTR_PROTO_INFO 7
+#define SECPKG_ATTR_REMOTE_CERT_CONTEXT 83
+#define SECPKG_ATTR_REMOTE_CRED 81
+#define SECPKG_ATTR_SIZES 0
+#define SECPKG_ATTR_STREAM_SIZES 4
+
+#define SECBUFFER_EMPTY 0
+#define SECBUFFER_DATA 1
+#define SECBUFFER_TOKEN 2
+#define SECBUFFER_PKG_PARAMS 3
+#define SECBUFFER_MISSING 4
+#define SECBUFFER_EXTRA 5
+#define SECBUFFER_STREAM_TRAILER 6
+#define SECBUFFER_STREAM_HEADER 7
+#define SECBUFFER_PADDING 9
+#define SECBUFFER_STREAM 10
+#define SECBUFFER_READONLY 0x80000000
+#define SECBUFFER_ATTRMASK 0xf0000000
+
+#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
+#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
+#define SECBUFFER_VERSION 0
+
+typedef struct _SecHandle {
+	ULONG_PTR dwLower;
+	ULONG_PTR dwUpper;
+} SecHandle, *PSecHandle;
+typedef struct _SecBuffer {
+	ULONG cbBuffer;
+	ULONG BufferType;
+	PVOID pvBuffer;
+} SecBuffer, *PSecBuffer;
+typedef SecHandle CredHandle;
+typedef PSecHandle PCredHandle;
+typedef SecHandle CtxtHandle;
+typedef PSecHandle PCtxtHandle;
+typedef struct _SECURITY_INTEGER {
+	unsigned long LowPart;
+	long HighPart;
+} SECURITY_INTEGER;
+typedef SECURITY_INTEGER TimeStamp, *PTimeStamp;
+typedef struct _SecBufferDesc {
+	ULONG ulVersion;
+	ULONG cBuffers;
+	PSecBuffer pBuffers;
+} SecBufferDesc, *PSecBufferDesc;
+typedef struct _SecPkgContext_StreamSizes {
+	ULONG cbHeader;
+	ULONG cbTrailer;
+	ULONG cbMaximumMessage;
+	ULONG cBuffers;
+	ULONG cbBlockSize;
+} SecPkgContext_StreamSizes, *PSecPkgContext_StreamSizes;
+typedef struct _SecPkgContext_Sizes {
+	ULONG cbMaxToken;
+	ULONG cbMaxSIgnature;
+	ULONG cbBlockSize;
+	ULONG cbSecurityTrailer;
+} SecPkgContext_Sizes, *PSecPkgContext_Sizes;
+typedef struct _SecPkgContext_AuthorityW {
+	SEC_WCHAR* sAuthorityName;
+} SecPkgContext_AuthorityW, *PSecPkgContext_AuthorityW;
+typedef struct _SecPkgContext_AuthorityA {
+	SEC_CHAR* sAuthorityName;
+} SecPkgContext_AuthorityA, *PSecPkgContext_AuthorityA;
+typedef struct _SecPkgContext_KeyInfoW {
+	SEC_WCHAR* sSignatureAlgorithmName;
+	SEC_WCHAR* sEncryptAlgorithmName;
+	ULONG KeySize;
+	ULONG SignatureAlgorithm;
+	ULONG EncryptAlgorithm;
+} SecPkgContext_KeyInfoW, *PSecPkgContext_KeyInfoW;
+typedef struct _SecPkgContext_KeyInfoA {
+	SEC_CHAR* sSignatureAlgorithmName;
+	SEC_CHAR* sEncryptAlgorithmName;
+	ULONG KeySize;
+	ULONG SignatureAlgorithm;
+	ULONG EncryptAlgorithm;
+} SecPkgContext_KeyInfoA, *PSecPkgContext_KeyInfoA;
+typedef struct _SecPkgContext_LifeSpan {
+	TimeStamp tsStart;
+	TimeStamp tsExpiry;
+} SecPkgContext_LifeSpan, *PSecPkgContext_LifeSpan;
+typedef struct _SecPkgContext_NamesW {
+	SEC_WCHAR* sUserName;
+} SecPkgContext_NamesW, *PSecPkgContext_NamesW;
+typedef struct _SecPkgContext_NamesA {
+	SEC_CHAR* sUserName;
+} SecPkgContext_NamesA, *PSecPkgContext_NamesA;
+typedef struct _SecPkgInfoW {
+	ULONG fCapabilities;
+	USHORT wVersion;
+	USHORT wRPCID;
+	ULONG cbMaxToken;
+	SEC_WCHAR* Name;
+	SEC_WCHAR* Comment;
+} SecPkgInfoW, *PSecPkgInfoW;
+typedef struct _SecPkgInfoA {
+	ULONG fCapabilities;
+	USHORT wVersion;
+	USHORT wRPCID;
+	ULONG cbMaxToken;
+	SEC_CHAR* Name;
+	SEC_CHAR* Comment;
+} SecPkgInfoA, *PSecPkgInfoA;
+/* supported only in win2k+, so it should be a PSecPkgInfoW */
+/* PSDK does not say it has ANSI/Unicode versions */
+typedef struct _SecPkgContext_PackageInfo {
+	PSecPkgInfoW PackageInfo;
+} SecPkgContext_PackageInfo, *PSecPkgContext_PackageInfo;
+typedef struct _SecPkgCredentials_NamesW {
+	SEC_WCHAR* sUserName;
+} SecPkgCredentialsNamesW, *PSecPkgCredentialsNamesW;
+typedef struct _SecPkgCredentials_NamesA {
+	SEC_CHAR* sUserName;
+} SecPkgCredentialsNamesA, *PSecPkgCredentialsNamesA;
+
+/* TODO: missing type in SDK */
+typedef void (*SEC_GET_KEY_FN)();
+
+typedef SECURITY_STATUS (WINAPI *ENUMERATE_SECURITY_PACKAGES_FN_W)(PULONG,PSecPkgInfoW*);
+typedef SECURITY_STATUS (WINAPI *ENUMERATE_SECURITY_PACKAGES_FN_A)(PULONG,PSecPkgInfoA*);
+typedef SECURITY_STATUS (WINAPI *QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle,ULONG,PVOID);
+typedef SECURITY_STATUS (WINAPI *QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle,ULONG,PVOID);
+typedef SECURITY_STATUS (WINAPI *ACQUIRE_CREDENTIALS_HANDLE_FN_W)(SEC_WCHAR*,SEC_WCHAR*,ULONG,PLUID,PVOID,SEC_GET_KEY_FN,PVOID,PCredHandle,PTimeStamp);
+typedef SECURITY_STATUS (WINAPI *ACQUIRE_CREDENTIALS_HANDLE_FN_A)(SEC_CHAR*,SEC_CHAR*,ULONG,PLUID,PVOID,SEC_GET_KEY_FN,PVOID,PCredHandle,PTimeStamp);
+typedef SECURITY_STATUS (WINAPI *FREE_CREDENTIALS_HANDLE_FN)(PCredHandle);
+typedef SECURITY_STATUS (WINAPI *INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHandle,PCtxtHandle,SEC_WCHAR*,ULONG,ULONG,ULONG,PSecBufferDesc,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
+typedef SECURITY_STATUS (WINAPI *INITIALIZE_SECURITY_CONTEXT_FN_A)(PCredHandle,PCtxtHandle,SEC_CHAR*,ULONG,ULONG,ULONG,PSecBufferDesc,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
+typedef SECURITY_STATUS (WINAPI *ACCEPT_SECURITY_CONTEXT_FN)(PCredHandle,PCtxtHandle,PSecBufferDesc,ULONG,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
+typedef SECURITY_STATUS (WINAPI *COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle,PSecBufferDesc);
+typedef SECURITY_STATUS (WINAPI *DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle);
+typedef SECURITY_STATUS (WINAPI *APPLY_CONTROL_TOKEN_FN_W)(PCtxtHandle,PSecBufferDesc);
+typedef SECURITY_STATUS (WINAPI *APPLY_CONTROL_TOKEN_FN_A)(PCtxtHandle,PSecBufferDesc);
+typedef SECURITY_STATUS (WINAPI *QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle,ULONG,PVOID);
+typedef SECURITY_STATUS (WINAPI *QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle,ULONG,PVOID);
+typedef SECURITY_STATUS (WINAPI *IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle);
+typedef SECURITY_STATUS (WINAPI *REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle);
+typedef SECURITY_STATUS (WINAPI *MAKE_SIGNATURE_FN)(PCtxtHandle,ULONG,PSecBufferDesc,ULONG);
+typedef SECURITY_STATUS (WINAPI *VERIFY_SIGNATURE_FN)(PCtxtHandle,PSecBufferDesc,ULONG,PULONG);
+typedef SECURITY_STATUS (WINAPI *FREE_CONTEXT_BUFFER_FN)(PVOID);
+typedef SECURITY_STATUS (WINAPI *QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR*,PSecPkgInfoA*);
+typedef SECURITY_STATUS (WINAPI *QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR*,PSecPkgInfoW*);
+typedef SECURITY_STATUS (WINAPI *ENCRYPT_MESSAGE_FN)(PCtxtHandle,ULONG,PSecBufferDesc,ULONG);
+typedef SECURITY_STATUS (WINAPI *DECRYPT_MESSAGE_FN)(PCtxtHandle,PSecBufferDesc,ULONG,PULONG);
+
+typedef struct _SECURITY_FUNCTION_TABLEW {
+	unsigned long dwVersion;
+	ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
+	QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
+	ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
+	FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
+	void SEC_FAR* Reserved2;
+	INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
+	ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
+	COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
+	DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
+	APPLY_CONTROL_TOKEN_FN_W ApplyControlTokenW;
+	QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
+	IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
+	REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
+	MAKE_SIGNATURE_FN MakeSignature;
+	VERIFY_SIGNATURE_FN VerifySignature;
+	FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
+	QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
+	void SEC_FAR* Reserved3;
+	void SEC_FAR* Reserved4;
+        void SEC_FAR* Unknown1;
+        void SEC_FAR* Unknown2;
+        void SEC_FAR* Unknown3;
+        void SEC_FAR* Unknown4;
+        void SEC_FAR* Unknown5;
+        ENCRYPT_MESSAGE_FN EncryptMessage;
+        DECRYPT_MESSAGE_FN DecryptMessage;
+} SecurityFunctionTableW, *PSecurityFunctionTableW;
+typedef struct _SECURITY_FUNCTION_TABLEA {
+	unsigned long dwVersion;
+	ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
+	QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
+	ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
+	FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
+	void SEC_FAR* Reserved2;
+	INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
+	ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
+	COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
+	DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
+	APPLY_CONTROL_TOKEN_FN_A ApplyControlTokenA;
+	QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
+	IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
+	REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
+	MAKE_SIGNATURE_FN MakeSignature;
+	VERIFY_SIGNATURE_FN VerifySignature;
+	FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
+	QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
+	void SEC_FAR* Reserved3;
+	void SEC_FAR* Reserved4;
+        void SEC_FAR* Unknown1;
+        void SEC_FAR* Unknown2;
+        void SEC_FAR* Unknown3;
+        void SEC_FAR* Unknown4;
+        void SEC_FAR* Unknown5;
+        ENCRYPT_MESSAGE_FN EncryptMessage;
+        DECRYPT_MESSAGE_FN DecryptMessage;
+} SecurityFunctionTableA, *PSecurityFunctionTableA;
+typedef PSecurityFunctionTableA (WINAPI *INIT_SECURITY_INTERFACE_A)(VOID);
+typedef PSecurityFunctionTableW (WINAPI *INIT_SECURITY_INTERFACE_W)(VOID);
+
+SECURITY_STATUS WINAPI FreeCredentialsHandle(PCredHandle);
+SECURITY_STATUS WINAPI EnumerateSecurityPackagesA(PULONG,PSecPkgInfoA*);
+SECURITY_STATUS WINAPI EnumerateSecurityPackagesW(PULONG,PSecPkgInfoW*);
+SECURITY_STATUS WINAPI AcquireCredentialsHandleA(SEC_CHAR*,SEC_CHAR*,ULONG,PLUID,PVOID,SEC_GET_KEY_FN,PVOID,PCredHandle,PTimeStamp);
+SECURITY_STATUS WINAPI AcquireCredentialsHandleW(SEC_WCHAR*,SEC_WCHAR*,ULONG,PLUID,PVOID,SEC_GET_KEY_FN,PVOID,PCredHandle,PTimeStamp);
+SECURITY_STATUS WINAPI AcceptSecurityContext(PCredHandle,PCtxtHandle,PSecBufferDesc,ULONG,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
+SECURITY_STATUS WINAPI InitializeSecurityContextA(PCredHandle,PCtxtHandle,SEC_CHAR*,ULONG,ULONG,ULONG,PSecBufferDesc,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
+SECURITY_STATUS WINAPI InitializeSecurityContextW(PCredHandle,PCtxtHandle,SEC_WCHAR*,ULONG,ULONG,ULONG,PSecBufferDesc,ULONG,PCtxtHandle,PSecBufferDesc,PULONG,PTimeStamp);
+SECURITY_STATUS WINAPI FreeContextBuffer(PVOID);
+SECURITY_STATUS WINAPI QueryContextAttributesA(PCtxtHandle,ULONG,PVOID);
+SECURITY_STATUS WINAPI QueryContextAttributesW(PCtxtHandle,ULONG,PVOID);
+SECURITY_STATUS WINAPI QueryCredentialsAttributesA(PCredHandle,ULONG,PVOID);
+SECURITY_STATUS WINAPI QueryCredentialsAttributesW(PCredHandle,ULONG,PVOID);
+SECURITY_STATUS WINAPI DecryptMessage(PCtxtHandle,PSecBufferDesc,ULONG,PULONG);
+SECURITY_STATUS WINAPI EncryptMessage(PCtxtHandle,ULONG,PSecBufferDesc,ULONG);
+SECURITY_STATUS WINAPI DeleteSecurityContext(PCtxtHandle);
+SECURITY_STATUS WINAPI CompleteAuthToken(PCtxtHandle,PSecBufferDesc);
+SECURITY_STATUS WINAPI ApplyControlTokenA(PCtxtHandle,PSecBufferDesc);
+SECURITY_STATUS WINAPI ApplyControlTokenW(PCtxtHandle,PSecBufferDesc);
+SECURITY_STATUS WINAPI ImpersonateSecurityContext(PCtxtHandle);
+SECURITY_STATUS WINAPI RevertSecurityContext(PCtxtHandle);
+SECURITY_STATUS WINAPI MakeSignature(PCtxtHandle,ULONG,PSecBufferDesc,ULONG);
+SECURITY_STATUS WINAPI VerifySignature(PCtxtHandle,PSecBufferDesc,ULONG,PULONG);
+SECURITY_STATUS WINAPI QuerySecurityPackageInfoA(SEC_CHAR*,PSecPkgInfoA*);
+SECURITY_STATUS WINAPI QuerySecurityPackageInfoW(SEC_WCHAR*,PSecPkgInfoW*);
+PSecurityFunctionTableA WINAPI InitSecurityInterfaceA(VOID);
+PSecurityFunctionTableW WINAPI InitSecurityInterfaceW(VOID);
+
+#ifdef UNICODE
+#define UNISP_NAME UNISP_NAME_W
+#define SecPkgInfo SecPkgInfoW
+#define PSecPkgInfo PSecPkgInfoW
+#define SecPkgCredentialsNames SecPkgCredentialsNamesW
+#define PSecPkgCredentialsNames PSecPkgCredentialsNamesW
+#define SecPkgContext_Authority SecPkgContext_AuthorityW
+#define PSecPkgContext_Authority PSecPkgContext_AuthorityW
+#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW
+#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW
+#define SecPkgContext_Names SecPkgContext_NamesW
+#define PSecPkgContext_Names PSecPkgContext_NamesW
+#define SecurityFunctionTable SecurityFunctionTableW
+#define PSecurityFunctionTable PSecurityFunctionTableW
+#define AcquireCredentialsHandle AcquireCredentialsHandleW
+#define EnumerateSecurityPackages EnumerateSecurityPackagesW
+#define InitializeSecurityContext InitializeSecurityContextW
+#define QueryContextAttributes QueryContextAttributesW
+#define QueryCredentialsAttributes QueryCredentialsAttributesW
+#define QuerySecurityPackageInfo QuerySecurityPackageInfoW
+#define ApplyControlToken ApplyControlTokenW
+#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W
+#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W
+#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W
+#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W
+#define APPLY_CONTROL_TOKEN_FN APPLY_CONTROL_TOKEN_FN_W
+#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W
+#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W
+#define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W
+#else
+#define UNISP_NAME UNISP_NAME_A
+#define SecPkgInfo SecPkgInfoA
+#define PSecPkgInfo PSecPkgInfoA
+#define SecPkgCredentialsNames SecPkgCredentialsNamesA
+#define PSecPkgCredentialsNames PSecPkgCredentialsNamesA
+#define SecPkgContext_Authority SecPkgContext_AuthorityA
+#define PSecPkgContext_Authority PSecPkgContext_AuthorityA
+#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
+#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
+#define SecPkgContext_Names SecPkgContext_NamesA
+#define PSecPkgContext_Names PSecPkgContext_NamesA
+#define SecurityFunctionTable SecurityFunctionTableA
+#define PSecurityFunctionTable PSecurityFunctionTableA
+#define AcquireCredentialsHandle AcquireCredentialsHandleA
+#define EnumerateSecurityPackages EnumerateSecurityPackagesA
+#define InitializeSecurityContext InitializeSecurityContextA
+#define QueryContextAttributes QueryContextAttributesA
+#define QueryCredentialsAttributes QueryCredentialsAttributesA
+#define QuerySecurityPackageInfo QuerySecurityPackageInfoA
+#define ApplyControlToken ApplyControlTokenA
+#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
+#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
+#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
+#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
+#define APPLY_CONTROL_TOKEN_FN APPLY_CONTROL_TOKEN_FN_A
+#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
+#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
+#define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/winsup/w32api/include/wincrypt.h b/winsup/w32api/include/wincrypt.h
index 0feba9630..8ec97703b 100644
--- a/winsup/w32api/include/wincrypt.h
+++ b/winsup/w32api/include/wincrypt.h
@@ -43,6 +43,10 @@ extern "C" {
 #define CALG_MD5 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_MD5)
 #define CALG_SHA (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA)
 #define CALG_MAC (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_MAC)
+#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|3)
+#define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|12)
+#define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|10)
+#define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_STREAM|ALG_TYPE_DSS|4)
 #define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE|ALG_TYPE_RSA|ALG_SID_RSA_ANY)
 #define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE|ALG_TYPE_DSS|ALG_SID_DSS_ANY)
 #define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY)
@@ -50,6 +54,8 @@ extern "C" {
 #define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC2)
 #define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_RC4)
 #define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_SEAL)
+#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_STREAM|ALG_TYPE_DSS|ALG_SID_DSS_DMS)
+
 #define CRYPT_VERIFYCONTEXT 0xF0000000
 #define CRYPT_NEWKEYSET 8
 #define CRYPT_DELETEKEYSET 16
@@ -115,11 +121,346 @@ extern "C" {
 #define PROV_STT_ISS 11
 #define MAXUIDLEN 64
 #define CUR_BLOB_VERSION 2
+#define X509_ASN_ENCODING 1
+#define PKCS_7_ASN_ENCODING  65536
+#define CERT_V1 0
+#define CERT_V2 1
+#define CERT_V3 2
+#define CERT_E_CHAINING (-2146762486)
+#define CERT_E_CN_NO_MATCH (-2146762481)
+#define CERT_E_EXPIRED (-2146762495)
+#define CERT_E_PURPOSE (-2146762490)
+#define CERT_E_REVOCATION_FAILURE (-2146762482)
+#define CERT_E_REVOKED (-2146762484)
+#define CERT_E_ROLE (-2146762493)
+#define CERT_E_UNTRUSTEDROOT (-2146762487)
+#define CERT_E_UNTRUSTEDTESTROOT (-2146762483)
+#define CERT_E_VALIDITYPERIODNESTING (-2146762494)
+#define CERT_E_WRONG_USAGE (-2146762480)
+#define CERT_E_PATHLENCONST (-2146762492)
+#define CERT_E_CRITICAL (-2146762491)
+#define CERT_E_ISSUERCHAINING (-2146762489)
+#define CERT_E_MALFORMED (-2146762488)
+#define CRYPT_E_REVOCATION_OFFLINE (-2146885613)
+#define CRYPT_E_REVOKED (-2146885616)
+#define TRUST_E_BASIC_CONSTRAINTS (-2146869223)
+#define TRUST_E_CERT_SIGNATURE (-2146869244)
+#define TRUST_E_FAIL (-2146762485)
+#define CERT_TRUST_NO_ERROR 0
+#define CERT_TRUST_IS_NOT_TIME_VALID 1
+#define CERT_TRUST_IS_NOT_TIME_NESTED 2
+#define CERT_TRUST_IS_REVOKED 4
+#define CERT_TRUST_IS_NOT_SIGNATURE_VALID 8
+#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE 16
+#define CERT_TRUST_IS_UNTRUSTED_ROOT 32
+#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN 64
+#define CERT_TRUST_IS_CYCLIC 128
+#define CERT_TRUST_IS_PARTIAL_CHAIN 65536
+#define CERT_TRUST_CTL_IS_NOT_TIME_VALID 131072
+#define CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 262144
+#define CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 524288
+#define CERT_TRUST_HAS_EXACT_MATCH_ISSUER 1
+#define CERT_TRUST_HAS_KEY_MATCH_ISSUER 2
+#define CERT_TRUST_HAS_NAME_MATCH_ISSUER 4
+#define CERT_TRUST_IS_SELF_SIGNED 8
+#define CERT_TRUST_IS_COMPLEX_CHAIN 65536
+#define CERT_CHAIN_POLICY_BASE ((LPCSTR) 1)
+#define CERT_CHAIN_POLICY_AUTHENTICODE  ((LPCSTR) 2)
+#define CERT_CHAIN_POLICY_AUTHENTICODE_TS  ((LPCSTR) 3)
+#define CERT_CHAIN_POLICY_SSL  ((LPCSTR) 4)
+#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS ((LPCSTR) 5)
+#define CERT_CHAIN_POLICY_NT_AUTH ((LPCSTR) 6)
+#define USAGE_MATCH_TYPE_AND 0
+#define USAGE_MATCH_TYPE_OR 1
+#define CERT_SIMPLE_NAME_STR 1
+#define CERT_OID_NAME_STR 2
+#define CERT_X500_NAME_STR 3
+#define CERT_NAME_STR_SEMICOLON_FLAG 1073741824
+#define CERT_NAME_STR_CRLF_FLAG 134217728
+#define CERT_NAME_STR_NO_PLUS_FLAG 536870912
+#define CERT_NAME_STR_NO_QUOTING_FLAG 268435456
+#define CERT_NAME_STR_REVERSE_FLAG 33554432
+#define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 131072
+#define CERT_FIND_ANY 0
+#define CERT_FIND_CERT_ID 1048576
+#define CERT_FIND_CTL_USAGE 655360
+#define CERT_FIND_ENHKEY_USAGE 655360
+#define CERT_FIND_EXISTING 851968
+#define CERT_FIND_HASH 65536
+#define CERT_FIND_ISSUER_ATTR 196612
+#define CERT_FIND_ISSUER_NAME 131076
+#define CERT_FIND_ISSUER_OF 786432
+#define CERT_FIND_KEY_IDENTIFIER 983040
+#define CERT_FIND_KEY_SPEC 589824
+#define CERT_FIND_MD5_HASH 262144
+#define CERT_FIND_PROPERTY 327680
+#define CERT_FIND_PUBLIC_KEY 393216
+#define CERT_FIND_SHA1_HASH 65536
+#define CERT_FIND_SIGNATURE_HASH 917504
+#define CERT_FIND_SUBJECT_ATTR 196615
+#define CERT_FIND_SUBJECT_CERT 720896
+#define CERT_FIND_SUBJECT_NAME 131079
+#define CERT_FIND_SUBJECT_STR_A 458759
+#define CERT_FIND_SUBJECT_STR_W 524295
+#define CERT_FIND_ISSUER_STR_A 458756
+#define CERT_FIND_ISSUER_STR_W 524292
+#define CERT_FIND_OR_ENHKEY_USAGE_FLAG 16
+#define CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG  1
+#define CERT_FIND_NO_ENHKEY_USAGE_FLAG  8
+#define CERT_FIND_VALID_ENHKEY_USAGE_FLAG  32
+#define CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG  2
+#define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG  2
+#define CERT_UNICODE_IS_RDN_ATTRS_FLAG 1
+#define CERT_CHAIN_FIND_BY_ISSUER 1
+#define CERT_CHAIN_FIND_BY_ISSUER_COMPARE_KEY_FLAG 1
+#define CERT_CHAIN_FIND_BY_ISSUER_COMPLEX_CHAIN_FLAG 2
+#define CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG 32768
+#define CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG 4
+#define CERT_CHAIN_FIND_BY_ISSUER_LOCAL_MACHINE_FLAG 8
+#define CERT_CHAIN_FIND_BY_ISSUER_NO_KEY_FLAG 16384
+#define CERT_STORE_PROV_SYSTEM 10
+#define CERT_SYSTEM_STORE_LOCAL_MACHINE 131072
+#define szOID_PKIX_KP_SERVER_AUTH "4235600"
+#define szOID_SERVER_GATED_CRYPTO "4235658"
+#define szOID_SGC_NETSCAPE "2.16.840.1.113730.4.1"
+#define szOID_PKIX_KP_CLIENT_AUTH "1.3.6.1.5.5.7.3.2"
+
 typedef UINT ALG_ID;
 typedef struct _VTableProvStruc {FARPROC FuncVerifyImage;} VTableProvStruc,*PVTableProvStruc;
 typedef ULONG HCRYPTPROV;
 typedef ULONG HCRYPTKEY;
 typedef ULONG HCRYPTHASH;
+typedef PVOID HCERTSTORE;
+typedef PVOID HCRYPTMSG;
+typedef PVOID HCERTCHAINENGINE;
+typedef struct _CRYPTOAPI_BLOB {
+	DWORD cbData;
+	BYTE* pbData;
+} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
+  CRYPT_UINT_BLOB,    *PCRYPT_UINT_BLOB,
+  CRYPT_OBJID_BLOB,   *PCRYPT_OBJID_BLOB,
+  CERT_NAME_BLOB,     *PCERT_NAME_BLOB,
+  CERT_RDN_VALUE_BLOB,*PCERT_RDN_VALUE_BLOB,
+  CERT_BLOB,          *PCERT_BLOB,
+  CRL_BLOB,           *PCRL_BLOB,
+  DATA_BLOB,          *PDATA_BLOB,
+  CRYPT_DATA_BLOB,    *PCRYPT_DATA_BLOB,
+  CRYPT_HASH_BLOB,    *PCRYPT_HASH_BLOB,
+  CRYPT_DIGEST_BLOB,  *PCRYPT_DIGEST_BLOB,
+  CRYPT_DER_BLOB,     *PCRYPT_DER_BLOB,
+  CRYPT_ATTR_BLOB,    *PCRYPT_ATTR_BLOB;
+/* not described in SDK; has the same layout as HTTPSPolicyCallbackData */
+typedef struct _SSL_EXTRA_CERT_CHAIN_POLICY_PARA {
+	DWORD cbStruct;
+	DWORD dwAuthType;
+	DWORD fdwChecks;
+	LPWSTR pwszServerName;
+} SSL_EXTRA_CERT_CHAIN_POLICY_PARA, *PSSL_EXTRA_CERT_CHAIN_POLICY_PARA,
+  HTTPSPolicyCallbackData, *PHTTPSPolicyCallbackData;
+/* #if (_WIN32_WINNT>=0x500) */
+typedef struct _CERT_CHAIN_POLICY_PARA {
+	DWORD cbSize;
+	DWORD dwFlags;
+	void* pvExtraPolicyPara;
+} CERT_CHAIN_POLICY_PARA, *PCERT_CHAIN_POLICY_PARA;
+typedef struct _CERT_CHAIN_POLICY_STATUS {
+	DWORD cbSize;
+	DWORD dwError;
+	LONG lChainIndex;
+	LONG lElementIndex;
+	void* pvExtraPolicyStatus;
+} CERT_CHAIN_POLICY_STATUS, *PCERT_CHAIN_POLICY_STATUS;
+/* #endif */
+typedef struct _CRYPT_ALGORITHM_IDENTIFIER {
+	LPSTR pszObjId;
+	CRYPT_OBJID_BLOB Parameters;
+} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
+typedef struct _CRYPT_BIT_BLOB {
+	DWORD cbData;
+	BYTE* pbData;
+	DWORD cUnusedBits;
+} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
+typedef struct _CERT_PUBLIC_KEY_INFO {
+	CRYPT_ALGORITHM_IDENTIFIER Algorithm;
+	CRYPT_BIT_BLOB PublicKey;
+} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
+typedef struct _CERT_EXTENSION {
+	LPSTR pszObjId;
+	BOOL fCritical;
+	CRYPT_OBJID_BLOB Value;
+} CERT_EXTENSION, *PCERT_EXTENSION;
+typedef struct _CERT_INFO {
+	DWORD dwVersion;
+	CRYPT_INTEGER_BLOB SerialNumber;
+	CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
+	CERT_NAME_BLOB Issuer;
+	FILETIME NotBefore;
+	FILETIME NotAfter;
+	CERT_NAME_BLOB Subject;
+	CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
+	CRYPT_BIT_BLOB IssuerUniqueId;
+	CRYPT_BIT_BLOB SubjectUniqueId;
+	DWORD cExtension;
+	PCERT_EXTENSION rgExtension;
+} CERT_INFO, *PCERT_INFO;
+typedef struct _CERT_CONTEXT {
+	DWORD dwCertEncodingType;
+	BYTE* pbCertEncoded;
+	DWORD cbCertEncoded;
+	PCERT_INFO pCertInfo;
+	HCERTSTORE hCertStore;
+} CERT_CONTEXT, *PCERT_CONTEXT;
+typedef const CERT_CONTEXT *PCCERT_CONTEXT;
+typedef struct _CTL_USAGE {
+	DWORD cUsageIdentifier;
+	LPSTR *rgpszUsageIdentifier;
+} CTL_USAGE, *PCTRL_USAGE,
+  CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE;
+typedef struct _CERT_USAGE_MATCH {
+	DWORD dwType;
+	CERT_ENHKEY_USAGE Usage;
+} CERT_USAGE_MATCH, *PCERT_USAGE_MATCH;
+/* #if (_WIN32_WINNT>=0x500) */
+typedef struct _CERT_CHAIN_PARA {
+	DWORD cbSize;
+	CERT_USAGE_MATCH RequestedUsage;
+#if CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
+	CERT_USAGE_MATCH RequestedIssuancePolicy;
+	DWORD dwUrlRetrievalTimeout;
+	BOOL fCheckRevocationFreshnessTime;
+	DWORD dwRevocationFreshnessTime;
+#endif
+} CERT_CHAIN_PARA, *PCERT_CHAIN_PARA;
+typedef BOOL (WINAPI *PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK)(PCCERT_CONTEXT,void*);
+typedef struct _CERT_CHAIN_FIND_BY_ISSUER_PARA {
+	DWORD cbSize;
+	LPCSTR pszUsageIdentifier;
+	DWORD dwKeySpec;
+	DWORD dwAcquirePrivateKeyFlags;
+	DWORD cIssuer;
+	CERT_NAME_BLOB* rgIssuer;
+	PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK pfnFIndCallback;
+	void* pvFindArg;
+	DWORD* pdwIssuerChainIndex;
+	DWORD* pdwIssuerElementIndex;
+} CERT_CHAIN_FIND_BY_ISSUER_PARA, *PCERT_CHAIN_FIND_BY_ISSUER_PARA;
+/* #endif */
+typedef struct _CERT_TRUST_STATUS {
+	DWORD dwErrorStatus;
+	DWORD dwInfoStatus;
+} CERT_TRUST_STATUS, *PCERT_TRUST_STATUS;
+typedef struct _CRL_ENTRY {
+	CRYPT_INTEGER_BLOB SerialNumber;
+	FILETIME RevocationDate;
+	DWORD cExtension;
+	PCERT_EXTENSION rgExtension;
+} CRL_ENTRY, *PCRL_ENTRY;
+typedef struct _CRL_INFO {
+	DWORD dwVersion;
+	CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
+	CERT_NAME_BLOB Issuer;
+	FILETIME ThisUpdate;
+	FILETIME NextUpdate;
+	DWORD cCRLEntry;
+	PCRL_ENTRY rgCRLEntry;
+	DWORD cExtension;
+	PCERT_EXTENSION rgExtension;
+} CRL_INFO, *PCRL_INFO;
+typedef struct _CRL_CONTEXT {
+	DWORD dwCertEncodingType;
+	BYTE* pbCrlEncoded;
+	DWORD cbCrlEncoded;
+	PCRL_INFO pCrlInfo;
+	HCERTSTORE hCertStore;
+} CRL_CONTEXT, *PCRL_CONTEXT;
+typedef const CRL_CONTEXT *PCCRL_CONTEXT;
+typedef struct _CERT_REVOCATION_CRL_INFO {
+	DWORD cbSize;
+	PCCRL_CONTEXT pBaseCRLContext;
+	PCCRL_CONTEXT pDeltaCRLContext;
+	PCRL_ENTRY pCrlEntry;
+	BOOL fDeltaCrlEntry;
+} CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO;
+typedef struct _CERT_REVOCATION_INFO {
+	DWORD cbSize;
+	DWORD dwRevocationResult;
+	LPCSTR pszRevocationOid;
+	LPVOID pvOidSpecificInfo;
+	BOOL fHasFreshnessTime;
+	DWORD dwFreshnessTime;
+	PCERT_REVOCATION_CRL_INFO pCrlInfo;
+} CERT_REVOCATION_INFO, *PCERT_REVOCATION_INFO;
+/* #if (_WIN32_WINNT>=0x500) */
+typedef struct _CERT_CHAIN_ELEMENT {
+	DWORD cbSize;
+	PCCERT_CONTEXT pCertContext;
+	CERT_TRUST_STATUS TrustStatus;
+	PCERT_REVOCATION_INFO pRevocationInfo;
+	PCERT_ENHKEY_USAGE pIssuanceUsage;
+	PCERT_ENHKEY_USAGE pApplicationUsage;
+} CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT;
+/* #endif */
+typedef struct _CRYPT_ATTRIBUTE {
+	LPSTR pszObjId;
+	DWORD cValue;
+	PCRYPT_ATTR_BLOB rgValue;
+} CRYPT_ATTRIBUTE, *PCRYPT_ATTRIBUTE;
+typedef struct _CTL_ENTRY {
+	CRYPT_DATA_BLOB SubjectIdentifier;
+	DWORD cAttribute;
+	PCRYPT_ATTRIBUTE rgAttribute;
+} CTL_ENTRY, *PCTL_ENTRY;
+typedef struct _CTL_INFO {
+	DWORD dwVersion;
+	CTL_USAGE SubjectUsage;
+	CRYPT_DATA_BLOB ListIdentifier;
+	CRYPT_INTEGER_BLOB SequenceNumber;
+	FILETIME ThisUpdate;
+	FILETIME NextUpdate;
+	CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
+	DWORD cCTLEntry;
+	PCTL_ENTRY rgCTLEntry;
+	DWORD cExtension;
+	PCERT_EXTENSION rgExtension;
+} CTL_INFO, *PCTL_INFO;
+typedef struct _CTL_CONTEXT {
+	DWORD dwMsgAndCertEncodingType;
+	BYTE* pbCtlEncoded;
+	DWORD cbCtlEncoded;
+	PCTL_INFO pCtlInfo;
+	HCERTSTORE hCertStore;
+	HCRYPTMSG hCryptMsg;
+	BYTE* pbCtlContent;
+	DWORD cbCtlContent;
+} CTL_CONTEXT, *PCTL_CONTEXT;
+typedef const CTL_CONTEXT *PCCTL_CONTEXT;
+typedef struct _CERT_TRUST_LIST_INFO {
+	DWORD cbSize;
+	PCTL_ENTRY pCtlEntry;
+	PCCTL_CONTEXT pCtlContext;
+} CERT_TRUST_LIST_INFO, *PCERT_TRUST_LIST_INFO;
+typedef struct _CERT_SIMPLE_CHAIN {
+	DWORD cbSize;
+	CERT_TRUST_STATUS TrustStatus;
+	DWORD cElement;
+	PCERT_CHAIN_ELEMENT* rgpElement;
+	PCERT_TRUST_LIST_INFO pTrustListInfo;
+	BOOL fHasRevocationFreshnessTime;
+	DWORD dwRevocationFreshnessTime;
+} CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN;
+/* #if (_WIN32_WINNT>=0x500) */
+typedef const struct _CERT_CHAIN_CONTEXT* PCCERT_CHAIN_CONTEXT;
+typedef struct _CERT_CHAIN_CONTEXT {
+	DWORD cbSize;
+	CERT_TRUST_STATUS TrustStatus;
+	DWORD cChain;
+	PCERT_SIMPLE_CHAIN* rgpChain;
+	DWORD cLowerQualityChainContext;
+	PCCERT_CHAIN_CONTEXT* rgpLowerQualityChainContext;
+	BOOL fHasRevocationFreshnessTime;
+	DWORD dwRevocationFreshnessTime;
+} CERT_CHAIN_CONTEXT, *PCERT_CHAIN_CONTEXT;
+/* #endif */
 typedef struct _PROV_ENUMALGS {
 	ALG_ID aiAlgid;
 	DWORD dwBitLen;
@@ -137,6 +478,20 @@ typedef struct _RSAPUBKEY {
 	DWORD bitlen;
 	DWORD pubexp;
 } RSAPUBKEY;
+
+BOOL WINAPI CertCloseStore(HCERTSTORE,DWORD);
+BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE,PCCERT_CONTEXT,LPFILETIME,HCERTSTORE,PCERT_CHAIN_PARA,DWORD,LPVOID,PCCERT_CHAIN_CONTEXT*);
+BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR,PCCERT_CHAIN_CONTEXT,PCERT_CHAIN_POLICY_PARA,PCERT_CHAIN_POLICY_STATUS);
+void WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT);
+DWORD WINAPI CertNameToStrA(DWORD,PCERT_NAME_BLOB,DWORD,LPSTR,DWORD);
+DWORD WINAPI CertNameToStrW(DWORD,PCERT_NAME_BLOB,DWORD,LPWSTR,DWORD);
+HCERTSTORE WINAPI CertOpenSystemStoreA(HCRYPTPROV,LPCSTR);
+HCERTSTORE WINAPI CertOpenSystemStoreW(HCRYPTPROV,LPCWSTR);
+HCERTSTORE WINAPI CertOpenStore(LPCSTR,DWORD,HCRYPTPROV,DWORD,const void*);
+PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCERT_CONTEXT);
+BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT);
+PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE,PCCERT_CONTEXT,PCCERT_CONTEXT,DWORD*);
+PCCERT_CHAIN_CONTEXT WINAPI CertFindChainInStore(HCERTSTORE,DWORD,DWORD,DWORD,const void*,PCCERT_CHAIN_CONTEXT);
 BOOL WINAPI CryptAcquireContextA(HCRYPTPROV*,LPCSTR,LPCSTR,DWORD,DWORD);
 BOOL WINAPI CryptAcquireContextW(HCRYPTPROV*,LPCWSTR,LPCWSTR,DWORD,DWORD);
 BOOL WINAPI CryptReleaseContext(HCRYPTPROV,DWORD);
@@ -166,20 +521,29 @@ BOOL WINAPI CryptVerifySignatureA(HCRYPTHASH,PBYTE,DWORD,HCRYPTKEY,LPCSTR,DWORD)
 BOOL WINAPI CryptVerifySignatureW(HCRYPTHASH,PBYTE,DWORD,HCRYPTKEY,LPCWSTR,DWORD);
 BOOL WINAPI CryptSetProviderA(LPCSTR,DWORD);
 BOOL WINAPI CryptSetProviderW(LPCWSTR,DWORD);
+
 #ifdef UNICODE
+#define CertNameToStr CertNameToStrW
 #define CryptAcquireContext CryptAcquireContextW
 #define CryptSignHash CryptSignHashW
 #define CryptVerifySignature CryptVerifySignatureW
 #define CryptSetProvider CryptSetProviderW
+#define CertOpenSystemStore CertOpenSystemStoreW
+#define CERT_FIND_SUBJECT_STR CERT_FIND_SUBJECT_STR_W
+#define CERT_FIND_ISSUER_STR CERT_FIND_ISSUER_STR_W
 #define MS_DEF_PROV MS_DEF_PROV_W
 #else
+#define CertNameToStr CertNameToStrA
 #define CryptAcquireContext CryptAcquireContextA
 #define CryptSignHash CryptSignHashA
 #define CryptVerifySignature CryptVerifySignatureA
 #define CryptSetProvider CryptSetProviderA
+#define CertOpenSystemStore CertOpenSystemStoreA
+#define CERT_FIND_SUBJECT_STR CERT_FIND_SUBJECT_STR_A
+#define CERT_FIND_ISSUER_STR CERT_FIND_ISSUER_STR_A
 #define MS_DEF_PROV MS_DEF_PROV_A
 #endif
 #ifdef __cplusplus
 }
 #endif
-#endif
+#endif /* _WINCRYPT_H */
diff --git a/winsup/w32api/lib/crypt32.def b/winsup/w32api/lib/crypt32.def
new file mode 100644
index 000000000..fca58fd89
--- /dev/null
+++ b/winsup/w32api/lib/crypt32.def
@@ -0,0 +1,15 @@
+LIBRARY "CRYPT32.DLL"
+EXPORTS
+CertFreeCertificateChain@4
+CertGetCertificateChain@32
+CertNameToStrA@20
+CertNameToStrW@20
+CertVerifyCertificateChainPolicy@16
+CertCloseStore@8
+CertOpenSystemStoreA@8
+CertOpenSystemStoreW@8
+CertFindCertificateInStore@24
+CertFreeCertificateContext@4
+CertGetIssuerCertificateFromStore@16
+CertFindChainInStore@24
+CertOpenStore@20
diff --git a/winsup/w32api/lib/secur32.def b/winsup/w32api/lib/secur32.def
index 129cec8fe..bd130a1e1 100644
--- a/winsup/w32api/lib/secur32.def
+++ b/winsup/w32api/lib/secur32.def
@@ -1,8 +1,33 @@
 LIBRARY SECUR32.dll
 EXPORTS
+AcquireCredentialsHandleA@36
+AcquireCredentialsHandleW@36
+AcceptSecurityContext@36
+DecryptMessage@16
+DeleteSecurityContext@4
+EncryptMessage@16
+EnumerateSecurityPackagesA@8
+EnumerateSecurityPackagesW@8
+FreeContextBuffer@4
+FreeCredentialsHandle@4
+InitializeSecurityContextA@48
+InitializeSecurityContextW@48
 LsaCallAuthenticationPackage@28
 LsaDeregisterLogonProcess@4
 LsaFreeReturnBuffer@4
 LsaLogonUser@56
 LsaLookupAuthenticationPackage@12
 LsaRegisterLogonProcess@12
+QueryContextAttributesA@12
+QueryContextAttributesW@12
+QueryCredentialsAttributesA@12
+QueryCredentialsAttributesW@12
+CompleteAuthToken@8
+ApplyControlTokenA@8
+ApplyControlTokenW@8
+ImpersonateSecurityContext@4
+RevertSecurityContext@4
+MakeSignature@16
+VerifySignature@16
+QuerySecurityPackageInfoA@8
+QuerySecurityPackageInfoW@8
diff --git a/winsup/w32api/lib/test.c b/winsup/w32api/lib/test.c
index 9a6d79935..ce9ff3bfb 100644
--- a/winsup/w32api/lib/test.c
+++ b/winsup/w32api/lib/test.c
@@ -59,6 +59,8 @@
 #include <wsnetbs.h>
 #include <setupapi.h>
 #include <aclapi.h>
+#include <security.h>
+#include <schnlsp.h>
 
 #ifndef __OBJC__  /* problems with BOOL */
 #include <ole2.h>