2007-11-21 elsapo <elsapo@users.sourceforge.net>

        * include/wincrypt.h (CERT_NAME_STR_COMMA_FLAG,
        CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG, CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG,
        CMC_ADD_ATTRIBUTES, CMC_ADD_EXTENSIONS, X509_CERT_PAIR,
        X509_CERTIFICATE_TEMPLATE, X509_CROSS_CERT_DIST_POINTS, CMC_DATA,
        X509_NAME_CONSTRAINTS, X509_POLICY_CONSTRAINTS, X509_POLICY_MAPPINGS,
        CMC_RESPONSE, CMC_STATUS, X509_ALGORITHM_IDENTIFIER, X509_ALTERNATE_NAME,
        PKCS_ATTRIBUTE, X509_AUTHORITY_INFO_ACCESS, X509_AUTHORITY_KEY_ID,
        X509_AUTHORITY_KEY_ID2, szOID_BASIC_CONSTRAINTS, X509_BASIC_CONSTRAINTS2,
        X509_BIOMETRIC_EXT, X509_BITS, X509_CERT, X509_CERT_CRL_TO_BE_SIGNED,
        X509_CERT_POLICIES, X509_CERT_REQUEST_TO_BE_SIGNED, X509_CERT_TO_BE_SIGNED,
        X509_CHOICE_OF_TIME, PKCS_CONTENT_INFO, PKCS_CONTENT_INFO_SEQUENCE_OF_ANY,
        X509_CRL_DIST_POINTS, RSA_CSP_PUBLICKEYBLOB, PKCS_CTL, X509_DSS_PARAMETERS,
        X509_DSS_SIGNATURE, X509_ECC_SIGNATURE, X509_ENHANCED_KEY_USAGE,
        X509_ENUMERATED, X509_EXTENSIONS, X509_INTEGER, X509_ISSUING_DIST_POINT,
        X509_KEY_ATTRIBUTES, X509_KEY_USAGE, X509_KEY_USAGE_RESTRICTION,
        X509_KEYGEN_REQUEST_TO_BE_SIGNED, X509_LOGOTYPE_EXT,
        X509_MULTI_BYTE_INTEGER, X509_MULTI_BYTE_UINT, X509_NAME, X509_NAME_VALUE,
        X509_OBJECT_IDENTIFIER, X509_OCTET_STRING, X509_PUBLIC_KEY_INFO,
        PKCS_RC2_CBC_PARAMETERS, CNG_RSA_PUBLIC_KEY_BLOB,
        PKCS_RSA_SSA_PSS_PARAMETERS, PKCS_RSAES_OAEP_PARAMETERS,
        ECC_CMS_SHARED_INFO, X509_SEQUENCE_OF_ANY, PKCS7_SIGNER_INFO,
        CMS_SIGNER_INFO, PKCS_SMIME_CAPABILITIES, PKCS_TIME_REQUEST,
        X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, PKCS_UTC_TIME,
        OCSP_SIGNED_REQUEST, OCSP_REQUEST, OCSP_RESPONSE,
        OCSP_BASIC_SIGNED_RESPONSE, OCSP_BASIC_RESPONSE, CRL_REASON_UNSPECIFIED,
        CRL_REASON_KEY_COMPROMISE, CRL_REASON_CA_COMPROMISE,
        CRL_REASON_AFFILIATION_CHANGED, CRL_REASON_SUPERSEDED,
        CRL_REASON_CESSATION_OF_OPERATION, CRL_REASON_CERTIFICATE_HOLD,
        CRL_REASON_REMOVE_FROM_CRL, CRYPT_ENCODE_ALLOC_FLAG,
        CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG,
        CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG,
        CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG,
        CRYPT_UNICODE_NAME_ENCODE_FORCE_UTF8_UNICODE_FLAG,
        szOID_APPLICATION_CERT_POLICIES, szOID_APPLICATION_POLICY_CONSTRAINTS,
        szOID_APPLICATION_POLICY_MAPPINGS, szOID_AUTHORITY_INFO_ACCESS,
        szOID_AUTHORITY_KEY_IDENTIFIER, szOID_AUTHORITY_KEY_IDENTIFIER2,
        X509_BASIC_CONSTRAINTS, szOID_BIOMETRIC_EXT, szOID_CERT_EXTENSIONS,
        szOID_CERT_POLICIES, szOID_CERTIFICATE_TEMPLATE, szOID_CRL_NUMBER,
        szOID_CROSS_CERT_DIST_POINTS, szOID_DELTA_CRL_INDICATOR,
        szOID_ENROLLMENT_NAME_VALUE_PAIR, szOID_FRESHEST_CRL,
        szOID_ISSUING_DIST_POINT, szOID_NAME_CONSTRAINTS, szOID_CRL_DIST_POINTS,
        szOID_CRL_REASON_CODE, szOID_CRL_VIRTUAL_BASE, szOID_ECC_PUBLIC_KEY,
        szOID_ECDSA_SPECIFIED, szOID_ENHANCED_KEY_USAGE, szOID_ISSUER_ALT_NAME,
        szOID_ISSUER_ALT_NAME2, szOID_KEY_ATTRIBUTES, szOID_KEY_USAGE,
        szOID_KEY_USAGE_RESTRICTION, szOID_LOGOTYPE_EXT, szOID_POLICY_CONSTRAINTS,
        szOID_POLICY_MAPPINGS, szOID_RSA_SSA_PSS, szOID_RSAES_OAEP,
        szOID_SUBJECT_ALT_NAME, szOID_SUBJECT_ALT_NAME2,
        szOID_SUBJECT_KEY_IDENTIFIER, CMC_ADD_ATTRIBUTES_INFO,
        PCMC_ADD_ATTRIBUTES_INFO, CMC_ADD_EXTENSIONS_INFO, PCMC_ADD_EXTENSIONS_INFO,
        CERT_ALT_NAME_ENTRY, PCERT_ALT_NAME_ENTRY, CERT_ALT_NAME_INFO,
        PCERT_ALT_NAME_INFO, CERT_NAME_VALUE, PCERT_NAME_VALUE,
        CERT_POLICY_QUALIFIER_INFO, PCERT_POLICY_QUALIFIER_INFO,
        CERT_POLICY_CONSTRAINTS_INFO, PCERT_POLICY_CONSTRAINTS_INFO,
        CERT_POLICY_MAPPINGS_INFO, PCERT_POLICY_MAPPINGS_INFO, CERT_POLICY_MAPPING,
        PCERT_POLICY_MAPPING, CryptDecodeObjectEx, CryptEncodeObject,
        CryptEncodeObjectEx): define.

2 files changed, 270 insertions, 0 deletions

diff --git a/winsup/w32api/ChangeLog b/winsup/w32api/ChangeLog
index c56bf2f47..06abb9dfa 100644
--- a/winsup/w32api/ChangeLog
+++ b/winsup/w32api/ChangeLog
@@ -1,3 +1,62 @@
+2007-11-21  elsapo  <elsapo@users.sourceforge.net>
+
+	* include/wincrypt.h (CERT_NAME_STR_COMMA_FLAG,
+	CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG, CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG,
+	CMC_ADD_ATTRIBUTES, CMC_ADD_EXTENSIONS, X509_CERT_PAIR,
+	X509_CERTIFICATE_TEMPLATE, X509_CROSS_CERT_DIST_POINTS, CMC_DATA,
+	X509_NAME_CONSTRAINTS, X509_POLICY_CONSTRAINTS, X509_POLICY_MAPPINGS,
+	CMC_RESPONSE, CMC_STATUS, X509_ALGORITHM_IDENTIFIER, X509_ALTERNATE_NAME,
+	PKCS_ATTRIBUTE, X509_AUTHORITY_INFO_ACCESS, X509_AUTHORITY_KEY_ID,
+	X509_AUTHORITY_KEY_ID2, szOID_BASIC_CONSTRAINTS, X509_BASIC_CONSTRAINTS2,
+	X509_BIOMETRIC_EXT, X509_BITS, X509_CERT, X509_CERT_CRL_TO_BE_SIGNED,
+	X509_CERT_POLICIES, X509_CERT_REQUEST_TO_BE_SIGNED, X509_CERT_TO_BE_SIGNED,
+	X509_CHOICE_OF_TIME, PKCS_CONTENT_INFO, PKCS_CONTENT_INFO_SEQUENCE_OF_ANY,
+	X509_CRL_DIST_POINTS, RSA_CSP_PUBLICKEYBLOB, PKCS_CTL, X509_DSS_PARAMETERS,
+	X509_DSS_SIGNATURE, X509_ECC_SIGNATURE, X509_ENHANCED_KEY_USAGE,
+	X509_ENUMERATED, X509_EXTENSIONS, X509_INTEGER, X509_ISSUING_DIST_POINT,
+	X509_KEY_ATTRIBUTES, X509_KEY_USAGE, X509_KEY_USAGE_RESTRICTION,
+	X509_KEYGEN_REQUEST_TO_BE_SIGNED, X509_LOGOTYPE_EXT,
+	X509_MULTI_BYTE_INTEGER, X509_MULTI_BYTE_UINT, X509_NAME, X509_NAME_VALUE,
+	X509_OBJECT_IDENTIFIER, X509_OCTET_STRING, X509_PUBLIC_KEY_INFO,
+	PKCS_RC2_CBC_PARAMETERS, CNG_RSA_PUBLIC_KEY_BLOB,
+	PKCS_RSA_SSA_PSS_PARAMETERS, PKCS_RSAES_OAEP_PARAMETERS,
+	ECC_CMS_SHARED_INFO, X509_SEQUENCE_OF_ANY, PKCS7_SIGNER_INFO,
+	CMS_SIGNER_INFO, PKCS_SMIME_CAPABILITIES, PKCS_TIME_REQUEST,
+	X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, PKCS_UTC_TIME,
+	OCSP_SIGNED_REQUEST, OCSP_REQUEST, OCSP_RESPONSE,
+	OCSP_BASIC_SIGNED_RESPONSE, OCSP_BASIC_RESPONSE, CRL_REASON_UNSPECIFIED,
+	CRL_REASON_KEY_COMPROMISE, CRL_REASON_CA_COMPROMISE,
+	CRL_REASON_AFFILIATION_CHANGED, CRL_REASON_SUPERSEDED,
+	CRL_REASON_CESSATION_OF_OPERATION, CRL_REASON_CERTIFICATE_HOLD,
+	CRL_REASON_REMOVE_FROM_CRL, CRYPT_ENCODE_ALLOC_FLAG,
+	CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG,
+	CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG,
+	CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG,
+	CRYPT_UNICODE_NAME_ENCODE_FORCE_UTF8_UNICODE_FLAG,
+	szOID_APPLICATION_CERT_POLICIES, szOID_APPLICATION_POLICY_CONSTRAINTS,
+	szOID_APPLICATION_POLICY_MAPPINGS, szOID_AUTHORITY_INFO_ACCESS,
+	szOID_AUTHORITY_KEY_IDENTIFIER, szOID_AUTHORITY_KEY_IDENTIFIER2,
+	X509_BASIC_CONSTRAINTS, szOID_BIOMETRIC_EXT, szOID_CERT_EXTENSIONS,
+	szOID_CERT_POLICIES, szOID_CERTIFICATE_TEMPLATE, szOID_CRL_NUMBER,
+	szOID_CROSS_CERT_DIST_POINTS, szOID_DELTA_CRL_INDICATOR,
+	szOID_ENROLLMENT_NAME_VALUE_PAIR, szOID_FRESHEST_CRL,
+	szOID_ISSUING_DIST_POINT, szOID_NAME_CONSTRAINTS, szOID_CRL_DIST_POINTS,
+	szOID_CRL_REASON_CODE, szOID_CRL_VIRTUAL_BASE, szOID_ECC_PUBLIC_KEY,
+	szOID_ECDSA_SPECIFIED, szOID_ENHANCED_KEY_USAGE, szOID_ISSUER_ALT_NAME,
+	szOID_ISSUER_ALT_NAME2, szOID_KEY_ATTRIBUTES, szOID_KEY_USAGE,
+	szOID_KEY_USAGE_RESTRICTION, szOID_LOGOTYPE_EXT, szOID_POLICY_CONSTRAINTS,
+	szOID_POLICY_MAPPINGS, szOID_RSA_SSA_PSS, szOID_RSAES_OAEP,
+	szOID_SUBJECT_ALT_NAME, szOID_SUBJECT_ALT_NAME2,
+	szOID_SUBJECT_KEY_IDENTIFIER, CMC_ADD_ATTRIBUTES_INFO,
+	PCMC_ADD_ATTRIBUTES_INFO, CMC_ADD_EXTENSIONS_INFO, PCMC_ADD_EXTENSIONS_INFO,
+	CERT_ALT_NAME_ENTRY, PCERT_ALT_NAME_ENTRY, CERT_ALT_NAME_INFO,
+	PCERT_ALT_NAME_INFO, CERT_NAME_VALUE, PCERT_NAME_VALUE,
+	CERT_POLICY_QUALIFIER_INFO, PCERT_POLICY_QUALIFIER_INFO,
+	CERT_POLICY_CONSTRAINTS_INFO, PCERT_POLICY_CONSTRAINTS_INFO,
+	CERT_POLICY_MAPPINGS_INFO, PCERT_POLICY_MAPPINGS_INFO, CERT_POLICY_MAPPING,
+	PCERT_POLICY_MAPPING, CryptDecodeObjectEx, CryptEncodeObject,
+	CryptEncodeObjectEx): define.
+
 2007-11-21  Brian Dessent <dessent@users.sourceforge.net>
 
 	* include/winbase.h (CheckTokenMembership): define.
diff --git a/winsup/w32api/include/wincrypt.h b/winsup/w32api/include/wincrypt.h
index 5e7adcb15..57fedad42 100644
--- a/winsup/w32api/include/wincrypt.h
+++ b/winsup/w32api/include/wincrypt.h
@@ -280,10 +280,13 @@ extern "C" {
 #define CERT_SIMPLE_NAME_STR 1
 #define CERT_OID_NAME_STR 2
 #define CERT_X500_NAME_STR 3
+#define CERT_NAME_STR_COMMA_FLAG 0x04000000
 #define CERT_NAME_STR_SEMICOLON_FLAG 1073741824
 #define CERT_NAME_STR_CRLF_FLAG 134217728
 #define CERT_NAME_STR_NO_PLUS_FLAG 536870912
 #define CERT_NAME_STR_NO_QUOTING_FLAG 268435456
+#define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000
+#define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000
 #define CERT_NAME_STR_REVERSE_FLAG 33554432
 #define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 131072
 #define CERT_FIND_ANY 0
@@ -371,6 +374,98 @@ extern "C" {
 #define SCHANNEL_MAC_KEY    0x00000000
 #define SCHANNEL_ENC_KEY    0x00000001
 #define INTERNATIONAL_USAGE 0x00000001
+#if (WINVER >= 0x0501) /* Windows Server 2003, Windows XP */
+#define CMC_ADD_ATTRIBUTES (LPCSTR) 63
+#define CMC_ADD_EXTENSIONS (LPCSTR) 62
+#define X509_CERT_PAIR (LPCSTR) 53
+#define X509_CERTIFICATE_TEMPLATE (LPCSTR) 64
+#define X509_CROSS_CERT_DIST_POINTS (LPCSTR) 58
+#define CMC_DATA (LPCSTR) 59
+#define X509_NAME_CONSTRAINTS (LPCSTR) 55
+#define X509_POLICY_CONSTRAINTS (LPCSTR) 57
+#define X509_POLICY_MAPPINGS (LPCSTR) 56
+#define CMC_RESPONSE (LPCSTR) 60
+#define CMC_STATUS (LPCSTR) 61
+#endif /* (WINVER >= 0x0501) */ /* Windows Server 2003, Windows XP */
+#define X509_ALGORITHM_IDENTIFIER (LPCSTR) 74
+#define X509_ALTERNATE_NAME (LPCSTR) 12
+/* need X509_ANY_STRING */
+#define PKCS_ATTRIBUTE (LPCSTR) 22
+#define X509_AUTHORITY_INFO_ACCESS (LPCSTR) 32
+#define X509_AUTHORITY_KEY_ID (LPCSTR) 9
+#define X509_AUTHORITY_KEY_ID2 (LPCSTR) 31
+#define szOID_BASIC_CONSTRAINTS "2.5.29.10"
+#define X509_BASIC_CONSTRAINTS2 (LPCSTR) 15
+#define X509_BIOMETRIC_EXT (LPCSTR) 71
+#define X509_BITS (LPCSTR) 26
+#define X509_CERT (LPCSTR) 1
+#define X509_CERT_CRL_TO_BE_SIGNED (LPCSTR) 3
+#define X509_CERT_POLICIES (LPCSTR) 16
+#define X509_CERT_REQUEST_TO_BE_SIGNED (LPCSTR) 4
+#define X509_CERT_TO_BE_SIGNED (LPCSTR) 2
+#define X509_CHOICE_OF_TIME (LPCSTR) 30
+#define PKCS_CONTENT_INFO (LPCSTR) 33
+#define PKCS_CONTENT_INFO_SEQUENCE_OF_ANY (LPCSTR) 23
+#define X509_CRL_DIST_POINTS (LPCSTR) 35
+/* need X509_CRL_REASON_CODE */
+#define RSA_CSP_PUBLICKEYBLOB (LPCSTR) 19
+#define PKCS_CTL (LPCSTR) 37
+#define X509_DSS_PARAMETERS (LPCSTR) 39
+/* need X509_DSS_PUBLICKEY */
+#define X509_DSS_SIGNATURE (LPCSTR) 40
+#define X509_ECC_SIGNATURE (LPCSTR) 47
+#define X509_ENHANCED_KEY_USAGE (LPCSTR) 36
+#define X509_ENUMERATED (LPCSTR) 29
+#define X509_EXTENSIONS (LPCSTR) 5
+#define X509_INTEGER (LPCSTR) 27
+#define X509_ISSUING_DIST_POINT (LPCSTR) 54
+#define X509_KEY_ATTRIBUTES (LPCSTR) 10
+#define X509_KEY_USAGE (LPCSTR) 14
+#define X509_KEY_USAGE_RESTRICTION (LPCSTR) 11
+#define X509_KEYGEN_REQUEST_TO_BE_SIGNED (LPCSTR) 21
+#define X509_LOGOTYPE_EXT (LPCSTR) 70
+#define X509_MULTI_BYTE_INTEGER (LPCSTR) 28
+#define X509_MULTI_BYTE_UINT (LPCSTR) 38
+#define X509_NAME (LPCSTR) 7
+#define X509_NAME_VALUE (LPCSTR) 6
+#define X509_OBJECT_IDENTIFIER (LPCSTR) 73
+#define X509_OCTET_STRING (LPCSTR) 25
+#define X509_PUBLIC_KEY_INFO (LPCSTR) 8
+#define PKCS_RC2_CBC_PARAMETERS (LPCSTR) 41
+#define CNG_RSA_PUBLIC_KEY_BLOB (LPCSTR) 72
+#define PKCS_RSA_SSA_PSS_PARAMETERS (LPCSTR) 75
+#define PKCS_RSAES_OAEP_PARAMETERS (LPCSTR) 76
+#define ECC_CMS_SHARED_INFO (LPCSTR) 77
+#define X509_SEQUENCE_OF_ANY (LPCSTR) 34
+#define PKCS7_SIGNER_INFO (LPCSTR) 500
+#define CMS_SIGNER_INFO (LPCSTR) 501
+#define PKCS_SMIME_CAPABILITIES (LPCSTR) 42
+#define PKCS_TIME_REQUEST (LPCSTR) 18
+/* need X509_UNICODE_ANY_STRING */
+#define X509_UNICODE_NAME (LPCSTR) 20
+#define X509_UNICODE_NAME_VALUE (LPCSTR) 24
+#define PKCS_UTC_TIME (LPCSTR) 17
+#define OCSP_SIGNED_REQUEST (LPCSTR) 65
+#define OCSP_REQUEST (LPCSTR) 66
+#define OCSP_RESPONSE (LPCSTR) 67
+#define OCSP_BASIC_SIGNED_RESPONSE (LPCSTR) 68
+#define OCSP_BASIC_RESPONSE (LPCSTR) 69
+enum { CRL_REASON_UNSPECIFIED=0,
+	CRL_REASON_KEY_COMPROMISE=1,
+	CRL_REASON_CA_COMPROMISE=2,
+	CRL_REASON_AFFILIATION_CHANGED=3,
+	CRL_REASON_SUPERSEDED=4,
+	CRL_REASON_CESSATION_OF_OPERATION=5,
+	CRL_REASON_CERTIFICATE_HOLD=6,
+	CRL_REASON_REMOVE_FROM_CRL=7
+	};
+/* need CRYPT_DECODE_NOCOPY_FLAG */
+#define CRYPT_ENCODE_ALLOC_FLAG 0x8000
+#define CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG 0x40000000
+#define CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG 0x80000000
+#define CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG 0x20000000
+#define CRYPT_UNICODE_NAME_ENCODE_FORCE_UTF8_UNICODE_FLAG 0x10000000
+
 
 #define szOID_RSA 	"1.2.840.113549"
 #define szOID_PKCS 	"1.2.840.113549.1"
@@ -506,6 +601,46 @@ extern "C" {
 #define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8"
 #define szOID_RSA_unstructName "1.2.840.113549.1.9.2"
 #define szOID_BASIC_CONSTRAINTS2 	"2.5.29.19"
+#define szOID_APPLICATION_CERT_POLICIES "1.3.6.1.4.1.311.21.10"
+#define szOID_APPLICATION_POLICY_CONSTRAINTS "1.3.6.1.4.1.311.21.12"
+#define szOID_APPLICATION_POLICY_MAPPINGS "1.3.6.1.4.1.311.21.11"
+#define szOID_AUTHORITY_INFO_ACCESS "1.3.6.1.5.5.7.1.1"
+#define szOID_AUTHORITY_KEY_IDENTIFIER "2.5.29.1"
+#define szOID_AUTHORITY_KEY_IDENTIFIER2 "2.5.29.35"
+#define X509_BASIC_CONSTRAINTS (LPCSTR) 13
+#define szOID_BIOMETRIC_EXT "1.3.6.1.5.5.7.1.2"
+#define szOID_CERT_EXTENSIONS "1.3.6.1.4.1.311.2.1.14"
+#define szOID_CERT_POLICIES "2.5.29.32"
+#if (WINVER >= 0x0501) /* Windows Server 2003, Windows XP */
+#define szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7"
+#define szOID_CRL_NUMBER "2.5.29.20"
+#define szOID_CROSS_CERT_DIST_POINTS "1.3.6.1.4.1.311.10.9.1"
+#define szOID_DELTA_CRL_INDICATOR "2.5.29.27"
+#define szOID_ENROLLMENT_NAME_VALUE_PAIR "1.3.6.1.4.1.311.13.2.1"
+#define szOID_FRESHEST_CRL "2.5.29.46"
+#define szOID_ISSUING_DIST_POINT "2.5.29.28"
+#define szOID_NAME_CONSTRAINTS "2.5.29.30"
+#endif /* (WINVER >= 0x0501) */ /* Windows Server 2003, Windows XP */
+#define szOID_CRL_DIST_POINTS 2.5.29.31
+#define szOID_CRL_REASON_CODE "2.5.29.21"
+#define szOID_CRL_VIRTUAL_BASE "1.3.6.1.4.1.311.21.3"
+#define szOID_ECC_PUBLIC_KEY "1.2.840.10045.2.1"
+#define szOID_ECDSA_SPECIFIED "1.2.840.10045.4.3"
+#define szOID_ENHANCED_KEY_USAGE "2.5.29.37"
+#define szOID_ISSUER_ALT_NAME "2.5.29.8"
+#define szOID_ISSUER_ALT_NAME2 "2.5.29.18"
+#define szOID_KEY_ATTRIBUTES "2.5.29.2"
+#define szOID_KEY_USAGE "2.5.29.4"
+#define szOID_KEY_USAGE_RESTRICTION "2.5.29.4"
+#define szOID_LOGOTYPE_EXT "1.3.6.1.5.5.7.1.12"
+/* need szOID_NEXT_UPDATE_LOCATION */
+#define szOID_POLICY_CONSTRAINTS "2.5.29.36"
+#define szOID_POLICY_MAPPINGS "2.5.29.33"
+#define szOID_RSA_SSA_PSS "1.2.840.113549.1.1.10"
+#define szOID_RSAES_OAEP "1.2.840.113549.1.1.7"
+#define szOID_SUBJECT_ALT_NAME "2.5.29.7"
+#define szOID_SUBJECT_ALT_NAME2 "2.5.29.17"
+#define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
 
 typedef struct _CERT_BASIC_CONSTRAINTS2_INFO {
   BOOL fCA;
@@ -785,6 +920,79 @@ typedef struct _HMAC_Info
 	BYTE* pbOuterString;
 	DWORD cbOuterString;
 } HMAC_INFO, *PHMAC_INFO;
+#if (WINVER >= 0x0501) /* Windows Server 2003, Windows XP */
+typedef struct _CMC_ADD_ATTRIBUTES_INFO {
+  DWORD dwCmcDataReference;
+  DWORD cCertReference;
+  DWORD* rgdwCertReference;
+  DWORD cAttribute;
+  PCRYPT_ATTRIBUTE rgAttribute;
+} CMC_ADD_ATTRIBUTES_INFO, 
+ *PCMC_ADD_ATTRIBUTES_INFO;
+typedef struct _CMC_ADD_EXTENSIONS_INFO {
+  DWORD dwCmcDataReference;
+  DWORD cCertReference;
+  DWORD* rgdwCertReference;
+  DWORD cExtension;
+  PCERT_EXTENSION rgExtension;
+} CMC_ADD_EXTENSIONS_INFO, 
+ *PCMC_ADD_EXTENSIONS_INFO;
+#endif /* (WINVER >= 0x0501) */ /* Windows Server 2003, Windows XP */
+#if (WINVER >= 0x0410) /* Windows 98 */
+/* need PCERT_OTHER_NAME & CERT_DATA_BLOB!
+typedef struct _CERT_ALT_NAME_ENTRY {
+  DWORD dwAltNameChoice;
+  union {
+    PCERT_OTHER_NAME pOtherName;
+    LPWSTR pwszRfc822Name;
+    LPWSTR pwszDNSName;
+    CERT_DATA_BLOB x400Address;
+    CERT_NAME_BLOB DirectoryName;
+    LPWSTR pEdiPartyName;
+    LPWSTR pwszURL;
+    CRYPT_DATA_BLOB IPAddress;
+    LPSTR pszRegisteredID;
+  };
+} CERT_ALT_NAME_ENTRY, 
+ *PCERT_ALT_NAME_ENTRY;
+*/
+/* needs CERT_ALT_NAME_ENTRY above, which lacks prereqs
+typedef struct _CERT_ALT_NAME_INFO {
+  DWORD cAltEntry;
+  PCERT_ALT_NAME_ENTRY rgAltEntry;
+} CERT_ALT_NAME_INFO, 
+ *PCERT_ALT_NAME_INFO;
+ */
+typedef struct _CERT_NAME_VALUE {
+  DWORD dwValueType;
+  CERT_RDN_VALUE_BLOB Value;
+} CERT_NAME_VALUE, 
+ *PCERT_NAME_VALUE;
+typedef struct _CERT_POLICY_QUALIFIER_INFO {
+  LPSTR pszPolicyQualifierId;
+  CRYPT_OBJID_BLOB Qualifier;
+} CERT_POLICY_QUALIFIER_INFO, 
+ *PCERT_POLICY_QUALIFIER_INFO;
+typedef struct _CERT_POLICY_CONSTRAINTS_INFO {
+  BOOL fRequireExplicitPolicy;
+  DWORD dwRequireExplicitPolicySkipCerts;
+  BOOL fInhibitPolicyMapping;
+  DWORD dwInhibitPolicyMappingSkipCerts;
+} CERT_POLICY_CONSTRAINTS_INFO, 
+ *PCERT_POLICY_CONSTRAINTS_INFO;
+#endif /* (WINVER >= 0x0410) */ /* Windows 98 */
+#if (WINVER >= 0x0501) /* Windows Server 2003, Windows XP */
+typedef struct _CERT_POLICY_MAPPINGS_INFO {
+  DWORD cPolicyMapping;
+  PCERT_POLICY_MAPPING rgPolicyMapping;
+} CERT_POLICY_MAPPINGS_INFO, 
+ *PCERT_POLICY_MAPPINGS_INFO;
+typedef struct _CERT_POLICY_MAPPING {
+  LPSTR pszIssuerDomainPolicy;
+  LPSTR pszSubjectDomainPolicy;
+} CERT_POLICY_MAPPING, 
+ *PCERT_POLICY_MAPPING;
+#endif /* (WINVER >= 0x0501) */ /* Windows Server 2003, Windows XP */
 
 BOOL WINAPI CertCloseStore(HCERTSTORE,DWORD);
 BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE,PCCERT_CONTEXT,LPFILETIME,HCERTSTORE,PCERT_CHAIN_PARA,DWORD,LPVOID,PCCERT_CHAIN_CONTEXT*);
@@ -808,6 +1016,9 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT,DWORD,DWORD,void*,LPWSTR,DWORD);
 BOOL WINAPI PFXIsPFXBlob(CRYPT_DATA_BLOB*);
 PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR,DWORD,CERT_EXTENSION*);
 BOOL WINAPI CryptDecodeObject(DWORD,LPCSTR,const BYTE*,DWORD,DWORD,void*,DWORD*);
+BOOL WINAPI CryptDecodeObjectEx(DWORD,LPCSTR,const BYTE*,DWORD,DWORD,PCRYPT_DECODE_PARA,void*,DWORD*);
+BOOL WINAPI CryptEncodeObject(DWORD dwCertEncodingType,LPCSTR,const void*,BYTE*,DWORD*);
+BOOL WINAPI CryptEncodeObjectEx(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*);
 BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE,PCCERT_CONTEXT,DWORD,PCCERT_CONTEXT*);
 BOOL WINAPI CertCompareCertificate(DWORD,PCERT_INFO,PCERT_INFO);
 BOOL WINAPI PFXVerifyPassword(CRYPT_DATA_BLOB*,LPCWSTR,DWORD);