Headers diff for wintrust.dll between 6.0.6001.18000-Windows 6.0 and 6.1.7601.18839-Windows 7.0 versions

wincrypt.h (6.0.6001.18000-Windows 6.0)		wincrypt.h (6.1.7601.18839-Windows 7.0)

skipping to change at line 210		skipping to change at line 210
#define ALG_SID_SHA1 4		#define ALG_SID_SHA1 4
#define ALG_SID_MAC 5		#define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6		#define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7		#define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8		#define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9		#define ALG_SID_HMAC 9
#define ALG_SID_TLS1PRF 10		#define ALG_SID_TLS1PRF 10
#if (NTDDI_VERSION >= NTDDI_WINXP)		#if (NTDDI_VERSION >= NTDDI_WINXP)
#define ALG_SID_HASH_REPLACE_OWF 11		#define ALG_SID_HASH_REPLACE_OWF 11
#endif //(NTDDI_VERSION >= NTDDI_WINXP)		#endif //(NTDDI_VERSION >= NTDDI_WINXP)

#if (NTDDI_VERSION >= NTDDI_WS03)		#if (NTDDI_VERSION > NTDDI_WINXPSP2)
#define ALG_SID_SHA_256 12		#define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13		#define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14		#define ALG_SID_SHA_512 14

#endif //(NTDDI_VERSION >= NTDDI_WS03)		#endif //(NTDDI_VERSION > NTDDI_WINXPSP2)

// secure channel sub ids		// secure channel sub ids
#define ALG_SID_SSL3_MASTER 1		#define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2		#define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3		#define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4		#define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5		#define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6		#define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7		#define ALG_SID_SCHANNEL_ENC_KEY 7


skipping to change at line 286		skipping to change at line 286
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_R C5)		#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_R C5)
#define CALG_HMAC (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_HMAC)		#define CALG_HMAC (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_HMAC)
#define CALG_TLS1PRF (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_TLS1PRF )		#define CALG_TLS1PRF (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_TLS1PRF )
#if (NTDDI_VERSION >= NTDDI_WINXP)		#if (NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_HASH_RE PLACE_OWF)		#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_HASH_RE PLACE_OWF)
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES_128)		#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES_192)		#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES_256)		#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES)		#define CALG_AES (ALG_CLASS_DATA_ENCRYPT\|ALG_TYPE_BLOCK\|ALG_SID_A ES)
#endif //(NTDDI_VERSION >= NTDDI_WINXP)		#endif //(NTDDI_VERSION >= NTDDI_WINXP)

#if (NTDDI_VERSION >= NTDDI_WS03)		#if (NTDDI_VERSION > NTDDI_WINXPSP2)
#define CALG_SHA_256 (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_SHA_256 )		#define CALG_SHA_256 (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_SHA_256 )
#define CALG_SHA_384 (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_SHA_384 )		#define CALG_SHA_384 (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_SHA_384 )
#define CALG_SHA_512 (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_SHA_512 )		#define CALG_SHA_512 (ALG_CLASS_HASH \| ALG_TYPE_ANY \| ALG_SID_SHA_512 )

#endif //(NTDDI_VERSION >= NTDDI_WS03)		#endif //(NTDDI_VERSION > NTDDI_WINXPSP2)
#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)
#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE \| ALG_TYPE_DH \| ALG_SID_ ECDH)		#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE \| ALG_TYPE_DH \| ALG_SID_ ECDH)
#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE \| ALG_TYPE_ANY \| ALG_SID _ECMQV)		#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE \| ALG_TYPE_ANY \| ALG_SID _ECMQV)
#define CALG_ECDSA (ALG_CLASS_SIGNATURE \| ALG_TYPE_DSS \| ALG_SID_EC DSA)		#define CALG_ECDSA (ALG_CLASS_SIGNATURE \| ALG_TYPE_DSS \| ALG_SID_EC DSA)
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

#if (NTDDI_VERSION < NTDDI_WINXP)		#if (NTDDI_VERSION < NTDDI_WINXP)
// resource number for signatures in the CSP		// resource number for signatures in the CSP
#define SIGNATURE_RESOURCE_NUMBER 0x29A		#define SIGNATURE_RESOURCE_NUMBER 0x29A


skipping to change at line 468		skipping to change at line 468
#endif //(NTDDI_VERSION >= NTDDI_WS03)		#endif //(NTDDI_VERSION >= NTDDI_WS03)
#define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys		#define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys
#define KP_CMS_KEY_INFO 37		#define KP_CMS_KEY_INFO 37
#define KP_CMS_DH_KEY_INFO 38		#define KP_CMS_DH_KEY_INFO 38
#define KP_PUB_PARAMS 39 // for setting public parameters		#define KP_PUB_PARAMS 39 // for setting public parameters
#define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters		#define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters
#define KP_HIGHEST_VERSION 41 // for TLS protocol version setting		#define KP_HIGHEST_VERSION 41 // for TLS protocol version setting
#if (NTDDI_VERSION >= NTDDI_WS03)		#if (NTDDI_VERSION >= NTDDI_WS03)
#define KP_GET_USE_COUNT 42 // for use with PP_CRYPT_COUNT_KEY_USE c ontexts		#define KP_GET_USE_COUNT 42 // for use with PP_CRYPT_COUNT_KEY_USE c ontexts
#endif //(NTDDI_VERSION >= NTDDI_WS03)		#endif //(NTDDI_VERSION >= NTDDI_WS03)

		#define KP_PIN_ID 43
		#define KP_PIN_INFO 44

// KP_PADDING		// KP_PADDING
#define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method		#define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method
#define RANDOM_PADDING 2		#define RANDOM_PADDING 2
#define ZERO_PADDING 3		#define ZERO_PADDING 3

// KP_MODE		// KP_MODE
#define CRYPT_MODE_CBC 1 // Cipher block chaining		#define CRYPT_MODE_CBC 1 // Cipher block chaining
#define CRYPT_MODE_ECB 2 // Electronic code book		#define CRYPT_MODE_ECB 2 // Electronic code book
#define CRYPT_MODE_OFB 3 // Output feedback mode		#define CRYPT_MODE_OFB 3 // Output feedback mode

skipping to change at line 588		skipping to change at line 590
// CryptSetProvParam		// CryptSetProvParam
//		//
#define PP_CLIENT_HWND 1		#define PP_CLIENT_HWND 1
#define PP_CONTEXT_INFO 11		#define PP_CONTEXT_INFO 11
#define PP_KEYEXCHANGE_KEYSIZE 12		#define PP_KEYEXCHANGE_KEYSIZE 12
#define PP_SIGNATURE_KEYSIZE 13		#define PP_SIGNATURE_KEYSIZE 13
#define PP_KEYEXCHANGE_ALG 14		#define PP_KEYEXCHANGE_ALG 14
#define PP_SIGNATURE_ALG 15		#define PP_SIGNATURE_ALG 15
#define PP_DELETEKEY 24		#define PP_DELETEKEY 24
#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)

#define PP_PIN_PROMPT_STRING 44		#define PP_PIN_PROMPT_STRING 44
		#define PP_SECURE_KEYEXCHANGE_PIN 47
		#define PP_SECURE_SIGNATURE_PIN 48
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

// certenrolld_begin -- PROV_RSA_*		// certenrolld_begin -- PROV_RSA_*
#define PROV_RSA_FULL 1		#define PROV_RSA_FULL 1
#define PROV_RSA_SIG 2		#define PROV_RSA_SIG 2
#define PROV_DSS 3		#define PROV_DSS 3
#define PROV_FORTEZZA 4		#define PROV_FORTEZZA 4
#define PROV_MS_EXCHANGE 5		#define PROV_MS_EXCHANGE 5
#define PROV_SSL 6		#define PROV_SSL 6
#define PROV_RSA_SCHANNEL 12		#define PROV_RSA_SCHANNEL 12

skipping to change at line 708		skipping to change at line 712
#endif		#endif

#define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider"		#define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider"
#define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider"		#define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider"
#ifdef UNICODE		#ifdef UNICODE
#define MS_SCARD_PROV MS_SCARD_PROV_W		#define MS_SCARD_PROV MS_SCARD_PROV_W
#else		#else
#define MS_SCARD_PROV MS_SCARD_PROV_A		#define MS_SCARD_PROV MS_SCARD_PROV_A
#endif		#endif


#if (NTDDI_VERSION >= NTDDI_WS03)		#if (NTDDI_VERSION >= NTDDI_WINXP)
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr ovider"		#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr ovider"
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P rovider"		#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P rovider"

#elif (NTDDI_VERSION == NTDDI_WINXP)		#define MS_ENH_RSA_AES_PROV_XP_A "Microsoft Enhanced RSA and AES Cryptographic P
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr		rovider (Prototype)"
ovider (Prototype)"		#define MS_ENH_RSA_AES_PROV_XP_W L"Microsoft Enhanced RSA and AES Cryptographic
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P		Provider (Prototype)"
rovider (Prototype)"
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINXP)
#ifdef UNICODE		#ifdef UNICODE

		#define MS_ENH_RSA_AES_PROV_XP MS_ENH_RSA_AES_PROV_XP_W
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W		#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W
#else		#else

		#define MS_ENH_RSA_AES_PROV_XP MS_ENH_RSA_AES_PROV_XP_A
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A		#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A
#endif		#endif
#endif //(NTDDI_VERSION >= NTDDI_WINXP)		#endif //(NTDDI_VERSION >= NTDDI_WINXP)

#define MAXUIDLEN 64		#define MAXUIDLEN 64

// Exponentiation Offload Reg Location		// Exponentiation Offload Reg Location
#define EXPO_OFFLOAD_REG_VALUE "ExpoOffload"		#define EXPO_OFFLOAD_REG_VALUE "ExpoOffload"
#define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo"		#define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo"


skipping to change at line 974		skipping to change at line 977
unsigned char EncryptionState[15][16]; // 14 rounds + 1		unsigned char EncryptionState[15][16]; // 14 rounds + 1
unsigned char DecryptionState[15][16];		unsigned char DecryptionState[15][16];
unsigned char Feedback[16];		unsigned char Feedback[16];
} CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE;		} CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE;
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CRYPTOAPI BLOB definitions		// CRYPTOAPI BLOB definitions
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
// certenrolls_begin -- *_BLOB		// certenrolls_begin -- *_BLOB

		#ifndef CRYPTO_BLOBS_DEFINED
		#define CRYPTO_BLOBS_DEFINED
typedef struct _CRYPTOAPI_BLOB {		typedef struct _CRYPTOAPI_BLOB {
DWORD cbData;		DWORD cbData;
__field_bcount(cbData) BYTE *pbData;		__field_bcount(cbData) BYTE *pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,		} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,		CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,
CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,		CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,
CERT_NAME_BLOB, *PCERT_NAME_BLOB,		CERT_NAME_BLOB, *PCERT_NAME_BLOB,
CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,		CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,
CERT_BLOB, *PCERT_BLOB,		CERT_BLOB, *PCERT_BLOB,
CRL_BLOB, *PCRL_BLOB,		CRL_BLOB, *PCRL_BLOB,
DATA_BLOB, *PDATA_BLOB,		DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,		CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,
CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,		CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,
CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,		CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,
CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,		CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,
CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;		CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;

		#endif
// certenrolls_end		// certenrolls_end

// structure for use with CryptSetKeyParam for CMS keys		// structure for use with CryptSetKeyParam for CMS keys
typedef struct _CMS_DH_KEY_INFO {		typedef struct _CMS_DH_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O)		DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O)
ALG_ID Algid; // algorithmm id for the key to be converted		ALG_ID Algid; // algorithmm id for the key to be converted
LPSTR pszContentEncObjId; // pointer to OID to hash in with Z		LPSTR pszContentEncObjId; // pointer to OID to hash in with Z
CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information		CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information
void *pReserved; // reserved - should be NULL		void *pReserved; // reserved - should be NULL
} CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO;		} CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO;

skipping to change at line 1159		skipping to change at line 1165
DWORD dwParam,		DWORD dwParam,
BYTE *pbData,		BYTE *pbData,
DWORD dwFlags		DWORD dwFlags
);		);
#endif //(NTDDI_VERSION < NTDDI_WINXP)		#endif //(NTDDI_VERSION < NTDDI_WINXP)

WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptGetKeyParam(		CryptGetKeyParam(

__in HCRYPTKEY hKey,		__in HCRYPTKEY hKey,
__in DWORD dwParam,		__in DWORD dwParam,
__out_bcount_part(pdwDataLen, pdwDataLen) BYTE *pbData,		__out_bcount_part_opt(pdwDataLen, pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen,		__inout DWORD *pdwDataLen,
__in DWORD dwFlags		__in DWORD dwFlags
);		);

#if (NTDDI_VERSION >= NTDDI_WINXP)		#if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptSetHashParam(		CryptSetHashParam(
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in DWORD dwParam,		__in DWORD dwParam,
__in CONST BYTE *pbData,		__in CONST BYTE *pbData,

skipping to change at line 1196		skipping to change at line 1202
DWORD dwFlags		DWORD dwFlags
);		);
#endif //(NTDDI_VERSION < NTDDI_WINXP)		#endif //(NTDDI_VERSION < NTDDI_WINXP)

WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptGetHashParam(		CryptGetHashParam(
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in DWORD dwParam,		__in DWORD dwParam,

__out_bcount_part(pdwDataLen, pdwDataLen) BYTE *pbData,		__out_bcount_part_opt(pdwDataLen, pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen,		__inout DWORD *pdwDataLen,
__in DWORD dwFlags		__in DWORD dwFlags
);		);

#if (NTDDI_VERSION >= NTDDI_WINXP)		#if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptSetProvParam(		CryptSetProvParam(
__in HCRYPTPROV hProv,		__in HCRYPTPROV hProv,

skipping to change at line 1279		skipping to change at line 1285
CryptImportKey(		CryptImportKey(
__in HCRYPTPROV hProv,		__in HCRYPTPROV hProv,
__in_bcount(dwDataLen) CONST BYTE *pbData,		__in_bcount(dwDataLen) CONST BYTE *pbData,
__in DWORD dwDataLen,		__in DWORD dwDataLen,
__in HCRYPTKEY hPubKey,		__in HCRYPTKEY hPubKey,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out HCRYPTKEY *phKey		__out HCRYPTKEY *phKey
);		);

WINADVAPI		WINADVAPI

__success(0 < return) BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptEncrypt(		CryptEncrypt(
__in HCRYPTKEY hKey,		__in HCRYPTKEY hKey,
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in BOOL Final,		__in BOOL Final,
__in DWORD dwFlags,		__in DWORD dwFlags,

__inout_bcount_part(dwBufLen, pdwDataLen) BYTE pbData,		__inout_bcount_part_opt(dwBufLen, pdwDataLen) BYTE pbData,
__out DWORD *pdwDataLen,		__inout DWORD *pdwDataLen,
__in DWORD dwBufLen		__in DWORD dwBufLen
);		);

WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptDecrypt(		CryptDecrypt(
__in HCRYPTKEY hKey,		__in HCRYPTKEY hKey,
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in BOOL Final,		__in BOOL Final,
__in DWORD dwFlags,		__in DWORD dwFlags,
__inout_bcount_part(pdwDataLen, pdwDataLen) BYTE *pbData,		__inout_bcount_part(pdwDataLen, pdwDataLen) BYTE *pbData,

__deref_inout DWORD *pdwDataLen		__inout DWORD *pdwDataLen
);		);

WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptCreateHash(		CryptCreateHash(
__in HCRYPTPROV hProv,		__in HCRYPTPROV hProv,
__in ALG_ID Algid,		__in ALG_ID Algid,
__in HCRYPTKEY hKey,		__in HCRYPTKEY hKey,
__in DWORD dwFlags,		__in DWORD dwFlags,

skipping to change at line 1347		skipping to change at line 1353
__in HCRYPTHASH hHash		__in HCRYPTHASH hHash
);		);

#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptSignHashA(		CryptSignHashA(
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in DWORD dwKeySpec,		__in DWORD dwKeySpec,

__in LPCSTR szDescription,		__in_opt LPCSTR szDescription,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out_bcount_part_opt(pdwSigLen, pdwSigLen) BYTE *pbSignature,		__out_bcount_part_opt(pdwSigLen, pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen		__inout DWORD *pdwSigLen
);		);
WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptSignHashW(		CryptSignHashW(
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in DWORD dwKeySpec,		__in DWORD dwKeySpec,

__in LPCWSTR szDescription,		__in_opt LPCWSTR szDescription,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out_bcount_part_opt(pdwSigLen, pdwSigLen) BYTE *pbSignature,		__out_bcount_part_opt(pdwSigLen, pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen		__inout DWORD *pdwSigLen
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptSignHash CryptSignHashW		#define CryptSignHash CryptSignHashW
#else		#else
#define CryptSignHash CryptSignHashA		#define CryptSignHash CryptSignHashA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

skipping to change at line 1437		skipping to change at line 1443

#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptVerifySignatureA(		CryptVerifySignatureA(
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature,		__in_bcount(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen,		__in DWORD dwSigLen,
__in HCRYPTKEY hPubKey,		__in HCRYPTKEY hPubKey,

__in LPCSTR szDescription,		__in_opt LPCSTR szDescription,
__in DWORD dwFlags		__in DWORD dwFlags
);		);
WINADVAPI		WINADVAPI
BOOL		BOOL
WINAPI		WINAPI
CryptVerifySignatureW(		CryptVerifySignatureW(
__in HCRYPTHASH hHash,		__in HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature,		__in_bcount(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen,		__in DWORD dwSigLen,
__in HCRYPTKEY hPubKey,		__in HCRYPTKEY hPubKey,

__in LPCWSTR szDescription,		__in_opt LPCWSTR szDescription,
__in DWORD dwFlags		__in DWORD dwFlags
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW		#define CryptVerifySignature CryptVerifySignatureW
#else		#else
#define CryptVerifySignature CryptVerifySignatureA		#define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)

skipping to change at line 1614		skipping to change at line 1620
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW		#define CryptSetProviderEx CryptSetProviderExW
#else		#else
#define CryptSetProviderEx CryptSetProviderExA		#define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)		#endif //(NTDDI_VERSION < NTDDI_WINLH)

#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptGetDefaultProviderA(		CryptGetDefaultProviderA(
__in DWORD dwProvType,		__in DWORD dwProvType,
__reserved DWORD *pdwReserved,		__reserved DWORD *pdwReserved,
__in DWORD dwFlags,		__in DWORD dwFlags,

__out_bcount_part(pcbProvName, pcbProvName) LPSTR pszProvName,		__out_bcount_part_opt(pcbProvName, pcbProvName) LPSTR pszProvName,
__out DWORD *pcbProvName		__inout DWORD *pcbProvName
);		);
WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptGetDefaultProviderW(		CryptGetDefaultProviderW(
__in DWORD dwProvType,		__in DWORD dwProvType,
__reserved DWORD *pdwReserved,		__reserved DWORD *pdwReserved,
__in DWORD dwFlags,		__in DWORD dwFlags,

__out_bcount_part(pcbProvName, pcbProvName) LPWSTR pszProvName,		__out_bcount_part_opt(pcbProvName, pcbProvName) LPWSTR pszProvName,
__out DWORD *pcbProvName		__inout DWORD *pcbProvName
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW		#define CryptGetDefaultProvider CryptGetDefaultProviderW
#else		#else
#define CryptGetDefaultProvider CryptGetDefaultProviderA		#define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

#if (NTDDI_VERSION < NTDDI_WINLH)		#if (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI		WINADVAPI

skipping to change at line 1670		skipping to change at line 1676
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW		#define CryptGetDefaultProvider CryptGetDefaultProviderW
#else		#else
#define CryptGetDefaultProvider CryptGetDefaultProviderA		#define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)		#endif //(NTDDI_VERSION < NTDDI_WINLH)

#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptEnumProviderTypesA(		CryptEnumProviderTypesA(
__in DWORD dwIndex,		__in DWORD dwIndex,
__reserved DWORD *pdwReserved,		__reserved DWORD *pdwReserved,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out DWORD *pdwProvType,		__out DWORD *pdwProvType,

__out_bcount_part(pcbTypeName, pcbTypeName) LPSTR szTypeName,		__out_bcount_part_opt(pcbTypeName, pcbTypeName) LPSTR szTypeName,
__out DWORD *pcbTypeName		__inout DWORD *pcbTypeName
);		);
WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptEnumProviderTypesW(		CryptEnumProviderTypesW(
__in DWORD dwIndex,		__in DWORD dwIndex,
__reserved DWORD *pdwReserved,		__reserved DWORD *pdwReserved,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out DWORD *pdwProvType,		__out DWORD *pdwProvType,

__out_bcount_part(pcbTypeName, pcbTypeName) LPWSTR szTypeName,		__out_bcount_part_opt(pcbTypeName, pcbTypeName) LPWSTR szTypeName,
__out DWORD *pcbTypeName		__inout DWORD *pcbTypeName
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW		#define CryptEnumProviderTypes CryptEnumProviderTypesW
#else		#else
#define CryptEnumProviderTypes CryptEnumProviderTypesA		#define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI		WINADVAPI

skipping to change at line 1758		skipping to change at line 1764
#if (NTDDI_VERSION < NTDDI_WINLH)		#if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE		#ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW		#define CryptEnumProviderTypes CryptEnumProviderTypesW
#else		#else
#define CryptEnumProviderTypes CryptEnumProviderTypesA		#define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)		#endif //(NTDDI_VERSION < NTDDI_WINLH)

#if (NTDDI_VERSION >= NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptEnumProvidersA(		CryptEnumProvidersA(
__in DWORD dwIndex,		__in DWORD dwIndex,
__reserved DWORD *pdwReserved,		__reserved DWORD *pdwReserved,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out DWORD *pdwProvType,		__out DWORD *pdwProvType,

__out_ecount_part_opt(pcbProvName, pcbProvName+1) LPSTR szProvName,		__out_bcount_part_opt(pcbProvName, pcbProvName) LPSTR szProvName,
__inout DWORD *pcbProvName		__inout DWORD *pcbProvName
);		);
WINADVAPI		WINADVAPI

BOOL		__success(0 != return) BOOL
WINAPI		WINAPI
CryptEnumProvidersW(		CryptEnumProvidersW(
__in DWORD dwIndex,		__in DWORD dwIndex,
__reserved DWORD *pdwReserved,		__reserved DWORD *pdwReserved,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out DWORD *pdwProvType,		__out DWORD *pdwProvType,

__out_ecount_part_opt(pcbProvName, pcbProvName+1) LPWSTR szProvName,		__out_bcount_part_opt(pcbProvName, pcbProvName) LPWSTR szProvName,
__inout DWORD *pcbProvName		__inout DWORD *pcbProvName
);		);
#ifdef UNICODE		#ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW		#define CryptEnumProviders CryptEnumProvidersW
#else		#else
#define CryptEnumProviders CryptEnumProvidersA		#define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE		#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)		#endif //(NTDDI_VERSION >= NTDDI_WINLH)

#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)		#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)

skipping to change at line 1888		skipping to change at line 1894
// encryption provider.		// encryption provider.
//		//
BOOL		BOOL
__cdecl		__cdecl
GetEncSChannel(		GetEncSChannel(
BYTE **pData,		BYTE **pData,
DWORD *dwDecSize		DWORD *dwDecSize
);		);
#endif //(NTDDI_VERSION >= NTDDI_WS03)		#endif //(NTDDI_VERSION >= NTDDI_WS03)


#if (NTDDI_VERSION == NTDDI_WINXP)
typedef struct {
DWORD dwVersion;
ALG_ID algId;
DWORD dwMinKeyLength;
DWORD dwMaxKeyLength;
DWORD dwRequiredFlags;
DWORD dwDisallowedFlags;
} _CRYPT_KEY_LIMITS_V01;
typedef _CRYPT_KEY_LIMITS_V01 CRYPT_KEY_LIMITS, *PCRYPT_KEY_LIMITS;

// Request Flag definitions
#define CRYPTLIMIT_USING_PCT 0x0001
#define CRYPTLIMIT_USING_SGC 0x0002

WINADVAPI
BOOL
WINAPI
CryptGetLocalKeyLimits(
IN ALG_ID algId,
IN DWORD dwFlags,
OUT PCRYPT_KEY_LIMITS pLimits,
IN OUT LPDWORD cbLimitLength);
#endif //(NTDDI_VERSION = NTDDI_WINXP)

#if !defined(_DDK_DRIVER_)		#if !defined(_DDK_DRIVER_)


// In Longhorn, the following APIs were updated to support the new		// In Vista, the following APIs were updated to support the new
// CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition		// CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition
// to the above CAPI1 APIs.		// to the above CAPI1 APIs.

// Include the definitions for the CNG APIs		// Include the definitions for the CNG APIs
#include <bcrypt.h>		#include <bcrypt.h>
#include <ncrypt.h>		#include <ncrypt.h>

// This type is used when the API can take either the CAPI1 HCRYPTPROV or		// This type is used when the API can take either the CAPI1 HCRYPTPROV or
// the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be		// the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be
// converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle().		// converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle().

skipping to change at line 2012		skipping to change at line 1993
#define szOID_RSA_messageDigest "1.2.840.113549.1.9.4"		#define szOID_RSA_messageDigest "1.2.840.113549.1.9.4"
#define szOID_RSA_signingTime "1.2.840.113549.1.9.5"		#define szOID_RSA_signingTime "1.2.840.113549.1.9.5"
#define szOID_RSA_counterSign "1.2.840.113549.1.9.6"		#define szOID_RSA_counterSign "1.2.840.113549.1.9.6"
#define szOID_RSA_challengePwd "1.2.840.113549.1.9.7"		#define szOID_RSA_challengePwd "1.2.840.113549.1.9.7"
#define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8"		#define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8"
#define szOID_RSA_extCertAttrs "1.2.840.113549.1.9.9"		#define szOID_RSA_extCertAttrs "1.2.840.113549.1.9.9"
#define szOID_RSA_certExtensions "1.2.840.113549.1.9.14"		#define szOID_RSA_certExtensions "1.2.840.113549.1.9.14"
#define szOID_RSA_SMIMECapabilities "1.2.840.113549.1.9.15"		#define szOID_RSA_SMIMECapabilities "1.2.840.113549.1.9.15"
#define szOID_RSA_preferSignedData "1.2.840.113549.1.9.15.1"		#define szOID_RSA_preferSignedData "1.2.840.113549.1.9.15.1"


		#define szOID_TIMESTAMP_TOKEN "1.2.840.113549.1.9.16.1.4"
		#define szOID_RFC3161_counterSign "1.3.6.1.4.1.311.3.3.1"

#define szOID_RSA_SMIMEalg "1.2.840.113549.1.9.16.3"		#define szOID_RSA_SMIMEalg "1.2.840.113549.1.9.16.3"
#define szOID_RSA_SMIMEalgESDH "1.2.840.113549.1.9.16.3.5"		#define szOID_RSA_SMIMEalgESDH "1.2.840.113549.1.9.16.3.5"
#define szOID_RSA_SMIMEalgCMS3DESwrap "1.2.840.113549.1.9.16.3.6"		#define szOID_RSA_SMIMEalgCMS3DESwrap "1.2.840.113549.1.9.16.3.6"
#define szOID_RSA_SMIMEalgCMSRC2wrap "1.2.840.113549.1.9.16.3.7"		#define szOID_RSA_SMIMEalgCMSRC2wrap "1.2.840.113549.1.9.16.3.7"

#define szOID_RSA_MD2 "1.2.840.113549.2.2"		#define szOID_RSA_MD2 "1.2.840.113549.2.2"
#define szOID_RSA_MD4 "1.2.840.113549.2.4"		#define szOID_RSA_MD4 "1.2.840.113549.2.4"
#define szOID_RSA_MD5 "1.2.840.113549.2.5"		#define szOID_RSA_MD5 "1.2.840.113549.2.5"

#define szOID_RSA_RC2CBC "1.2.840.113549.3.2"		#define szOID_RSA_RC2CBC "1.2.840.113549.3.2"

skipping to change at line 2082		skipping to change at line 2066
// NIST AES WRAP Algorithms		// NIST AES WRAP Algorithms
#define szOID_NIST_AES128_WRAP "2.16.840.1.101.3.4.1.5"		#define szOID_NIST_AES128_WRAP "2.16.840.1.101.3.4.1.5"
#define szOID_NIST_AES192_WRAP "2.16.840.1.101.3.4.1.25"		#define szOID_NIST_AES192_WRAP "2.16.840.1.101.3.4.1.25"
#define szOID_NIST_AES256_WRAP "2.16.840.1.101.3.4.1.45"		#define szOID_NIST_AES256_WRAP "2.16.840.1.101.3.4.1.45"

// x9-63-scheme OBJECT IDENTIFIER ::= { iso(1)		// x9-63-scheme OBJECT IDENTIFIER ::= { iso(1)
// identified-organization(3) tc68(133) country(16) x9(840)		// identified-organization(3) tc68(133) country(16) x9(840)
// x9-63(63) schemes(0) }		// x9-63(63) schemes(0) }

// ECDH single pass ephemeral-static KeyAgreement KeyEncryptionAlgorithm		// ECDH single pass ephemeral-static KeyAgreement KeyEncryptionAlgorithm

#define szOID_DH_SINGLE_PASS_STDDH_SHA1_KDF "1.3.133.16.840.63.0.2"		#define szOID_DH_SINGLE_PASS_STDDH_SHA1_KDF "1.3.133.16.840.63.0.2"
		#define szOID_DH_SINGLE_PASS_STDDH_SHA256_KDF "1.3.132.1.11.1"
		#define szOID_DH_SINGLE_PASS_STDDH_SHA384_KDF "1.3.132.1.11.2"

// For the above KeyEncryptionAlgorithm the following wrap algorithms are		// For the above KeyEncryptionAlgorithm the following wrap algorithms are
// supported:		// supported:
// szOID_RSA_SMIMEalgCMS3DESwrap		// szOID_RSA_SMIMEalgCMS3DESwrap
// szOID_RSA_SMIMEalgCMSRC2wrap		// szOID_RSA_SMIMEalgCMSRC2wrap
// szOID_NIST_AES128_WRAP		// szOID_NIST_AES128_WRAP
// szOID_NIST_AES192_WRAP		// szOID_NIST_AES192_WRAP
// szOID_NIST_AES256_WRAP		// szOID_NIST_AES256_WRAP

// ITU-T UsefulDefinitions		// ITU-T UsefulDefinitions

skipping to change at line 2196		skipping to change at line 2182
// Type used for an extension to an encoded content		// Type used for an extension to an encoded content
//		//
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.		// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT		// certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_EXTENSION {		typedef struct _CERT_EXTENSION {
LPSTR pszObjId;		LPSTR pszObjId;
BOOL fCritical;		BOOL fCritical;
CRYPT_OBJID_BLOB Value;		CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION;		} CERT_EXTENSION, *PCERT_EXTENSION;

		typedef const CERT_EXTENSION* PCCERT_EXTENSION;
// certenrolls_end		// certenrolls_end

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// AttributeTypeValue		// AttributeTypeValue
//		//
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.		// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
// certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE		// certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE
typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {		typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {
LPSTR pszObjId;		LPSTR pszObjId;

skipping to change at line 2330		skipping to change at line 2317
#define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2"		#define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2"
#define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3"		#define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3"

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Microsoft CERT_RDN attribute Object Identifiers		// Microsoft CERT_RDN attribute Object Identifiers
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
// Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING.		// Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING.
#define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1"		#define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1"

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

		// EV RDN OIDs
		//--------------------------------------------------------------------------
		#define szOID_EV_RDN_LOCALE "1.3.6.1.4.1.311.60.2.1.1"
		#define szOID_EV_RDN_STATE_OR_PROVINCE "1.3.6.1.4.1.311.60.2.1.2"
		#define szOID_EV_RDN_COUNTRY "1.3.6.1.4.1.311.60.2.1.3"

		//+-------------------------------------------------------------------------
// CERT_RDN Attribute Value Types		// CERT_RDN Attribute Value Types
//		//
// For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded		// For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
// representation. Otherwise, its an array of bytes.		// representation. Otherwise, its an array of bytes.
//		//
// For all CERT_RDN types, Value.cbData is always the number of bytes, not		// For all CERT_RDN types, Value.cbData is always the number of bytes, not
// necessarily the number of elements in the string. For instance,		// necessarily the number of elements in the string. For instance,
// RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and		// RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and
// RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).		// RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).
//		//

skipping to change at line 2394		skipping to change at line 2388

// For encoding: when set, the characters aren't checked to see if they		// For encoding: when set, the characters aren't checked to see if they
// are valid for the Value Type.		// are valid for the Value Type.
#define CERT_RDN_DISABLE_CHECK_TYPE_FLAG 0x40000000		#define CERT_RDN_DISABLE_CHECK_TYPE_FLAG 0x40000000

// For decoding: by default, CERT_RDN_T61_STRING values are initially decoded		// For decoding: by default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.		// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8.		// Setting this flag skips the initial attempt to decode as UTF8.
#define CERT_RDN_DISABLE_IE4_UTF8_FLAG 0x01000000		#define CERT_RDN_DISABLE_IE4_UTF8_FLAG 0x01000000


		// For encoding: If the string contains E/Email RDN, and the email-address
		// (in RDN value) contains unicode characters outside of ASCII character set,
		// the localpart and the hostname portion of the email-address would be first
		// encoded in punycode and then the resultant Email-Address would be attempted
		// to be encoded as IA5String. Punycode encoding of hostname is done on
		// label-by-label basis.
		// For decoding: If the name contains E/Email RDN, and local part or hostname
		// portion of the email-address contains punycode encoded IA5String,
		// The RDN string value is converted to its unicode equivalent.
		#define CERT_RDN_ENABLE_PUNYCODE_FLAG 0x02000000

// Macro to check that the dwValueType is a character string and not an		// Macro to check that the dwValueType is a character string and not an
// encoded blob or octet string		// encoded blob or octet string
#define IS_CERT_RDN_CHAR_STRING(X) \		#define IS_CERT_RDN_CHAR_STRING(X) \
(((X) & CERT_RDN_TYPE_MASK) >= CERT_RDN_NUMERIC_STRING)		(((X) & CERT_RDN_TYPE_MASK) >= CERT_RDN_NUMERIC_STRING)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// A CERT_RDN consists of an array of the above attributes		// A CERT_RDN consists of an array of the above attributes
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CERT_RDN {		typedef struct _CERT_RDN {
DWORD cRDNAttr;		DWORD cRDNAttr;

skipping to change at line 2641		skipping to change at line 2646
PCERT_EXTENSION rgExtension;		PCERT_EXTENSION rgExtension;
} CRL_INFO, *PCRL_INFO;		} CRL_INFO, *PCRL_INFO;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CRL versions		// CRL versions
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define CRL_V1 0		#define CRL_V1 0
#define CRL_V2 1		#define CRL_V2 1

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

		// Certificate Bundle
		//--------------------------------------------------------------------------
		#define CERT_BUNDLE_CERTIFICATE 0
		#define CERT_BUNDLE_CRL 1

		typedef struct _CERT_OR_CRL_BLOB {
		DWORD dwChoice;
		DWORD cbEncoded;
		__field_bcount(cbEncoded)
		BYTE *pbEncoded;
		} CERT_OR_CRL_BLOB, * PCERT_OR_CRL_BLOB;

		typedef struct _CERT_OR_CRL_BUNDLE {
		DWORD cItem;
		__field_ecount(cItem)
		PCERT_OR_CRL_BLOB rgItem;
		} CERT_OR_CRL_BUNDLE, *PCERT_OR_CRL_BUNDLE;

		//+-------------------------------------------------------------------------
// Information stored in a certificate request		// Information stored in a certificate request
//		//
// The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded		// The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
// representation of the information.		// representation of the information.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CERT_REQUEST_INFO {		typedef struct _CERT_REQUEST_INFO {
DWORD dwVersion;		DWORD dwVersion;
CERT_NAME_BLOB Subject;		CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;		CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
DWORD cAttribute;		DWORD cAttribute;

skipping to change at line 2695		skipping to change at line 2719
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CTL Usage. Also used for EnhancedKeyUsage extension.		// CTL Usage. Also used for EnhancedKeyUsage extension.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CTL_USAGE {		typedef struct _CTL_USAGE {
DWORD cUsageIdentifier;		DWORD cUsageIdentifier;
LPSTR *rgpszUsageIdentifier; // array of pszObjId		LPSTR *rgpszUsageIdentifier; // array of pszObjId
} CTL_USAGE, *PCTL_USAGE,		} CTL_USAGE, *PCTL_USAGE,
CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE;		CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE;

		typedef const CTL_USAGE* PCCTL_USAGE;
		typedef const CERT_ENHKEY_USAGE* PCCERT_ENHKEY_USAGE;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// An entry in a CTL		// An entry in a CTL
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CTL_ENTRY {		typedef struct _CTL_ENTRY {
CRYPT_DATA_BLOB SubjectIdentifier; // For example, its hash		CRYPT_DATA_BLOB SubjectIdentifier; // For example, its hash
DWORD cAttribute;		DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute; // OPTIONAL		PCRYPT_ATTRIBUTE rgAttribute; // OPTIONAL
} CTL_ENTRY, *PCTL_ENTRY;		} CTL_ENTRY, *PCTL_ENTRY;


skipping to change at line 2906		skipping to change at line 2932
WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptEncodeObjectEx(		CryptEncodeObjectEx(
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType,		__in LPCSTR lpszStructType,
__in const void *pvStructInfo,		__in const void *pvStructInfo,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_opt PCRYPT_ENCODE_PARA pEncodePara,		__in_opt PCRYPT_ENCODE_PARA pEncodePara,
__out_opt void *pvEncoded,		__out_opt void *pvEncoded,

IN __out DWORD *pcbEncoded		__inout DWORD *pcbEncoded
);		);

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptEncodeObject(		CryptEncodeObject(
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType,		__in LPCSTR lpszStructType,
__in const void *pvStructInfo,		__in const void *pvStructInfo,
__out_bcount_part_opt(pcbEncoded, pcbEncoded) BYTE *pbEncoded,		__out_bcount_part_opt(pcbEncoded, pcbEncoded) BYTE *pbEncoded,

skipping to change at line 2971		skipping to change at line 2997
// When set, the characters aren't checked to see if they		// When set, the characters aren't checked to see if they
// are valid for the specified Value Type.		// are valid for the specified Value Type.
#define CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG \		#define CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG \
CERT_RDN_DISABLE_CHECK_TYPE_FLAG		CERT_RDN_DISABLE_CHECK_TYPE_FLAG

// The following flag is applicable when encoding the PKCS_SORTED_CTL. This		// The following flag is applicable when encoding the PKCS_SORTED_CTL. This
// flag should be set if the identifier for the TrustedSubjects is a hash,		// flag should be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1.		// such as, MD5 or SHA1.
#define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000		#define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000


		// The following flag is applicable when encoding structures that require
		// IA5String encoding of host name(in DNS Name/ URL/ EmailAddress) containing
		// non-IA5 characters by encoding the host name in punycode first.
		#define CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG 0x20000

typedef struct _CRYPT_DECODE_PARA {		typedef struct _CRYPT_DECODE_PARA {
DWORD cbSize;		DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL		PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL		PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA;		} CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA;

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptDecodeObjectEx(		CryptDecodeObjectEx(
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType,		__in LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded,		__in_bcount(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded,		__in DWORD cbEncoded,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_opt PCRYPT_DECODE_PARA pDecodePara,		__in_opt PCRYPT_DECODE_PARA pDecodePara,
__out_opt void *pvStructInfo,		__out_opt void *pvStructInfo,

IN __out DWORD *pcbStructInfo		__inout DWORD *pcbStructInfo
);		);

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptDecodeObject(		CryptDecodeObject(
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType,		__in LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded,		__in_bcount(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded,		__in DWORD cbEncoded,

skipping to change at line 3059		skipping to change at line 3090
#define CRYPT_DECODE_ALLOC_FLAG 0x8000		#define CRYPT_DECODE_ALLOC_FLAG 0x8000

// The following flag is applicable when decoding X509_UNICODE_NAME,		// The following flag is applicable when decoding X509_UNICODE_NAME,
// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.		// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.
// By default, CERT_RDN_T61_STRING values are initially decoded		// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.		// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8.		// Setting this flag skips the initial attempt to decode as UTF8.
#define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG \		#define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG \
CERT_RDN_DISABLE_IE4_UTF8_FLAG		CERT_RDN_DISABLE_IE4_UTF8_FLAG


		// The following flag is applicable when decoding structures that contain
		// IA5String encoding of punycode encoded host name (in DNS Name/ URL/
		// EmailAddress). Decoded value contains the the unicode equivalent of
		// punycode encoded data.
		#define CRYPT_DECODE_ENABLE_PUNYCODE_FLAG 0x02000000

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Predefined X509 certificate data structures that can be encoded / decoded.		// Predefined X509 certificate data structures that can be encoded / decoded.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define CRYPT_ENCODE_DECODE_NONE 0		#define CRYPT_ENCODE_DECODE_NONE 0
#define X509_CERT ((LPCSTR) 1)		#define X509_CERT ((LPCSTR) 1)
#define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2)		#define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2)
#define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3)		#define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3)
#define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4)		#define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4)
#define X509_EXTENSIONS ((LPCSTR) 5)		#define X509_EXTENSIONS ((LPCSTR) 5)
#define X509_NAME_VALUE ((LPCSTR) 6)		#define X509_NAME_VALUE ((LPCSTR) 6)

skipping to change at line 3224		skipping to change at line 3261

#define CNG_RSA_PUBLIC_KEY_BLOB ((LPCSTR) 72)		#define CNG_RSA_PUBLIC_KEY_BLOB ((LPCSTR) 72)
#define X509_OBJECT_IDENTIFIER ((LPCSTR) 73)		#define X509_OBJECT_IDENTIFIER ((LPCSTR) 73)
#define X509_ALGORITHM_IDENTIFIER ((LPCSTR) 74)		#define X509_ALGORITHM_IDENTIFIER ((LPCSTR) 74)
#define PKCS_RSA_SSA_PSS_PARAMETERS ((LPCSTR) 75)		#define PKCS_RSA_SSA_PSS_PARAMETERS ((LPCSTR) 75)
#define PKCS_RSAES_OAEP_PARAMETERS ((LPCSTR) 76)		#define PKCS_RSAES_OAEP_PARAMETERS ((LPCSTR) 76)

#define ECC_CMS_SHARED_INFO ((LPCSTR) 77)		#define ECC_CMS_SHARED_INFO ((LPCSTR) 77)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

		// TIMESTAMP
		//--------------------------------------------------------------------------
		#define TIMESTAMP_REQUEST ((LPCSTR) 78)
		#define TIMESTAMP_RESPONSE ((LPCSTR) 79)
		#define TIMESTAMP_INFO ((LPCSTR) 80)

		//+-------------------------------------------------------------------------
		// CertificateBundle
		//--------------------------------------------------------------------------
		#define X509_CERT_BUNDLE ((LPCSTR) 81)

		//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.		// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define PKCS7_SIGNER_INFO ((LPCSTR) 500)		#define PKCS7_SIGNER_INFO ((LPCSTR) 500)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.		// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define CMS_SIGNER_INFO ((LPCSTR) 501)		#define CMS_SIGNER_INFO ((LPCSTR) 501)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

skipping to change at line 3551		skipping to change at line 3600
#ifndef szOID_LICENSE_SERVER		#ifndef szOID_LICENSE_SERVER
#define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2"		#define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2"
#endif		#endif

#ifndef szOID_KP_SMARTCARD_LOGON		#ifndef szOID_KP_SMARTCARD_LOGON
#define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2"		#define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2"
#endif		#endif

#define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1"		#define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1"


		// Signer of CRL
		#define szOID_REVOKED_LIST_SIGNER "1.3.6.1.4.1.311.10.3.19"

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers		// Microsoft Attribute Object Identifiers
//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"		#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Qualifiers that may be part of the szOID_CERT_POLICIES and		// Qualifiers that may be part of the szOID_CERT_POLICIES and
// szOID_CERT_POLICIES95 extensions		// szOID_CERT_POLICIES95 extensions
//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
#define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1"		#define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1"
#define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2"		#define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2"

#define szOID_ROOT_PROGRAM_FLAGS "1.3.6.1.4.1.311.60.1.1"		#define szOID_ROOT_PROGRAM_FLAGS "1.3.6.1.4.1.311.60.1.1"


		//+-------------------------------------------------------------------------
		// Root program qualifier flags, used in pbData field of
		// CERT_POLICY_QUALIFIER_INFO structure.
		//+-------------------------------------------------------------------------

		// Validation of the Organization (O) field in the subject name meets
		// Root Program Requirements for display.
		#define CERT_ROOT_PROGRAM_FLAG_ORG 0x80

		// Validation of the Locale (L), State (S), and Country (C) fields in
		// the subject name meets Program Requirements for display.
		#define CERT_ROOT_PROGRAM_FLAG_LSC 0x40

		// Subject logotype
		#define CERT_ROOT_PROGRAM_FLAG_SUBJECT_LOGO 0x20

		// Validation of the OrganizationalUnit (OU) field in the subject name
		// meets Root Program Requirements for display.
		#define CERT_ROOT_PROGRAM_FLAG_OU 0x10

		// Validation of the address field in the subject name meets Root
		// Program Requirements for display.
		#define CERT_ROOT_PROGRAM_FLAG_ADDRESS 0x08

// OID for old qualifer		// OID for old qualifer
#define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 "		#define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 "

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// X509_CERT		// X509_CERT
//		//
// The "to be signed" encoded content plus its signature. The ToBeSigned		// The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following:		// content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or		// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED.		// X509_CERT_REQUEST_TO_BE_SIGNED.

skipping to change at line 3870		skipping to change at line 3946
union { // certenrolls_skip		union { // certenrolls_skip
PCERT_OTHER_NAME pOtherName; // 1		PCERT_OTHER_NAME pOtherName; // 1
LPWSTR pwszRfc822Name; // 2 (encoded IA5)		LPWSTR pwszRfc822Name; // 2 (encoded IA5)
LPWSTR pwszDNSName; // 3 (encoded IA5)		LPWSTR pwszDNSName; // 3 (encoded IA5)
// Not implemented x400Address; // 4		// Not implemented x400Address; // 4
CERT_NAME_BLOB DirectoryName; // 5		CERT_NAME_BLOB DirectoryName; // 5
// Not implemented pEdiPartyName; // 6		// Not implemented pEdiPartyName; // 6
LPWSTR pwszURL; // 7 (encoded IA5)		LPWSTR pwszURL; // 7 (encoded IA5)
CRYPT_DATA_BLOB IPAddress; // 8 (Octet String)		CRYPT_DATA_BLOB IPAddress; // 8 (Octet String)
LPSTR pszRegisteredID; // 9 (Object Identifer)		LPSTR pszRegisteredID; // 9 (Object Identifer)

}; // certenrolls_skip		} DUMMYUNIONNAME; // certenrolls_skip
} CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY;		} CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY;
// certenrolls_end		// certenrolls_end

// certenrolld_begin -- CERT_ALT_NAME_*		// certenrolld_begin -- CERT_ALT_NAME_*
#define CERT_ALT_NAME_OTHER_NAME 1		#define CERT_ALT_NAME_OTHER_NAME 1
#define CERT_ALT_NAME_RFC822_NAME 2		#define CERT_ALT_NAME_RFC822_NAME 2
#define CERT_ALT_NAME_DNS_NAME 3		#define CERT_ALT_NAME_DNS_NAME 3
#define CERT_ALT_NAME_X400_ADDRESS 4		#define CERT_ALT_NAME_X400_ADDRESS 4
#define CERT_ALT_NAME_DIRECTORY_NAME 5		#define CERT_ALT_NAME_DIRECTORY_NAME 5
#define CERT_ALT_NAME_EDI_PARTY_NAME 6		#define CERT_ALT_NAME_EDI_PARTY_NAME 6

skipping to change at line 4310		skipping to change at line 4386
// VALUE_INDEX - 16 bits (unicode character index)		// VALUE_INDEX - 16 bits (unicode character index)
//		//
// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location		// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
// defines.		// defines.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CRL_DIST_POINT_NAME {		typedef struct _CRL_DIST_POINT_NAME {
DWORD dwDistPointNameChoice;		DWORD dwDistPointNameChoice;
union {		union {
CERT_ALT_NAME_INFO FullName; // 1		CERT_ALT_NAME_INFO FullName; // 1
// Not implemented IssuerRDN; // 2		// Not implemented IssuerRDN; // 2

};		} DUMMYUNIONNAME;
} CRL_DIST_POINT_NAME, *PCRL_DIST_POINT_NAME;		} CRL_DIST_POINT_NAME, *PCRL_DIST_POINT_NAME;

#define CRL_DIST_POINT_NO_NAME 0		#define CRL_DIST_POINT_NO_NAME 0
#define CRL_DIST_POINT_FULL_NAME 1		#define CRL_DIST_POINT_FULL_NAME 1
#define CRL_DIST_POINT_ISSUER_RDN_NAME 2		#define CRL_DIST_POINT_ISSUER_RDN_NAME 2

typedef struct _CRL_DIST_POINT {		typedef struct _CRL_DIST_POINT {
CRL_DIST_POINT_NAME DistPointName; // OPTIONAL		CRL_DIST_POINT_NAME DistPointName; // OPTIONAL
CRYPT_BIT_BLOB ReasonFlags; // OPTIONAL		CRYPT_BIT_BLOB ReasonFlags; // OPTIONAL
CERT_ALT_NAME_INFO CRLIssuer; // OPTIONAL		CERT_ALT_NAME_INFO CRLIssuer; // OPTIONAL

skipping to change at line 5081		skipping to change at line 5157
typedef struct _CMC_TAGGED_CERT_REQUEST {		typedef struct _CMC_TAGGED_CERT_REQUEST {
DWORD dwBodyPartID;		DWORD dwBodyPartID;
CRYPT_DER_BLOB SignedCertRequest;		CRYPT_DER_BLOB SignedCertRequest;
} CMC_TAGGED_CERT_REQUEST, *PCMC_TAGGED_CERT_REQUEST;		} CMC_TAGGED_CERT_REQUEST, *PCMC_TAGGED_CERT_REQUEST;

typedef struct _CMC_TAGGED_REQUEST {		typedef struct _CMC_TAGGED_REQUEST {
DWORD dwTaggedRequestChoice;		DWORD dwTaggedRequestChoice;
union {		union {
// CMC_TAGGED_CERT_REQUEST_CHOICE		// CMC_TAGGED_CERT_REQUEST_CHOICE
PCMC_TAGGED_CERT_REQUEST pTaggedCertRequest;		PCMC_TAGGED_CERT_REQUEST pTaggedCertRequest;

};		} DUMMYUNIONNAME;
} CMC_TAGGED_REQUEST, *PCMC_TAGGED_REQUEST;		} CMC_TAGGED_REQUEST, *PCMC_TAGGED_REQUEST;

#define CMC_TAGGED_CERT_REQUEST_CHOICE 1		#define CMC_TAGGED_CERT_REQUEST_CHOICE 1

typedef struct _CMC_TAGGED_CONTENT_INFO {		typedef struct _CMC_TAGGED_CONTENT_INFO {
DWORD dwBodyPartID;		DWORD dwBodyPartID;
CRYPT_DER_BLOB EncodedContentInfo;		CRYPT_DER_BLOB EncodedContentInfo;
} CMC_TAGGED_CONTENT_INFO, *PCMC_TAGGED_CONTENT_INFO;		} CMC_TAGGED_CONTENT_INFO, *PCMC_TAGGED_CONTENT_INFO;

typedef struct _CMC_TAGGED_OTHER_MSG {		typedef struct _CMC_TAGGED_OTHER_MSG {

skipping to change at line 5144		skipping to change at line 5220
DWORD *rgdwBodyList;		DWORD *rgdwBodyList;
LPWSTR pwszStatusString; // OPTIONAL		LPWSTR pwszStatusString; // OPTIONAL
DWORD dwOtherInfoChoice;		DWORD dwOtherInfoChoice;
union {		union {
// CMC_OTHER_INFO_NO_CHOICE		// CMC_OTHER_INFO_NO_CHOICE
// none		// none
// CMC_OTHER_INFO_FAIL_CHOICE		// CMC_OTHER_INFO_FAIL_CHOICE
DWORD dwFailInfo;		DWORD dwFailInfo;
// CMC_OTHER_INFO_PEND_CHOICE		// CMC_OTHER_INFO_PEND_CHOICE
PCMC_PEND_INFO pPendInfo;		PCMC_PEND_INFO pPendInfo;

};		} DUMMYUNIONNAME;
} CMC_STATUS_INFO, *PCMC_STATUS_INFO;		} CMC_STATUS_INFO, *PCMC_STATUS_INFO;

#define CMC_OTHER_INFO_NO_CHOICE 0		#define CMC_OTHER_INFO_NO_CHOICE 0
#define CMC_OTHER_INFO_FAIL_CHOICE 1		#define CMC_OTHER_INFO_FAIL_CHOICE 1
#define CMC_OTHER_INFO_PEND_CHOICE 2		#define CMC_OTHER_INFO_PEND_CHOICE 2

//		//
// dwStatus values		// dwStatus values
//		//


skipping to change at line 5304		skipping to change at line 5380
DWORD dwLogotypeImageResolutionChoice;		DWORD dwLogotypeImageResolutionChoice;
union {		union {
// CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE		// CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE
// No resolution value		// No resolution value

// CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE		// CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE
DWORD dwNumBits; // Resolution in bits		DWORD dwNumBits; // Resolution in bits

// CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE		// CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE
DWORD dwTableSize; // Number of color or grey t ones		DWORD dwTableSize; // Number of color or grey t ones

};		} DUMMYUNIONNAME;
LPWSTR pwszLanguage; // Optional. Encoded as IA5.		LPWSTR pwszLanguage; // Optional. Encoded as IA5.
// RFC 3066 Language Tag		// RFC 3066 Language Tag
} CERT_LOGOTYPE_IMAGE_INFO, *PCERT_LOGOTYPE_IMAGE_INFO;		} CERT_LOGOTYPE_IMAGE_INFO, *PCERT_LOGOTYPE_IMAGE_INFO;

#define CERT_LOGOTYPE_GRAY_SCALE_IMAGE_INFO_CHOICE 1		#define CERT_LOGOTYPE_GRAY_SCALE_IMAGE_INFO_CHOICE 1
#define CERT_LOGOTYPE_COLOR_IMAGE_INFO_CHOICE 2		#define CERT_LOGOTYPE_COLOR_IMAGE_INFO_CHOICE 2

#define CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE 0		#define CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE 0
#define CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE 1		#define CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE 1
#define CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE 2		#define CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE 2

skipping to change at line 5354		skipping to change at line 5430
} CERT_LOGOTYPE_DATA, *PCERT_LOGOTYPE_DATA;		} CERT_LOGOTYPE_DATA, *PCERT_LOGOTYPE_DATA;

typedef struct _CERT_LOGOTYPE_INFO {		typedef struct _CERT_LOGOTYPE_INFO {
DWORD dwLogotypeInfoChoice;		DWORD dwLogotypeInfoChoice;
union {		union {
// CERT_LOGOTYPE_DIRECT_INFO_CHOICE		// CERT_LOGOTYPE_DIRECT_INFO_CHOICE
PCERT_LOGOTYPE_DATA pLogotypeDirectInfo;		PCERT_LOGOTYPE_DATA pLogotypeDirectInfo;

// CERT_LOGOTYPE_INDIRECT_INFO_CHOICE		// CERT_LOGOTYPE_INDIRECT_INFO_CHOICE
PCERT_LOGOTYPE_REFERENCE pLogotypeIndirectInfo;		PCERT_LOGOTYPE_REFERENCE pLogotypeIndirectInfo;

};		} DUMMYUNIONNAME;
} CERT_LOGOTYPE_INFO, *PCERT_LOGOTYPE_INFO;		} CERT_LOGOTYPE_INFO, *PCERT_LOGOTYPE_INFO;

#define CERT_LOGOTYPE_DIRECT_INFO_CHOICE 1		#define CERT_LOGOTYPE_DIRECT_INFO_CHOICE 1
#define CERT_LOGOTYPE_INDIRECT_INFO_CHOICE 2		#define CERT_LOGOTYPE_INDIRECT_INFO_CHOICE 2

typedef struct _CERT_OTHER_LOGOTYPE_INFO {		typedef struct _CERT_OTHER_LOGOTYPE_INFO {
LPSTR pszObjId;		LPSTR pszObjId;
CERT_LOGOTYPE_INFO LogotypeInfo;		CERT_LOGOTYPE_INFO LogotypeInfo;
} CERT_OTHER_LOGOTYPE_INFO, *PCERT_OTHER_LOGOTYPE_INFO;		} CERT_OTHER_LOGOTYPE_INFO, *PCERT_OTHER_LOGOTYPE_INFO;


skipping to change at line 5394		skipping to change at line 5470
//==========================================================================		//==========================================================================

typedef struct _CERT_BIOMETRIC_DATA {		typedef struct _CERT_BIOMETRIC_DATA {
DWORD dwTypeOfBiometricDataChoice;		DWORD dwTypeOfBiometricDataChoice;
union {		union {
// CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE		// CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE
DWORD dwPredefined;		DWORD dwPredefined;

// CERT_BIOMETRIC_OID_DATA_CHOICE		// CERT_BIOMETRIC_OID_DATA_CHOICE
LPSTR pszObjId;		LPSTR pszObjId;

};		} DUMMYUNIONNAME;

CERT_HASHED_URL HashedUrl; // pwszUrl is Optional.		CERT_HASHED_URL HashedUrl; // pwszUrl is Optional.
} CERT_BIOMETRIC_DATA, *PCERT_BIOMETRIC_DATA;		} CERT_BIOMETRIC_DATA, *PCERT_BIOMETRIC_DATA;

#define CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE 1		#define CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE 1
#define CERT_BIOMETRIC_OID_DATA_CHOICE 2		#define CERT_BIOMETRIC_OID_DATA_CHOICE 2

#define CERT_BIOMETRIC_PICTURE_TYPE 0		#define CERT_BIOMETRIC_PICTURE_TYPE 0
#define CERT_BIOMETRIC_SIGNATURE_TYPE 1		#define CERT_BIOMETRIC_SIGNATURE_TYPE 1


skipping to change at line 5521		skipping to change at line 5597
OCSP_CERT_ID CertId;		OCSP_CERT_ID CertId;
DWORD dwCertStatus;		DWORD dwCertStatus;
union {		union {
// OCSP_BASIC_GOOD_CERT_STATUS		// OCSP_BASIC_GOOD_CERT_STATUS
// OCSP_BASIC_UNKNOWN_CERT_STATUS		// OCSP_BASIC_UNKNOWN_CERT_STATUS
// No additional information		// No additional information

// OCSP_BASIC_REVOKED_CERT_STATUS		// OCSP_BASIC_REVOKED_CERT_STATUS
POCSP_BASIC_REVOKED_INFO pRevokedInfo;		POCSP_BASIC_REVOKED_INFO pRevokedInfo;


};		} DUMMYUNIONNAME;
FILETIME ThisUpdate;		FILETIME ThisUpdate;
FILETIME NextUpdate; // Optional, zero filetime implies		FILETIME NextUpdate; // Optional, zero filetime implies
// never expires		// never expires
DWORD cExtension;		DWORD cExtension;
PCERT_EXTENSION rgExtension;		PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_ENTRY, *POCSP_BASIC_RESPONSE_ENTRY;		} OCSP_BASIC_RESPONSE_ENTRY, *POCSP_BASIC_RESPONSE_ENTRY;

#define OCSP_BASIC_GOOD_CERT_STATUS 0		#define OCSP_BASIC_GOOD_CERT_STATUS 0
#define OCSP_BASIC_REVOKED_CERT_STATUS 1		#define OCSP_BASIC_REVOKED_CERT_STATUS 1
#define OCSP_BASIC_UNKNOWN_CERT_STATUS 2		#define OCSP_BASIC_UNKNOWN_CERT_STATUS 2

typedef struct _OCSP_BASIC_RESPONSE_INFO {		typedef struct _OCSP_BASIC_RESPONSE_INFO {
DWORD dwVersion;		DWORD dwVersion;
DWORD dwResponderIdChoice;		DWORD dwResponderIdChoice;
union {		union {
// OCSP_BASIC_BY_NAME_RESPONDER_ID		// OCSP_BASIC_BY_NAME_RESPONDER_ID
CERT_NAME_BLOB ByNameResponderId;		CERT_NAME_BLOB ByNameResponderId;
// OCSP_BASIC_BY_KEY_RESPONDER_ID		// OCSP_BASIC_BY_KEY_RESPONDER_ID
CRYPT_HASH_BLOB ByKeyResponderId;		CRYPT_HASH_BLOB ByKeyResponderId;

};		} DUMMYUNIONNAME;
FILETIME ProducedAt;		FILETIME ProducedAt;
DWORD cResponseEntry;		DWORD cResponseEntry;
POCSP_BASIC_RESPONSE_ENTRY rgResponseEntry;		POCSP_BASIC_RESPONSE_ENTRY rgResponseEntry;
DWORD cExtension;		DWORD cExtension;
PCERT_EXTENSION rgExtension;		PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO;		} OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO;

#define OCSP_BASIC_RESPONSE_V1 0		#define OCSP_BASIC_RESPONSE_V1 0

#define OCSP_BASIC_BY_NAME_RESPONDER_ID 1		#define OCSP_BASIC_BY_NAME_RESPONDER_ID 1

skipping to change at line 5987		skipping to change at line 6063
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CRYPT_OID_INFO {		typedef struct _CRYPT_OID_INFO {
DWORD cbSize;		DWORD cbSize;
LPCSTR pszOID;		LPCSTR pszOID;
LPCWSTR pwszName;		LPCWSTR pwszName;
DWORD dwGroupId;		DWORD dwGroupId;
union {		union {
DWORD dwValue;		DWORD dwValue;
ALG_ID Algid;		ALG_ID Algid;
DWORD dwLength;		DWORD dwLength;

};		} DUMMYUNIONNAME;
CRYPT_DATA_BLOB ExtraInfo;		CRYPT_DATA_BLOB ExtraInfo;

#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS		#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS
// Note, if you #define CRYPT_OID_INFO_HAS_EXTRA_FIELDS, then, you		// Note, if you #define CRYPT_OID_INFO_HAS_EXTRA_FIELDS, then, you
// must zero all unused fields in this data structure.		// must zero all unused fields in this data structure.
// More fields could be added in a future release.		// More fields could be added in a future release.

// The following 2 fields are set to an empty string, L"", if not defined.		// The following 2 fields are set to an empty string, L"", if not defined.

// This is the Algid string passed to the BCrypt* and NCrypt* APIs		// This is the Algid string passed to the BCrypt* and NCrypt* APIs

skipping to change at line 6031		skipping to change at line 6107
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define CRYPT_HASH_ALG_OID_GROUP_ID 1		#define CRYPT_HASH_ALG_OID_GROUP_ID 1
#define CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2		#define CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2
#define CRYPT_PUBKEY_ALG_OID_GROUP_ID 3		#define CRYPT_PUBKEY_ALG_OID_GROUP_ID 3
#define CRYPT_SIGN_ALG_OID_GROUP_ID 4		#define CRYPT_SIGN_ALG_OID_GROUP_ID 4
#define CRYPT_RDN_ATTR_OID_GROUP_ID 5		#define CRYPT_RDN_ATTR_OID_GROUP_ID 5
#define CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6		#define CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6
#define CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7		#define CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7
#define CRYPT_POLICY_OID_GROUP_ID 8		#define CRYPT_POLICY_OID_GROUP_ID 8
#define CRYPT_TEMPLATE_OID_GROUP_ID 9		#define CRYPT_TEMPLATE_OID_GROUP_ID 9

#define CRYPT_LAST_OID_GROUP_ID 9		#define CRYPT_KDF_OID_GROUP_ID 10
		#define CRYPT_LAST_OID_GROUP_ID 10

#define CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID		#define CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID
#define CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID		#define CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID
// certenrolld_end		// certenrolld_end

// The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID		// The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID
// has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID,		// has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID,
// CRYPT_ENHKEY_USAGE_OID_GROUP_ID, CRYPT_POLICY_OID_GROUP_ID or		// CRYPT_ENHKEY_USAGE_OID_GROUP_ID, CRYPT_POLICY_OID_GROUP_ID or
// CRYPT_TEMPLATE_OID_GROUP_ID don't have a dwValue.		// CRYPT_TEMPLATE_OID_GROUP_ID don't have a dwValue.
//		//

skipping to change at line 6134		skipping to change at line 6211
// valid for signing or encrypting		// valid for signing or encrypting
// certenrolld_begin -- CRYPT_*_KEY_FLAG		// certenrolld_begin -- CRYPT_*_KEY_FLAG
#define CRYPT_OID_INFO_OID_KEY_FLAGS_MASK 0xFFFF0000		#define CRYPT_OID_INFO_OID_KEY_FLAGS_MASK 0xFFFF0000
#define CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000		#define CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000
#define CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000		#define CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000

// The following flag can be set in above dwGroupId parameter to disable		// The following flag can be set in above dwGroupId parameter to disable
// searching the directory server		// searching the directory server
#define CRYPT_OID_DISABLE_SEARCH_DS_FLAG 0x80000000		#define CRYPT_OID_DISABLE_SEARCH_DS_FLAG 0x80000000


		#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS

		// The following flag can be set in above dwGroupId parameter to search
		// through CRYPT_OID_INFO records. If there are multiple records that meet
		// the search criteria, the first record with defined pwszCNGAlgid would be
		// returned. If none of the records (meeting the search criteria) have
		// pwszCNGAlgid defined, first record (meeting the search criteria) would be
		// returned.
		#define CRYPT_OID_PREFER_CNG_ALGID_FLAG 0x40000000

		#endif

// certenrolld_end -- CRYPT_*_KEY_FLAG		// certenrolld_end -- CRYPT_*_KEY_FLAG

// The bit length shifted left 16 bits can be OR'ed into the above		// The bit length shifted left 16 bits can be OR'ed into the above
// dwGroupId parameter. Only applicable to the CRYPT_ENCRYPT_ALG_OID_GROUP_ID.		// dwGroupId parameter. Only applicable to the CRYPT_ENCRYPT_ALG_OID_GROUP_ID.
// Also, only applicable to encryption algorithms having a dwBitLen ExtraInfo.		// Also, only applicable to encryption algorithms having a dwBitLen ExtraInfo.
// Currently, only the AES encryption algorithms have this.		// Currently, only the AES encryption algorithms have this.
//		//
// For example, to find the OIDInfo for BCRYPT_AES_ALGORITHM, bit length 192,		// For example, to find the OIDInfo for BCRYPT_AES_ALGORITHM, bit length 192,
// CryptFindOIDInfo would be called as follows:		// CryptFindOIDInfo would be called as follows:
// PCCRYPT_OID_INFO pOIDInfo =		// PCCRYPT_OID_INFO pOIDInfo =

skipping to change at line 6302		skipping to change at line 6391
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CERT_ID {		typedef struct _CERT_ID {
DWORD dwIdChoice;		DWORD dwIdChoice;
union {		union {
// CERT_ID_ISSUER_SERIAL_NUMBER		// CERT_ID_ISSUER_SERIAL_NUMBER
CERT_ISSUER_SERIAL_NUMBER IssuerSerialNumber;		CERT_ISSUER_SERIAL_NUMBER IssuerSerialNumber;
// CERT_ID_KEY_IDENTIFIER		// CERT_ID_KEY_IDENTIFIER
CRYPT_HASH_BLOB KeyId;		CRYPT_HASH_BLOB KeyId;
// CERT_ID_SHA1_HASH		// CERT_ID_SHA1_HASH
CRYPT_HASH_BLOB HashId;		CRYPT_HASH_BLOB HashId;

};		} DUMMYUNIONNAME;
} CERT_ID, *PCERT_ID;		} CERT_ID, *PCERT_ID;

#define CERT_ID_ISSUER_SERIAL_NUMBER 1		#define CERT_ID_ISSUER_SERIAL_NUMBER 1
#define CERT_ID_KEY_IDENTIFIER 2		#define CERT_ID_KEY_IDENTIFIER 2
#define CERT_ID_SHA1_HASH 3		#define CERT_ID_SHA1_HASH 3

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// The message encode information (pvMsgEncodeInfo) is message type dependent		// The message encode information (pvMsgEncodeInfo) is message type dependent
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------


skipping to change at line 6365		skipping to change at line 6454
// CMS signed messages allow the inclusion of Attribute Certs.		// CMS signed messages allow the inclusion of Attribute Certs.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CMSG_SIGNER_ENCODE_INFO {		typedef struct _CMSG_SIGNER_ENCODE_INFO {
DWORD cbSize;		DWORD cbSize;
PCERT_INFO pCertInfo;		PCERT_INFO pCertInfo;

// NCryptIsKeyHandle() is called to determine the union choice.		// NCryptIsKeyHandle() is called to determine the union choice.
union {		union {
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;		NCRYPT_KEY_HANDLE hNCryptKey;

};		} DUMMYUNIONNAME;

// not applicable for hNCryptKey choice		// not applicable for hNCryptKey choice
DWORD dwKeySpec;		DWORD dwKeySpec;

CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;		CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo;		void *pvHashAuxInfo;
DWORD cAuthAttr;		DWORD cAuthAttr;
PCRYPT_ATTRIBUTE rgAuthAttr;		PCRYPT_ATTRIBUTE rgAuthAttr;
DWORD cUnauthAttr;		DWORD cUnauthAttr;
PCRYPT_ATTRIBUTE rgUnauthAttr;		PCRYPT_ATTRIBUTE rgUnauthAttr;

skipping to change at line 6582		skipping to change at line 6671
union {		union {
// CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE		// CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE
//		//
// The ephemeral public key algorithm and parameters.		// The ephemeral public key algorithm and parameters.
PCRYPT_ALGORITHM_IDENTIFIER pEphemeralAlgorithm;		PCRYPT_ALGORITHM_IDENTIFIER pEphemeralAlgorithm;

// CMSG_KEY_AGREE_STATIC_KEY_CHOICE		// CMSG_KEY_AGREE_STATIC_KEY_CHOICE
//		//
// The CertId of the sender's certificate		// The CertId of the sender's certificate
PCERT_ID pSenderId;		PCERT_ID pSenderId;

};		} DUMMYUNIONNAME;
CRYPT_DATA_BLOB UserKeyingMaterial; // OPTIONAL		CRYPT_DATA_BLOB UserKeyingMaterial; // OPTIONAL

DWORD cRecipientEncryptedKeys;		DWORD cRecipientEncryptedKeys;
PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO *rgpRecipientEncryptedKeys;		PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO *rgpRecipientEncryptedKeys;
} CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO, *PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;		} CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO, *PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;

#define CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE 1		#define CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE 1
#define CMSG_KEY_AGREE_STATIC_KEY_CHOICE 2		#define CMSG_KEY_AGREE_STATIC_KEY_CHOICE 2

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

skipping to change at line 6622		skipping to change at line 6711
DWORD cbSize;		DWORD cbSize;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;		CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
void *pvKeyEncryptionAuxInfo;		void *pvKeyEncryptionAuxInfo;
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
DWORD dwKeyChoice;		DWORD dwKeyChoice;
union {		union {
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE		// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
HCRYPTKEY hKeyEncryptionKey;		HCRYPTKEY hKeyEncryptionKey;
// Reserve space for a potential pointer choice		// Reserve space for a potential pointer choice
void *pvKeyEncryptionKey;		void *pvKeyEncryptionKey;

};		} DUMMYUNIONNAME;
CRYPT_DATA_BLOB KeyId;		CRYPT_DATA_BLOB KeyId;

// Following fields are optional.		// Following fields are optional.
FILETIME Date;		FILETIME Date;
PCRYPT_ATTRIBUTE_TYPE_VALUE pOtherAttr;		PCRYPT_ATTRIBUTE_TYPE_VALUE pOtherAttr;
} CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO, *PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;		} CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO, *PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;

#define CMSG_MAIL_LIST_HANDLE_KEY_CHOICE 1		#define CMSG_MAIL_LIST_HANDLE_KEY_CHOICE 1

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

skipping to change at line 6646		skipping to change at line 6735
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
struct _CMSG_RECIPIENT_ENCODE_INFO {		struct _CMSG_RECIPIENT_ENCODE_INFO {
DWORD dwRecipientChoice;		DWORD dwRecipientChoice;
union {		union {
// CMSG_KEY_TRANS_RECIPIENT		// CMSG_KEY_TRANS_RECIPIENT
PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTrans;		PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTrans;
// CMSG_KEY_AGREE_RECIPIENT		// CMSG_KEY_AGREE_RECIPIENT
PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgree;		PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgree;
// CMSG_MAIL_LIST_RECIPIENT		// CMSG_MAIL_LIST_RECIPIENT
PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailList;		PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailList;

};		} DUMMYUNIONNAME;
};		};

#define CMSG_KEY_TRANS_RECIPIENT 1		#define CMSG_KEY_TRANS_RECIPIENT 1
#define CMSG_KEY_AGREE_RECIPIENT 2		#define CMSG_KEY_AGREE_RECIPIENT 2
#define CMSG_MAIL_LIST_RECIPIENT 3		#define CMSG_MAIL_LIST_RECIPIENT 3

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CMSG_RC2_AUX_INFO		// CMSG_RC2_AUX_INFO
//		//
// AuxInfo for RC2 encryption algorithms. The pvEncryptionAuxInfo field		// AuxInfo for RC2 encryption algorithms. The pvEncryptionAuxInfo field

skipping to change at line 7420		skipping to change at line 7509
} CMSG_RECIPIENT_ENCRYPTED_KEY_INFO, *PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO;		} CMSG_RECIPIENT_ENCRYPTED_KEY_INFO, *PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO;

typedef struct _CMSG_KEY_AGREE_RECIPIENT_INFO {		typedef struct _CMSG_KEY_AGREE_RECIPIENT_INFO {
DWORD dwVersion;		DWORD dwVersion;
DWORD dwOriginatorChoice;		DWORD dwOriginatorChoice;
union {		union {
// CMSG_KEY_AGREE_ORIGINATOR_CERT		// CMSG_KEY_AGREE_ORIGINATOR_CERT
CERT_ID OriginatorCertId;		CERT_ID OriginatorCertId;
// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY		// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;		CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;

};		} DUMMYUNIONNAME;
CRYPT_DATA_BLOB UserKeyingMaterial;		CRYPT_DATA_BLOB UserKeyingMaterial;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;		CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;

DWORD cRecipientEncryptedKeys;		DWORD cRecipientEncryptedKeys;
PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO *rgpRecipientEncryptedKeys;		PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO *rgpRecipientEncryptedKeys;
} CMSG_KEY_AGREE_RECIPIENT_INFO, *PCMSG_KEY_AGREE_RECIPIENT_INFO;		} CMSG_KEY_AGREE_RECIPIENT_INFO, *PCMSG_KEY_AGREE_RECIPIENT_INFO;

#define CMSG_KEY_AGREE_ORIGINATOR_CERT 1		#define CMSG_KEY_AGREE_ORIGINATOR_CERT 1
#define CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY 2		#define CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY 2


skipping to change at line 7451		skipping to change at line 7540

typedef struct _CMSG_CMS_RECIPIENT_INFO {		typedef struct _CMSG_CMS_RECIPIENT_INFO {
DWORD dwRecipientChoice;		DWORD dwRecipientChoice;
union {		union {
// CMSG_KEY_TRANS_RECIPIENT		// CMSG_KEY_TRANS_RECIPIENT
PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;		PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;
// CMSG_KEY_AGREE_RECIPIENT		// CMSG_KEY_AGREE_RECIPIENT
PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;		PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;
// CMSG_MAIL_LIST_RECIPIENT		// CMSG_MAIL_LIST_RECIPIENT
PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;		PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;

};		} DUMMYUNIONNAME;
} CMSG_CMS_RECIPIENT_INFO, *PCMSG_CMS_RECIPIENT_INFO;		} CMSG_CMS_RECIPIENT_INFO, *PCMSG_CMS_RECIPIENT_INFO;

// dwVersion numbers for the KeyTrans, KeyAgree and MailList recipients		// dwVersion numbers for the KeyTrans, KeyAgree and MailList recipients
#define CMSG_ENVELOPED_RECIPIENT_V0 0		#define CMSG_ENVELOPED_RECIPIENT_V0 0
#define CMSG_ENVELOPED_RECIPIENT_V2 2		#define CMSG_ENVELOPED_RECIPIENT_V2 2
#define CMSG_ENVELOPED_RECIPIENT_V3 3		#define CMSG_ENVELOPED_RECIPIENT_V3 3
#define CMSG_ENVELOPED_RECIPIENT_V4 4		#define CMSG_ENVELOPED_RECIPIENT_V4 4
#define CMSG_KEY_TRANS_PKCS_1_5_VERSION CMSG_ENVELOPED_RECIPIENT_V0		#define CMSG_KEY_TRANS_PKCS_1_5_VERSION CMSG_ENVELOPED_RECIPIENT_V0
#define CMSG_KEY_TRANS_CMS_VERSION CMSG_ENVELOPED_RECIPIENT_V2		#define CMSG_KEY_TRANS_CMS_VERSION CMSG_ENVELOPED_RECIPIENT_V2
#define CMSG_KEY_AGREE_VERSION CMSG_ENVELOPED_RECIPIENT_V3		#define CMSG_KEY_AGREE_VERSION CMSG_ENVELOPED_RECIPIENT_V3

skipping to change at line 7611		skipping to change at line 7700
//		//
// Note, the message can only be decrypted once.		// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_DECRYPT_PARA {		typedef struct _CMSG_CTRL_DECRYPT_PARA {
DWORD cbSize;		DWORD cbSize;

// NCryptIsKeyHandle() is called to determine the union choice.		// NCryptIsKeyHandle() is called to determine the union choice.
union {		union {
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;		NCRYPT_KEY_HANDLE hNCryptKey;

};		} DUMMYUNIONNAME;

// not applicable for hNCryptKey choice		// not applicable for hNCryptKey choice
DWORD dwKeySpec;		DWORD dwKeySpec;

DWORD dwRecipientIndex;		DWORD dwRecipientIndex;
} CMSG_CTRL_DECRYPT_PARA, *PCMSG_CTRL_DECRYPT_PARA;		} CMSG_CTRL_DECRYPT_PARA, *PCMSG_CTRL_DECRYPT_PARA;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_TRANS_DECRYPT		// CMSG_CTRL_KEY_TRANS_DECRYPT
//		//

skipping to change at line 7649		skipping to change at line 7738
// with the hCryptProv's or hNCryptKey's private key.		// with the hCryptProv's or hNCryptKey's private key.
//		//
// Note, the message can only be decrypted once.		// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA {		typedef struct _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA {
DWORD cbSize;		DWORD cbSize;
// NCryptIsKeyHandle() is called to determine the union choice.		// NCryptIsKeyHandle() is called to determine the union choice.
union {		union {
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;		NCRYPT_KEY_HANDLE hNCryptKey;

};		} DUMMYUNIONNAME;

// not applicable for hNCryptKey choice		// not applicable for hNCryptKey choice
DWORD dwKeySpec;		DWORD dwKeySpec;

PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;		PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;
DWORD dwRecipientIndex;		DWORD dwRecipientIndex;
} CMSG_CTRL_KEY_TRANS_DECRYPT_PARA, *PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA;		} CMSG_CTRL_KEY_TRANS_DECRYPT_PARA, *PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_AGREE_DECRYPT		// CMSG_CTRL_KEY_AGREE_DECRYPT

skipping to change at line 7694		skipping to change at line 7783
//		//
// Note, the message can only be decrypted once.		// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA {		typedef struct _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA {
DWORD cbSize;		DWORD cbSize;

// NCryptIsKeyHandle() is called to determine the union choice.		// NCryptIsKeyHandle() is called to determine the union choice.
union {		union {
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;		NCRYPT_KEY_HANDLE hNCryptKey;

};		} DUMMYUNIONNAME;

// not applicable for hNCryptKey choice		// not applicable for hNCryptKey choice
DWORD dwKeySpec;		DWORD dwKeySpec;

PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;		PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;
DWORD dwRecipientIndex;		DWORD dwRecipientIndex;
DWORD dwRecipientEncryptedKeyIndex;		DWORD dwRecipientEncryptedKeyIndex;
CRYPT_BIT_BLOB OriginatorPublicKey;		CRYPT_BIT_BLOB OriginatorPublicKey;
} CMSG_CTRL_KEY_AGREE_DECRYPT_PARA, *PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA;		} CMSG_CTRL_KEY_AGREE_DECRYPT_PARA, *PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA;


skipping to change at line 7741		skipping to change at line 7830
DWORD cbSize;		DWORD cbSize;
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;		PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;
DWORD dwRecipientIndex;		DWORD dwRecipientIndex;
DWORD dwKeyChoice;		DWORD dwKeyChoice;
union {		union {
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE		// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
HCRYPTKEY hKeyEncryptionKey;		HCRYPTKEY hKeyEncryptionKey;
// Reserve space for a potential pointer choice		// Reserve space for a potential pointer choice
void *pvKeyEncryptionKey;		void *pvKeyEncryptionKey;

};		} DUMMYUNIONNAME;
} CMSG_CTRL_MAIL_LIST_DECRYPT_PARA, *PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA;		} CMSG_CTRL_MAIL_LIST_DECRYPT_PARA, *PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CMSG_CTRL_VERIFY_HASH		// CMSG_CTRL_VERIFY_HASH
//		//
// Verify the hash of a HASHED message after it has been decoded.		// Verify the hash of a HASHED message after it has been decoded.
//		//
// Only the hCryptMsg parameter is used, to specify the message whose		// Only the hCryptMsg parameter is used, to specify the message whose
// hash is being verified.		// hash is being verified.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

skipping to change at line 8040		skipping to change at line 8129
DWORD cRecipients;		DWORD cRecipients;
PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients;		PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients;
PFN_CMSG_ALLOC pfnAlloc;		PFN_CMSG_ALLOC pfnAlloc;
PFN_CMSG_FREE pfnFree;		PFN_CMSG_FREE pfnFree;
DWORD dwEncryptFlags;		DWORD dwEncryptFlags;
union {		union {
// fCNG == FALSE		// fCNG == FALSE
HCRYPTKEY hContentEncryptKey;		HCRYPTKEY hContentEncryptKey;
// fCNG == TRUE		// fCNG == TRUE
BCRYPT_KEY_HANDLE hCNGContentEncryptKey;		BCRYPT_KEY_HANDLE hCNGContentEncryptKey;

};		} DUMMYUNIONNAME;
DWORD dwFlags;		DWORD dwFlags;

BOOL fCNG;		BOOL fCNG;
// When fCNG == TRUE, pfnAlloc'ed		// When fCNG == TRUE, pfnAlloc'ed
BYTE *pbCNGContentEncryptKeyObject;		BYTE *pbCNGContentEncryptKeyObject;
BYTE *pbContentEncryptKey;		BYTE *pbContentEncryptKey;
DWORD cbContentEncryptKey;		DWORD cbContentEncryptKey;
} CMSG_CONTENT_ENCRYPT_INFO, *PCMSG_CONTENT_ENCRYPT_INFO;		} CMSG_CONTENT_ENCRYPT_INFO, *PCMSG_CONTENT_ENCRYPT_INFO;

#define CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG 0x00000001		#define CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG 0x00000001

skipping to change at line 8212		skipping to change at line 8301
DWORD cbSize;		DWORD cbSize;
DWORD dwRecipientIndex;		DWORD dwRecipientIndex;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;		CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
CRYPT_DATA_BLOB UserKeyingMaterial;		CRYPT_DATA_BLOB UserKeyingMaterial;
DWORD dwOriginatorChoice;		DWORD dwOriginatorChoice;
union {		union {
// CMSG_KEY_AGREE_ORIGINATOR_CERT		// CMSG_KEY_AGREE_ORIGINATOR_CERT
CERT_ID OriginatorCertId;		CERT_ID OriginatorCertId;
// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY		// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;		CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;

};		} DUMMYUNIONNAME;
DWORD cKeyAgreeKeyEncryptInfo;		DWORD cKeyAgreeKeyEncryptInfo;
PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *rgpKeyAgreeKeyEncryptInfo;		PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *rgpKeyAgreeKeyEncryptInfo;
DWORD dwFlags;		DWORD dwFlags;
} CMSG_KEY_AGREE_ENCRYPT_INFO, *PCMSG_KEY_AGREE_ENCRYPT_INFO;		} CMSG_KEY_AGREE_ENCRYPT_INFO, *PCMSG_KEY_AGREE_ENCRYPT_INFO;

#define CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG 0x00000001		#define CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG 0x00000001
#define CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG 0x00000002		#define CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG 0x00000002
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG 0x00000004		#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG 0x00000004
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG 0x00000008		#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG 0x00000008
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG 0x00000010		#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG 0x00000010

skipping to change at line 8657		skipping to change at line 8746
#define CERT_FRIENDLY_NAME_PROP_ID 11 // string		#define CERT_FRIENDLY_NAME_PROP_ID 11 // string
#define CERT_PVK_FILE_PROP_ID 12		#define CERT_PVK_FILE_PROP_ID 12
#define CERT_DESCRIPTION_PROP_ID 13 // string		#define CERT_DESCRIPTION_PROP_ID 13 // string
#define CERT_ACCESS_STATE_PROP_ID 14		#define CERT_ACCESS_STATE_PROP_ID 14
#define CERT_SIGNATURE_HASH_PROP_ID 15		#define CERT_SIGNATURE_HASH_PROP_ID 15
#define CERT_SMART_CARD_DATA_PROP_ID 16		#define CERT_SMART_CARD_DATA_PROP_ID 16
#define CERT_EFS_PROP_ID 17		#define CERT_EFS_PROP_ID 17
#define CERT_FORTEZZA_DATA_PROP_ID 18		#define CERT_FORTEZZA_DATA_PROP_ID 18
#define CERT_ARCHIVED_PROP_ID 19		#define CERT_ARCHIVED_PROP_ID 19
#define CERT_KEY_IDENTIFIER_PROP_ID 20		#define CERT_KEY_IDENTIFIER_PROP_ID 20

#define CERT_AUTO_ENROLL_PROP_ID 21 // string:machine DNS name		#define CERT_AUTO_ENROLL_PROP_ID 21 // string:Template name
#define CERT_PUBKEY_ALG_PARA_PROP_ID 22		#define CERT_PUBKEY_ALG_PARA_PROP_ID 22
#define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23		#define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23
#define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24		#define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24
#define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25		#define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25
#define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name		#define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name
#define CERT_DATE_STAMP_PROP_ID 27		#define CERT_DATE_STAMP_PROP_ID 27
#define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28		#define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28
#define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29		#define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29
#define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string		#define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string

// Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.		// Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.

// 36 - 63 are reserved for future element IDs.		// 36 - 62 are reserved for future element IDs.

#define CERT_RENEWAL_PROP_ID 64		#define CERT_RENEWAL_PROP_ID 64
#define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash		#define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash
#define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI ME		#define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI ME
#define CERT_AIA_URL_RETRIEVED_PROP_ID 67		#define CERT_AIA_URL_RETRIEVED_PROP_ID 67
#define CERT_AUTHORITY_INFO_ACCESS_PROP_ID 68		#define CERT_AUTHORITY_INFO_ACCESS_PROP_ID 68
#define CERT_BACKED_UP_PROP_ID 69 // VARIANT_BOOL+FILETIME		#define CERT_BACKED_UP_PROP_ID 69 // VARIANT_BOOL+FILETIME
#define CERT_OCSP_RESPONSE_PROP_ID 70		#define CERT_OCSP_RESPONSE_PROP_ID 70
#define CERT_REQUEST_ORIGINATOR_PROP_ID 71 // string:machine DNS name		#define CERT_REQUEST_ORIGINATOR_PROP_ID 71 // string:machine DNS name
#define CERT_SOURCE_LOCATION_PROP_ID 72 // string		#define CERT_SOURCE_LOCATION_PROP_ID 72 // string

skipping to change at line 8693		skipping to change at line 8782
#define CERT_SMART_CARD_ROOT_INFO_PROP_ID 76 // CRYPT_SMART_CARD_ROOT_INFO		#define CERT_SMART_CARD_ROOT_INFO_PROP_ID 76 // CRYPT_SMART_CARD_ROOT_INFO
#define CERT_NO_AUTO_EXPIRE_CHECK_PROP_ID 77		#define CERT_NO_AUTO_EXPIRE_CHECK_PROP_ID 77
#define CERT_NCRYPT_KEY_HANDLE_PROP_ID 78		#define CERT_NCRYPT_KEY_HANDLE_PROP_ID 78
#define CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID 79		#define CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID 79

#define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80		#define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80
#define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81		#define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81
#define CERT_CA_DISABLE_CRL_PROP_ID 82		#define CERT_CA_DISABLE_CRL_PROP_ID 82
#define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83		#define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83
#define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84		#define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84

#define CERT_FIRST_RESERVED_PROP_ID 85		#define CERT_SUBJECT_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 85
		#define CERT_SUBJECT_DISABLE_CRL_PROP_ID 86
		#define CERT_CEP_PROP_ID 87 // Version+PropFlags+AuthType+Url
		Flags+CESAuthType+Url+Id+CESUrl+ReqId
		// 88 reserved, originally used for CERT_CEP_PROP_ID
		#define CERT_SIGN_HASH_CNG_ALG_PROP_ID 89

		#define CERT_SCARD_PIN_ID_PROP_ID 90
		#define CERT_SCARD_PIN_INFO_PROP_ID 91


		#define CERT_FIRST_RESERVED_PROP_ID 92
#define CERT_LAST_RESERVED_PROP_ID 0x00007FFF		#define CERT_LAST_RESERVED_PROP_ID 0x00007FFF
#define CERT_FIRST_USER_PROP_ID 0x00008000		#define CERT_FIRST_USER_PROP_ID 0x00008000
#define CERT_LAST_USER_PROP_ID 0x0000FFFF		#define CERT_LAST_USER_PROP_ID 0x0000FFFF
// certenrolld_end		// certenrolld_end

#define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) \|\| \		#define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) \|\| \
CERT_MD5_HASH_PROP_ID == (X) \|\| \		CERT_MD5_HASH_PROP_ID == (X) \|\| \
CERT_SIGNATURE_HASH_PROP_ID == (X))		CERT_SIGNATURE_HASH_PROP_ID == (X))

#define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) \|\| \		#define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) \|\| \

skipping to change at line 8820		skipping to change at line 8917
// dwKeySpec is set to the special CERT_NCRYPT_KEY_SPEC to select the		// dwKeySpec is set to the special CERT_NCRYPT_KEY_SPEC to select the
// hNCryptKey choice.		// hNCryptKey choice.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CERT_KEY_CONTEXT {		typedef struct _CERT_KEY_CONTEXT {
DWORD cbSize; // sizeof(CERT_KEY_CONTEXT)		DWORD cbSize; // sizeof(CERT_KEY_CONTEXT)
union {		union {
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;

// dwKeySpec == CERT_NCRYPT_KEY_SPEC		// dwKeySpec == CERT_NCRYPT_KEY_SPEC
NCRYPT_KEY_HANDLE hNCryptKey;		NCRYPT_KEY_HANDLE hNCryptKey;

};		} DUMMYUNIONNAME;
DWORD dwKeySpec;		DWORD dwKeySpec;
} CERT_KEY_CONTEXT, *PCERT_KEY_CONTEXT;		} CERT_KEY_CONTEXT, *PCERT_KEY_CONTEXT;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Cryptographic Smart Card Root Information		// Cryptographic Smart Card Root Information
//		//
// CRYPT_SMART_CARD_ROOT_INFO defines the		// CRYPT_SMART_CARD_ROOT_INFO defines the
// CERT_SMART_CARD_ROOT_INFO_PROP_ID's pvData.		// CERT_SMART_CARD_ROOT_INFO_PROP_ID's pvData.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _ROOT_INFO_LUID {		typedef struct _ROOT_INFO_LUID {

skipping to change at line 8942		skipping to change at line 9039
// Includes flags and location		// Includes flags and location
#define CERT_SYSTEM_STORE_MASK 0xFFFF0000		#define CERT_SYSTEM_STORE_MASK 0xFFFF0000

// Set if pvPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure		// Set if pvPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure
#define CERT_SYSTEM_STORE_RELOCATE_FLAG 0x80000000		#define CERT_SYSTEM_STORE_RELOCATE_FLAG 0x80000000

typedef struct _CERT_SYSTEM_STORE_RELOCATE_PARA {		typedef struct _CERT_SYSTEM_STORE_RELOCATE_PARA {
union {		union {
HKEY hKeyBase;		HKEY hKeyBase;
void *pvBase;		void *pvBase;

};		} DUMMYUNIONNAME;
union {		union {
void *pvSystemStore;		void *pvSystemStore;
LPCSTR pszSystemStore;		LPCSTR pszSystemStore;
LPCWSTR pwszSystemStore;		LPCWSTR pwszSystemStore;

};		} DUMMYUNIONNAME2;
} CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA;		} CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA;

// By default, when the CurrentUser "Root" store is opened, any SystemRegistry		// By default, when the CurrentUser "Root" store is opened, any SystemRegistry
// roots not also on the protected root list are deleted from the cache before		// roots not also on the protected root list are deleted from the cache before
// CertOpenStore() returns. Set the following flag to return all the roots		// CertOpenStore() returns. Set the following flag to return all the roots
// in the SystemRegistry without checking the protected root list.		// in the SystemRegistry without checking the protected root list.
#define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000		#define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000

// Location of the system store:		// Location of the system store:
#define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000		#define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000

skipping to change at line 9136		skipping to change at line 9233
// chain.		// chain.
#define CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100		#define CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100

// Set the following flag to enable revocation checking of the time stamp		// Set the following flag to enable revocation checking of the time stamp
// chain.		// chain.
#define CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200		#define CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// OCM Subcomponents Definitions		// OCM Subcomponents Definitions
//		//

// Reading of the following registry key has been deprecated on Longhorn.		// Reading of the following registry key has been deprecated on Vista.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

// Registry path to the OCM Subcomponents local machine subkey		// Registry path to the OCM Subcomponents local machine subkey
#define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \		#define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents"		L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents"

// REG_DWORD, 1 is installed, 0 is NOT installed		// REG_DWORD, 1 is installed, 0 is NOT installed
#define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate"		#define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate"

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

skipping to change at line 10728		skipping to change at line 10825
// CryptEncodeObject(X509_DSS_PARAMETERS). This property may be set		// CryptEncodeObject(X509_DSS_PARAMETERS). This property may be set
// by CryptVerifyCertificateSignatureEx().		// by CryptVerifyCertificateSignatureEx().
//		//
// CERT_CROSS_CERT_DIST_POINTS_PROP_ID - location of the cross certs.		// CERT_CROSS_CERT_DIST_POINTS_PROP_ID - location of the cross certs.
// Currently only applicable to certs. pvData points to a CRYPT_DATA_BLOB		// Currently only applicable to certs. pvData points to a CRYPT_DATA_BLOB
// containing an ASN.1 encoded CROSS_CERT_DIST_POINTS_INFO (encoded via		// containing an ASN.1 encoded CROSS_CERT_DIST_POINTS_INFO (encoded via
// CryptEncodeObject(X509_CROSS_CERT_DIST_POINTS)).		// CryptEncodeObject(X509_CROSS_CERT_DIST_POINTS)).
//		//
// CERT_ENROLLMENT_PROP_ID - enrollment information of the pending request.		// CERT_ENROLLMENT_PROP_ID - enrollment information of the pending request.
// It contains RequestID, CADNSName, CAName, and FriendlyName.		// It contains RequestID, CADNSName, CAName, and FriendlyName.

// The data format is defined as, the first 4 bytes - pending request ID,		// The data format is defined as: the first 4 bytes - pending request ID,
// next 4 bytes - CADNSName size in characters including null-terminator		// next 4 bytes - CADNSName size in characters including null-terminator
// followed by CADNSName string with null-terminator,		// followed by CADNSName string with null-terminator,
// next 4 bytes - CAName size in characters including null-terminator		// next 4 bytes - CAName size in characters including null-terminator
// followed by CAName string with null-terminator,		// followed by CAName string with null-terminator,
// next 4 bytes - FriendlyName size in characters including null-terminator		// next 4 bytes - FriendlyName size in characters including null-terminator
// followed by FriendlyName string with null-terminator.		// followed by FriendlyName string with null-terminator.
//		//
// CERT_DATE_STAMP_PROP_ID - contains the time when added to the store		// CERT_DATE_STAMP_PROP_ID - contains the time when added to the store
// by an admin tool. pvData points to a CRYPT_DATA_BLOB containing		// by an admin tool. pvData points to a CRYPT_DATA_BLOB containing
// the FILETIME.		// the FILETIME.

skipping to change at line 10757		skipping to change at line 10854
// to use before doing an URL retrieval.		// to use before doing an URL retrieval.
//		//
// CERT_SOURCE_LOCATION_PROP_ID - contains source location of the CRL or		// CERT_SOURCE_LOCATION_PROP_ID - contains source location of the CRL or
// OCSP. pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL		// OCSP. pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL
// terminated unicode, wide character string. Where,		// terminated unicode, wide character string. Where,
// cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR).		// cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR).
//		//
// CERT_SOURCE_URL_PROP_ID - contains URL for the CRL or OCSP. pvData		// CERT_SOURCE_URL_PROP_ID - contains URL for the CRL or OCSP. pvData
// is the same as for CERT_SOURCE_LOCATION_PROP_ID.		// is the same as for CERT_SOURCE_LOCATION_PROP_ID.
//		//

		// CERT_CEP_PROP_ID - contains Version, PropertyFlags, AuthType,
		// UrlFlags and CESAuthType, followed by the CEPUrl, CEPId, CESUrl and
		// RequestId strings
		// The data format is defined as: the first 4 bytes - property version,
		// next 4 bytes - Property Flags
		// next 4 bytes - Authentication Type
		// next 4 bytes - Url Flags
		// next 4 bytes - CES Authentication Type
		// followed by Url string with null-terminator,
		// followed by Id string with null-terminator,
		// followed by CES Url string with null-terminator,
		// followed by RequestId string with null-terminator.
		// a single null-terminator indicates no string is present.
		//
// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.		// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
//		//
// If the property already exists, then, the old value is deleted and silently		// If the property already exists, then, the old value is deleted and silently
// replaced. Setting, pvData to NULL, deletes the property.		// replaced. Setting, pvData to NULL, deletes the property.
//		//
// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any		// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any
// provider write errors and always update the cached context's property.		// provider write errors and always update the cached context's property.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32API		WINCRYPT32API
BOOL		BOOL

skipping to change at line 12970		skipping to change at line 13081
PCCRL_CONTEXT pBaseCrlContext;		PCCRL_CONTEXT pBaseCrlContext;
PCCRL_CONTEXT pDeltaCrlContext;		PCCRL_CONTEXT pDeltaCrlContext;

// When revoked, points to entry in either of the above CRL contexts.		// When revoked, points to entry in either of the above CRL contexts.
// Don't free.		// Don't free.
PCRL_ENTRY pCrlEntry;		PCRL_ENTRY pCrlEntry;
BOOL fDeltaCrlEntry; // TRUE if in pDeltaCrlContext		BOOL fDeltaCrlEntry; // TRUE if in pDeltaCrlContext
} CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO;		} CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

		// This data structure is optionally pointed to by the pChainPara field
		// in the CERT_REVOCATION_PARA and CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO
		// data structures.
		//
		// Its struct definition follows the CertGetCertificateChain() API
		// definition below.
		//--------------------------------------------------------------------------
		typedef struct _CERT_REVOCATION_CHAIN_PARA
		CERT_REVOCATION_CHAIN_PARA,
		*PCERT_REVOCATION_CHAIN_PARA;

		//+-------------------------------------------------------------------------
// The following data structure may be passed to CertVerifyRevocation to		// The following data structure may be passed to CertVerifyRevocation to
// assist in finding the issuer of the context to be verified.		// assist in finding the issuer of the context to be verified.
//		//
// When pIssuerCert is specified, pIssuerCert is the issuer of		// When pIssuerCert is specified, pIssuerCert is the issuer of
// rgpvContext[cContext - 1].		// rgpvContext[cContext - 1].
//		//
// When cCertStore and rgCertStore are specified, these stores may contain		// When cCertStore and rgCertStore are specified, these stores may contain
// an issuer certificate.		// an issuer certificate.
//		//
// When hCrlStore is specified then a handler which uses CRLs can search this		// When hCrlStore is specified then a handler which uses CRLs can search this

skipping to change at line 13024		skipping to change at line 13147
// CRL contexts must be freed by the caller.		// CRL contexts must be freed by the caller.
//		//
// The CRL info is only applicable to the last context checked. If		// The CRL info is only applicable to the last context checked. If
// interested in this information, then, CertVerifyRevocation should be		// interested in this information, then, CertVerifyRevocation should be
// called with cContext = 1.		// called with cContext = 1.
PCERT_REVOCATION_CRL_INFO pCrlInfo;		PCERT_REVOCATION_CRL_INFO pCrlInfo;

// If nonNULL, any cached information before this time is considered		// If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval.		// time invalid and forces a wire retrieval.
LPFILETIME pftCacheResync;		LPFILETIME pftCacheResync;


		// If nonNULL, CertGetCertificateChain() parameters used by the caller.
		// Enables independent OCSP signer certificate chain verification.
		PCERT_REVOCATION_CHAIN_PARA pChainPara;
#endif		#endif
} CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;		} CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// The following data structure is returned by CertVerifyRevocation to		// The following data structure is returned by CertVerifyRevocation to
// specify the status of the revoked or unchecked context. Review the		// specify the status of the revoked or unchecked context. Review the
// following CertVerifyRevocation comments for details.		// following CertVerifyRevocation comments for details.
//		//
// Upon input to CertVerifyRevocation, cbSize must be set to a size		// Upon input to CertVerifyRevocation, cbSize must be set to a size
// >= (offsetof(CERT_REVOCATION_STATUS, dwReason) + sizeof(DWORD) ).		// >= (offsetof(CERT_REVOCATION_STATUS, dwReason) + sizeof(DWORD) ).

skipping to change at line 13423		skipping to change at line 13550
CryptHashCertificate(		CryptHashCertificate(
__in_opt HCRYPTPROV_LEGACY hCryptProv,		__in_opt HCRYPTPROV_LEGACY hCryptProv,
__in ALG_ID Algid,		__in ALG_ID Algid,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded,		__in_bcount_opt(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded,		__in DWORD cbEncoded,
__out_bcount_part_opt(pcbComputedHash, pcbComputedHash) BYTE *pbComputedHa sh,		__out_bcount_part_opt(pcbComputedHash, pcbComputedHash) BYTE *pbComputedHa sh,
__inout DWORD *pcbComputedHash		__inout DWORD *pcbComputedHash
);		);


		#if (NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Hash the encoded content using the CNG hash algorithm provider.		// Hash the encoded content using the CNG hash algorithm provider.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptHashCertificate2(		CryptHashCertificate2(
__in LPCWSTR pwszCNGHashAlgid,		__in LPCWSTR pwszCNGHashAlgid,
__in DWORD dwFlags,		__in DWORD dwFlags,
__reserved void *pvReserved,		__reserved void *pvReserved,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded,		__in_bcount_opt(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded,		__in DWORD cbEncoded,
__out_bcount_part_opt(pcbComputedHash, pcbComputedHash) BYTE *pbComputedHa sh,		__out_bcount_part_opt(pcbComputedHash, pcbComputedHash) BYTE *pbComputedHa sh,
__inout DWORD *pcbComputedHash		__inout DWORD *pcbComputedHash
);		);


		#endif // (NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Sign the "to be signed" information in the encoded signed content.		// Sign the "to be signed" information in the encoded signed content.
//		//
// hCryptProvOrNCryptKey specifies the crypto provider to use to do the		// hCryptProvOrNCryptKey specifies the crypto provider to use to do the
// signature. It uses the specified private key.		// signature. It uses the specified private key.
//		//
// If the SignatureAlgorithm is a hash algorithm, then, the signature		// If the SignatureAlgorithm is a hash algorithm, then, the signature
// contains the hash octets. A private key isn't used to encrypt the hash.		// contains the hash octets. A private key isn't used to encrypt the hash.
// dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an		// dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an
// appropriate default provider will be used for hashing.		// appropriate default provider will be used for hashing.

skipping to change at line 13857		skipping to change at line 13988
typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) (		typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in NCRYPT_KEY_HANDLE hNCryptKey,		__in NCRYPT_KEY_HANDLE hNCryptKey,
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in LPSTR pszPublicKeyObjId,		__in LPSTR pszPublicKeyObjId,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_opt void *pvAuxInfo,		__in_opt void *pvAuxInfo,
__out_bcount_part_opt(pcbInfo, pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,		__out_bcount_part_opt(pcbInfo, pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo		__inout DWORD *pcbInfo
);		);


		#if (NTDDI_VERSION >= NTDDI_WIN7)

		//+-------------------------------------------------------------------------
		// Export the public key info associated with the provider's corresponding
		// private key.
		//
		// Uses the dwCertEncodingType and pszPublicKeyObjId to call the
		// installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC. The
		// called function has the same signature as
		// CryptExportPublicKeyInfoFromBCryptKeyHandle.
		//
		// If unable to find an installable OID function for the pszPublicKeyObjId,
		// attempts to export as a RSA Public Key (szOID_RSA_RSA).
		//
		// The dwFlags and pvAuxInfo aren't used for szOID_RSA_RSA.
		//
		// In addition dwFlags can be set with the following 2 flags passed directly
		// to CryptFindOIDInfo:
		// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
		// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
		//--------------------------------------------------------------------------

		WINCRYPT32API
		BOOL
		WINAPI
		CryptExportPublicKeyInfoFromBCryptKeyHandle(
		__in BCRYPT_KEY_HANDLE hBCryptKey,
		__in DWORD dwCertEncodingType,
		__in_opt LPSTR pszPublicKeyObjId,
		__in DWORD dwFlags,
		__in_opt void *pvAuxInfo,
		__out_bcount_part_opt(pcbInfo, pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
		__inout DWORD *pcbInfo
		);

		//+-------------------------------------------------------------------------
		// Export CNG PublicKeyInfo OID installable function. Note, not called
		// for a HCRYPTPROV or NCRYPT_KEY_HANDLE choice.
		//--------------------------------------------------------------------------
		#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC \
		"CryptDllExportPublicKeyInfoFromBCryptKeyHandle"
		typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC)
		(
		__in BCRYPT_KEY_HANDLE hBCryptKey,
		__in DWORD dwCertEncodingType,
		__in LPSTR pszPublicKeyObjId,
		__in DWORD dwFlags,
		__in_opt void *pvAuxInfo,
		__out_bcount_part_opt(pcbInfo, pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
		__inout DWORD *pcbInfo
		);

		#endif // (NTDDI_VERSION >= NTDDI_WIN7)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Convert and import the public key info into the provider and return a		// Convert and import the public key info into the provider and return a
// handle to the public key.		// handle to the public key.
//		//
// Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and		// Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and
// pvAuxInfo = NULL.		// pvAuxInfo = NULL.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI

skipping to change at line 13903		skipping to change at line 14087
CryptImportPublicKeyInfoEx(		CryptImportPublicKeyInfoEx(
__in HCRYPTPROV hCryptProv,		__in HCRYPTPROV hCryptProv,
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo,		__in PCERT_PUBLIC_KEY_INFO pInfo,
__in ALG_ID aiKeyAlg,		__in ALG_ID aiKeyAlg,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_opt void *pvAuxInfo,		__in_opt void *pvAuxInfo,
__out HCRYPTKEY *phKey		__out HCRYPTKEY *phKey
);		);


		#if (NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Convert and import the public key info into the CNG asymmetric or		// Convert and import the public key info into the CNG asymmetric or
// signature algorithm provider and return a BCRYPT_KEY_HANDLE to it.		// signature algorithm provider and return a BCRYPT_KEY_HANDLE to it.
//		//
// Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the		// Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function		// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function
// has the same signature as CryptImportPublicKeyInfoEx2.		// has the same signature as CryptImportPublicKeyInfoEx2.
//		//
// dwFlags can be set with the following 2 flags passed directly to		// dwFlags can be set with the following 2 flags passed directly to
// CryptFindOIDInfo:		// CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG		// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG		// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG

		// dwFlags can also have BCRYPT_NO_KEY_VALIDATION OR'd in. This flag is
		// passed to BCryptImportKeyPair.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptImportPublicKeyInfoEx2(		CryptImportPublicKeyInfoEx2(
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo,		__in PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_opt void *pvAuxInfo,		__in_opt void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey		__out BCRYPT_KEY_HANDLE *phKey

skipping to change at line 13940		skipping to change at line 14128
#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \		#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \
"CryptDllImportPublicKeyInfoEx2"		"CryptDllImportPublicKeyInfoEx2"
typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) (		typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in DWORD dwCertEncodingType,		__in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo,		__in PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags,		__in DWORD dwFlags,
__in_opt void *pvAuxInfo,		__in_opt void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey		__out BCRYPT_KEY_HANDLE *phKey
);		);


		#endif // (NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the		// Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the
// specified certificate context. Uses the certificate's		// specified certificate context. Uses the certificate's
// CERT_KEY_PROV_INFO_PROP_ID property.		// CERT_KEY_PROV_INFO_PROP_ID property.
// The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be		// The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be
// cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property.		// cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property.
//		//
// If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and		// If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and
// cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its		// cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its
// returned. Otherwise, a HCRYPTPROV or NCRYPT_KEY_HANDLE is acquired and		// returned. Otherwise, a HCRYPTPROV or NCRYPT_KEY_HANDLE is acquired and

skipping to change at line 14128		skipping to change at line 14318
__in DWORD dwKeySpec, // in		__in DWORD dwKeySpec, // in
__in LPSTR pszPrivateKeyObjId, // in		__in LPSTR pszPrivateKeyObjId, // in
__in DWORD dwFlags, // in		__in DWORD dwFlags, // in
__in_opt void* pvAuxInfo, // in		__in_opt void* pvAuxInfo, // in
__out_bcount_opt (pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO pPrivateKeyInf o, // out		__out_bcount_opt (pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO pPrivateKeyInf o, // out
__inout DWORD* pcbPrivateKeyInfo // in, out		__inout DWORD* pcbPrivateKeyInfo // in, out
);		);

#define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx "		#define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx "


#define CRYPT_DELETE_KEYSET 0x0001		#define CRYPT_DELETE_KEYSET CRYPT_DELETEKEYSET
//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex		// CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex
//		//
// Export the private key in PKCS8 format		// Export the private key in PKCS8 format
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptExportPKCS8(		CryptExportPKCS8(
__in HCRYPTPROV hCryptProv, // in		__in HCRYPTPROV hCryptProv, // in

skipping to change at line 14326		skipping to change at line 14516
// the above quoting.		// the above quoting.
//		//
// CERT_NAME_STR_REVERSE_FLAG can be or'ed into dwStrType to reverse the		// CERT_NAME_STR_REVERSE_FLAG can be or'ed into dwStrType to reverse the
// order of the RDNs before converting to the string.		// order of the RDNs before converting to the string.
//		//
// By default, CERT_RDN_T61_STRING encoded values are initially decoded		// By default, CERT_RDN_T61_STRING encoded values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.		// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG can be or'ed into dwStrType to		// CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG can be or'ed into dwStrType to
// skip the initial attempt to decode as UTF8.		// skip the initial attempt to decode as UTF8.
//		//

		// CERT_NAME_STR_ENABLE_PUNYCODE_FLAG can be or'ed into dwStrType to enable
		// encoding/decoding of unicode characters in email RDN value.
		//
// Returns the number of characters converted including the terminating null		// Returns the number of characters converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the		// character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char).		// destination string (including the terminating null char).
//		//
// If psz != NULL && csz != 0, returned psz is always NULL terminated.		// If psz != NULL && csz != 0, returned psz is always NULL terminated.
//		//
// Note: csz includes the NULL char.		// Note: csz includes the NULL char.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

skipping to change at line 14390		skipping to change at line 14583
#define CERT_NAME_STR_CRLF_FLAG 0x08000000		#define CERT_NAME_STR_CRLF_FLAG 0x08000000
#define CERT_NAME_STR_COMMA_FLAG 0x04000000		#define CERT_NAME_STR_COMMA_FLAG 0x04000000
#define CERT_NAME_STR_REVERSE_FLAG 0x02000000		#define CERT_NAME_STR_REVERSE_FLAG 0x02000000
#define CERT_NAME_STR_FORWARD_FLAG 0x01000000		#define CERT_NAME_STR_FORWARD_FLAG 0x01000000

#define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000		#define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000
#define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000		#define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000
#define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000		#define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000
#define CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000		#define CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000
#define CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 0x00100000		#define CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 0x00100000

		#define CERT_NAME_STR_ENABLE_PUNYCODE_FLAG 0x00200000
// certenrolld_end		// certenrolld_end

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Convert the null terminated X500 string to an encoded certificate name.		// Convert the null terminated X500 string to an encoded certificate name.
//		//
// The input string is expected to be formatted the same as the output		// The input string is expected to be formatted the same as the output
// from the above CertNameToStr API.		// from the above CertNameToStr API.
//		//
// The CERT_SIMPLE_NAME_STR type and CERT_XML_NAME_STR aren't supported.		// The CERT_SIMPLE_NAME_STR type and CERT_XML_NAME_STR aren't supported.
// Otherwise, when dwStrType		// Otherwise, when dwStrType

skipping to change at line 14971		skipping to change at line 15165
// LastError will be updated with E_INVALIDARG.		// LastError will be updated with E_INVALIDARG.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CRYPT_KEY_SIGN_MESSAGE_PARA {		typedef struct _CRYPT_KEY_SIGN_MESSAGE_PARA {
DWORD cbSize;		DWORD cbSize;
DWORD dwMsgAndCertEncodingType;		DWORD dwMsgAndCertEncodingType;

// NCryptIsKeyHandle() is called to determine the union choice.		// NCryptIsKeyHandle() is called to determine the union choice.
union {		union {
HCRYPTPROV hCryptProv;		HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;		NCRYPT_KEY_HANDLE hNCryptKey;

};		} DUMMYUNIONNAME;

// not applicable for hNCryptKey choice		// not applicable for hNCryptKey choice
DWORD dwKeySpec;		DWORD dwKeySpec;

CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;		CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo;		void *pvHashAuxInfo;
// This is also referred to as the SignatureAlgorithm		// This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER PubKeyAlgorithm;		CRYPT_ALGORITHM_IDENTIFIER PubKeyAlgorithm;
} CRYPT_KEY_SIGN_MESSAGE_PARA, *PCRYPT_KEY_SIGN_MESSAGE_PARA;		} CRYPT_KEY_SIGN_MESSAGE_PARA, *PCRYPT_KEY_SIGN_MESSAGE_PARA;


skipping to change at line 16462		skipping to change at line 16656
// This will be retrieved from the authority info access and		// This will be retrieved from the authority info access and
// CRL distribution point extension or property on the certificate.		// CRL distribution point extension or property on the certificate.
// If any OCSP URLs are present, they will be first with each URL prefixed		// If any OCSP URLs are present, they will be first with each URL prefixed
// with L"ocsp:". The L"ocsp:" prefix should be removed before using.		// with L"ocsp:". The L"ocsp:" prefix should be removed before using.
//		//
// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP		// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP
//		//
// Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except,		// Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except,
// the CRL URLs will be first		// the CRL URLs will be first
//		//

		// URL_OID_CERTIFICATE_ONLY_OCSP
		//
		// Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except,
		// only OCSP URLs are retrieved.
		//
// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS		// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS
//		//
// pvPara == PCCERT_CONTEXT, certificate whose cross certificates		// pvPara == PCCERT_CONTEXT, certificate whose cross certificates
// are being requested		// are being requested
//		//
// This will be retrieved from the Authority Info Access		// This will be retrieved from the Authority Info Access
// extension or property on the certificate. Only access methods		// extension or property on the certificate. Only access methods
// matching szOID_PKIX_CA_REPOSITORY will be returned.		// matching szOID_PKIX_CA_REPOSITORY will be returned.

#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1)		#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1)

skipping to change at line 16483		skipping to change at line 16682
#define URL_OID_CTL_ISSUER ((LPCSTR)3)		#define URL_OID_CTL_ISSUER ((LPCSTR)3)
#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4)		#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4)
#define URL_OID_CRL_ISSUER ((LPCSTR)5)		#define URL_OID_CRL_ISSUER ((LPCSTR)5)
#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6)		#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6)
#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7)		#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7)
#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8)		#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8)
#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9)		#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9)
#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10)		#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10)
#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11)		#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11)
#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12)		#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12)

		#define URL_OID_CERTIFICATE_ONLY_OCSP ((LPCSTR)13)

typedef struct _CERT_CRL_CONTEXT_PAIR {		typedef struct _CERT_CRL_CONTEXT_PAIR {
PCCERT_CONTEXT pCertContext;		PCCERT_CONTEXT pCertContext;
PCCRL_CONTEXT pCrlContext;		PCCRL_CONTEXT pCrlContext;
} CERT_CRL_CONTEXT_PAIR, *PCERT_CRL_CONTEXT_PAIR;		} CERT_CRL_CONTEXT_PAIR, *PCERT_CRL_CONTEXT_PAIR;
typedef const CERT_CRL_CONTEXT_PAIR *PCCERT_CRL_CONTEXT_PAIR;		typedef const CERT_CRL_CONTEXT_PAIR *PCCERT_CRL_CONTEXT_PAIR;

//		//
// Get a time valid CAPI2 object		// Get a time valid CAPI2 object
//		//

skipping to change at line 16505		skipping to change at line 16705
// The following optional Extra Info may be passed to		// The following optional Extra Info may be passed to
// CryptGetTimeValidObject().		// CryptGetTimeValidObject().
//		//
// All unused fields in this data structure must be zeroed. More fields		// All unused fields in this data structure must be zeroed. More fields
// could be added in a future release.		// could be added in a future release.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef struct _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO {		typedef struct _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO {
DWORD cbSize;		DWORD cbSize;

// If > 0, check that the CRL's number is >=		// If > 0, check that the CRL's number is >=

		// Should be 0x7fffffff if pDeltaCrlIndicator is nonNull
int iDeltaCrlIndicator;		int iDeltaCrlIndicator;

// If nonNULL, any cached information before this time is considered		// If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval.		// time invalid and forces a wire retrieval.
LPFILETIME pftCacheResync;		LPFILETIME pftCacheResync;

// If nonNull, returns the cache's LastSyncTime		// If nonNull, returns the cache's LastSyncTime
LPFILETIME pLastSyncTime;		LPFILETIME pLastSyncTime;

// If nonNull, returns the internal MaxAge expiration time		// If nonNull, returns the internal MaxAge expiration time
// for the object. If the object doesn't have a MaxAge expiration, set		// for the object. If the object doesn't have a MaxAge expiration, set
// to zero.		// to zero.
LPFILETIME pMaxAgeTime;		LPFILETIME pMaxAgeTime;


		// If nonNULL, CertGetCertificateChain() parameters used by the caller.
		// Enables independent OCSP signer certificate chain verification.
		PCERT_REVOCATION_CHAIN_PARA pChainPara;

		// Should be used if the DeltaCrlIndicator value is more than 4 bytes
		// If nonNull and iDeltaCrlIndicator == MAXLONG, check that the CRL's number
		is >=
		PCRYPT_INTEGER_BLOB pDeltaCrlIndicator;

} CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO,		} CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO,
*PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO;		*PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO;

WINCRYPT32API		WINCRYPT32API
__success(return == TRUE)		__success(return == TRUE)
BOOL		BOOL
WINAPI		WINAPI
CryptGetTimeValidObject (		CryptGetTimeValidObject (
__in LPCSTR pszTimeValidOid,		__in LPCSTR pszTimeValidOid,
__in LPVOID pvPara,		__in LPVOID pvPara,

skipping to change at line 16718		skipping to change at line 16928
#define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF		#define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF

//		//
// flags specific to base provider		// flags specific to base provider
//		//

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptProtectData(		CryptProtectData(

IN DATA_BLOB* pDataIn,		__in DATA_BLOB* pDataIn,
__in_opt LPCWSTR szDataDescr,		__in_opt LPCWSTR szDataDescr,

IN OPTIONAL DATA_BLOB* pOptionalEntropy,		__in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved,		__reserved PVOID pvReserved,

IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,		__in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
IN DWORD dwFlags,		__in DWORD dwFlags,
OUT DATA_BLOB* pDataOut // out encr blob		__out DATA_BLOB* pDataOut // out encr blob
);		);

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptUnprotectData(		CryptUnprotectData(

IN DATA_BLOB* pDataIn, // in encr blob		__in DATA_BLOB* pDataIn, // in encr blob
__deref_opt_out_opt LPWSTR* ppszDataDescr, // out		__deref_opt_out_opt LPWSTR* ppszDataDescr, // out

IN OPTIONAL DATA_BLOB* pOptionalEntropy,		__in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved,		__reserved PVOID pvReserved,

IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,		__in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
IN DWORD dwFlags,		__in DWORD dwFlags,
OUT DATA_BLOB* pDataOut		__out DATA_BLOB* pDataOut
);		);


		#if (NTDDI_VERSION >= NTDDI_WINLH)

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptUpdateProtectedState(		CryptUpdateProtectedState(
__in_opt PSID pOldSid,		__in_opt PSID pOldSid,
__in_opt LPCWSTR pwszOldPassword,		__in_opt LPCWSTR pwszOldPassword,
__in DWORD dwFlags,		__in DWORD dwFlags,
__out_opt DWORD *pdwSuccessCount,		__out_opt DWORD *pdwSuccessCount,
__out_opt DWORD *pdwFailureCount);		__out_opt DWORD *pdwFailureCount);


		#endif // (NTDDI_VERSION >= NTDDI_WINLH)

//		//
// The buffer length passed into CryptProtectMemory and CryptUnprotectMemory		// The buffer length passed into CryptProtectMemory and CryptUnprotectMemory
// must be a multiple of this length (or zero).		// must be a multiple of this length (or zero).
//		//

#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16		#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16

//		//
// CryptProtectMemory/CryptUnprotectMemory dwFlags		// CryptProtectMemory/CryptUnprotectMemory dwFlags
//		//

skipping to change at line 16785		skipping to change at line 16999
// Encrypt/Decrypt across callers with same LogonId.		// Encrypt/Decrypt across callers with same LogonId.
// eg: encrypted buffer passed across LPC to another process which calls CryptUn protectMemory whilst impersonating.		// eg: encrypted buffer passed across LPC to another process which calls CryptUn protectMemory whilst impersonating.
//		//

#define CRYPTPROTECTMEMORY_SAME_LOGON 0x02		#define CRYPTPROTECTMEMORY_SAME_LOGON 0x02

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptProtectMemory(		CryptProtectMemory(

IN OUT LPVOID pDataIn, // in out data to encry		__inout LPVOID pDataIn, // in out data to encry
pt		pt
IN DWORD cbDataIn, // multiple of CRYPTPRO		__in DWORD cbDataIn, // multiple of CRYPTPRO
TECTMEMORY_BLOCK_SIZE		TECTMEMORY_BLOCK_SIZE
IN DWORD dwFlags		__in DWORD dwFlags
);		);

WINCRYPT32API		WINCRYPT32API
BOOL		BOOL
WINAPI		WINAPI
CryptUnprotectMemory(		CryptUnprotectMemory(

IN OUT LPVOID pDataIn, // in out data to decry		__inout LPVOID pDataIn, // in out data to decry
pt		pt
IN DWORD cbDataIn, // multiple of CRYPTPRO		__in DWORD cbDataIn, // multiple of CRYPTPRO
TECTMEMORY_BLOCK_SIZE		TECTMEMORY_BLOCK_SIZE
IN DWORD dwFlags		__in DWORD dwFlags
);		);

//+=========================================================================		//+=========================================================================
// Helper functions to build certificates		// Helper functions to build certificates
//==========================================================================		//==========================================================================

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
//		//
// Builds a self-signed certificate and returns a PCCERT_CONTEXT representing		// Builds a self-signed certificate and returns a PCCERT_CONTEXT representing
// the certificate. A hProv may be specified to build the cert context.		// the certificate. A hProv may be specified to build the cert context.

skipping to change at line 17015		skipping to change at line 17229
__inout DWORD *pcbHash		__inout DWORD *pcbHash
);		);

//+=========================================================================		//+=========================================================================
// Certificate Chaining Infrastructure		// Certificate Chaining Infrastructure
//==========================================================================		//==========================================================================

#define CERT_CHAIN_CONFIG_REGPATH \		#define CERT_CHAIN_CONFIG_REGPATH \
L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config"		L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config"


		// max size of the cryptographic object to download, in bytes
		// NOTE: AIA has different configuration
		#define CERT_CHAIN_MAX_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \
		L"MaxUrlRetrievalByteCount"
		#define CERT_CHAIN_MAX_URL_RETRIEVAL_BYTE_COUNT_DEFAULT (10010241024)

// The following is a REG_BINARY. It contains the cache resync FILETIME.		// The following is a REG_BINARY. It contains the cache resync FILETIME.
// Any cached information before this time is considered time invalid		// Any cached information before this time is considered time invalid
// and forces a wire retrieval. By default this is disabled.		// and forces a wire retrieval. By default this is disabled.

#define CERT_CHAIN_CACHE_RESYNC_FILETIME_VALUE_NAME \		#define CERT_CHAIN_CACHE_RESYNC_FILETIME_VALUE_NAME \
L"ChainCacheResyncFiletime"		L"ChainCacheResyncFiletime"

// The following are REG_DWORD's. These configuration parameters are used		// The following are REG_DWORD's. These configuration parameters are used
// to disable different chain building semantics enabled by default. Set		// to disable different chain building semantics enabled by default. Set
// the appropriate registry value to nonzero to disable.		// the appropriate registry value to nonzero to disable.

skipping to change at line 17050		skipping to change at line 17270

// The following are REG_DWORD's. These configuration parameters are used		// The following are REG_DWORD's. These configuration parameters are used
// to restrict Authority Info Access (AIA) URL retrieval.		// to restrict Authority Info Access (AIA) URL retrieval.

#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_VALUE_NAME \		#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_VALUE_NAME \
L"MaxAIAUrlCountInCert"		L"MaxAIAUrlCountInCert"
#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_DEFAULT 5		#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_DEFAULT 5

#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_VALUE_NAME \		#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_VALUE_NAME \
L"MaxAIAUrlRetrievalCountPerChain"		L"MaxAIAUrlRetrievalCountPerChain"

#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_DEFAULT 10		#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_DEFAULT 3


		// max size of the object to download, specified by a URL in AIA extention, in b ytes
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \		#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \
L"MaxAIAUrlRetrievalByteCount"		L"MaxAIAUrlRetrievalByteCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_DEFAULT 100000		#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_DEFAULT 100000

#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_VALUE_NAME \		#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_VALUE_NAME \
L"MaxAIAUrlRetrievalCertCount"		L"MaxAIAUrlRetrievalCertCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10		#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10

// The following is a REG_DWORD. If the OCSP response NextUpdate is zero,		// The following is a REG_DWORD. If the OCSP response NextUpdate is zero,
// this value is added to the ThisUpdate to get a nonzero NextUpdate.		// this value is added to the ThisUpdate to get a nonzero NextUpdate.

skipping to change at line 17299		skipping to change at line 17520
#define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_DEFAULT \		#define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_DEFAULT \
(5 * 60)		(5 * 60)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// The following configuration parameters are store in HKLM group policy		// The following configuration parameters are store in HKLM group policy
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

#define CERT_GROUP_POLICY_CHAIN_CONFIG_REGPATH \		#define CERT_GROUP_POLICY_CHAIN_CONFIG_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\ChainEngine\\Config"		CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\ChainEngine\\Config"


// In Longhorn, the following have been moved from the above HKLM		// In Vista, the following have been moved from the above HKLM
// configuration parameters:		// configuration parameters:

// The following are REG_DWORD's. These configuration parameters are used		// The following are REG_DWORD's. These configuration parameters are used
// to override the default URL timeouts in chain building		// to override the default URL timeouts in chain building

// This is the default URL timeout in milliseconds		// This is the default URL timeout in milliseconds
#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME \		#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME \
L"ChainUrlRetrievalTimeoutMilliseconds"		L"ChainUrlRetrievalTimeoutMilliseconds"
// 15 seconds		// 15 seconds
#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \		#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(15 * 1000)		(15 * 1000)

// This is the default revocation accumulative URL timeout in milliseconds		// This is the default revocation accumulative URL timeout in milliseconds
// The first revocation URL retrieval uses half of this timeout		// The first revocation URL retrieval uses half of this timeout
#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAM E \		#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAM E \
L"ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds"		L"ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds"
// 20 seconds		// 20 seconds
#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \		#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(20 * 1000)		(20 * 1000)


		// REG_DWORD: Set this value to non-zero in order to enable Internet connections
		// with Unknown Authorization
		#define CERT_RETR_BEHAVIOR_INET_AUTH_VALUE_NAME L"EnableInetUnknownAuth"

		// REG_DWORD: Set this value to non-zero in order to override Internet
		// connectivity status allowing LOCAL to be treated as INTERNET.
		#define CERT_RETR_BEHAVIOR_INET_STATUS_VALUE_NAME L"EnableInetLocal"

		// REG_DWORD: Set this value to non-zero in order to allow
		// file:// URL scheme.
		#define CERT_RETR_BEHAVIOR_FILE_VALUE_NAME L"AllowFileUrlScheme"

		// REG_DWORD: Set this value to non-zero in order to disable
		// LDAP mutual authentication and & encryption.
		#define CERT_RETR_BEHAVIOR_LDAP_VALUE_NAME L"DisableLDAPSignAndEncrypt"

// Note, will allow the machine setting to be used if this value isn't		// Note, will allow the machine setting to be used if this value isn't
// defined.		// defined.

// By default AIA OCSP URLs are before CDP CRL URLs. When the number of cached		// By default AIA OCSP URLs are before CDP CRL URLs. When the number of cached
// OCSP URLs associated with the same CDP extension equal or exceed this		// OCSP URLs associated with the same CDP extension equal or exceed this
// number, the CRL URLs are placed before the OCSP URLs.		// number, the CRL URLs are placed before the OCSP URLs.
#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_VALUE_NAME \		#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_VALUE_NAME \
L"CryptnetCachedOcspSwitchToCrlCount"		L"CryptnetCachedOcspSwitchToCrlCount"
#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_DEFAULT \		#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_DEFAULT \
50		50

// The above registry value can be set to this value, to always place		// The above registry value can be set to this value, to always place
// the CRL URLs before the OCSP URLs. Note, a registry value of 0, uses the		// the CRL URLs before the OCSP URLs. Note, a registry value of 0, uses the
// above default value.		// above default value.
#define CRYPTNET_CRL_BEFORE_OCSP_ENABLE \		#define CRYPTNET_CRL_BEFORE_OCSP_ENABLE \
0xFFFFFFFF		0xFFFFFFFF


// Support for the following was removed in Longhorn. Changed to use		// Support for the following was removed in Vista. Changed to use
// the following OPTIONS flags in HKLM Group Policy		// the following OPTIONS flags in HKLM Group Policy
#define CERT_CHAIN_DISABLE_AIA_URL_RETRIEVAL_VALUE_NAME \		#define CERT_CHAIN_DISABLE_AIA_URL_RETRIEVAL_VALUE_NAME \
L"DisableAIAUrlRetrieval"		L"DisableAIAUrlRetrieval"
// By default AIA Url Retrieval is enabled. Set this registry value to nonzero		// By default AIA Url Retrieval is enabled. Set this registry value to nonzero
// to disable		// to disable

// This is the name of the REG_DWORD for chain engine Options		// This is the name of the REG_DWORD for chain engine Options
#define CERT_CHAIN_OPTIONS_VALUE_NAME \		#define CERT_CHAIN_OPTIONS_VALUE_NAME \
L"Options"		L"Options"
// Disable AIA URL retrieval when this bit is set in the Options		// Disable AIA URL retrieval when this bit is set in the Options
#define CERT_CHAIN_OPTION_DISABLE_AIA_URL_RETRIEVAL 0x2		#define CERT_CHAIN_OPTION_DISABLE_AIA_URL_RETRIEVAL 0x2

		// Enable SIA URL retrieval when this bit is set in the Options
		#define CERT_CHAIN_OPTION_ENABLE_SIA_URL_RETRIEVAL 0x4

#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_VALUE_NAME \		#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_VALUE_NAME \
L"CrossCertDownloadIntervalHours"		L"CrossCertDownloadIntervalHours"
// 7 days		// 7 days
#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_DEFAULT (24 * 7)		#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_DEFAULT (24 * 7)

// When not defined or zero, the CRL validity isn't extended		// When not defined or zero, the CRL validity isn't extended
#define CERT_CHAIN_CRL_VALIDITY_EXT_PERIOD_HOURS_VALUE_NAME \		#define CERT_CHAIN_CRL_VALIDITY_EXT_PERIOD_HOURS_VALUE_NAME \
L"CRLValidityExtensionPeriod"		L"CRLValidityExtensionPeriod"
// 12 hour		// 12 hour

skipping to change at line 17392		skipping to change at line 17631
// Configuration parameters for the certificate chain engine		// Configuration parameters for the certificate chain engine
//		//
// hRestrictedRoot - restrict the root store (must be a subset of "Root")		// hRestrictedRoot - restrict the root store (must be a subset of "Root")
//		//
// hRestrictedTrust - restrict the store for CTLs		// hRestrictedTrust - restrict the store for CTLs
//		//
// hRestrictedOther - restrict the store for certs and CRLs		// hRestrictedOther - restrict the store for certs and CRLs
//		//
// cAdditionalStore, rghAdditionalStore - additional stores		// cAdditionalStore, rghAdditionalStore - additional stores
//		//

// NOTE: The algorithm used to define the stores for the engine is as		// hExclusiveRoot - the root store to be used exclusively.
		// If not NULL, then the restricted stores
		// the system "Root" and "TrustedPeople" are not used
		//
		// hExclusiveTrustedPeople - the trusted people store to be used exclusivel
		y.
		// If not NULL, then the restricted stores
		// the system "Root" and "TrustedPeople" are not used
		//
		// NOTE:
		//
		// (hExclusiveRoot, hExclusiveTrustedPeople) are mutually exclusive
		// with (hRestrictedRoot, hRestrictedTrust, hRestrictedOther).
		// If either hExclusiveRoot or hExclusiveTrustedPeople are used,
		// then all restricted handles must be NULL and non of the system
		// "Root" and "TrustedPeople" are used.
		//
		// The algorithm used to define the stores for the engine is as
// follows:		// follows:
//		//

// hRoot = hRestrictedRoot or System Store "Root"		// If NULL!=hExclusiveRoot or NULL!=hExclusiveTrustedPeople
		// hRoot = hExclusiveRoot
//		//

// hTrust = hRestrictedTrust or hWorld (defined later)		// hTrust = hWorld (defined later)
//		//

// hOther = hRestrictedOther or (hRestrictedTrust == NULL) ? hWorld :		// hOther = hWorld
// hRestrictedTrust + hWorld
//		//

// hWorld = hRoot + "CA" + "My" + "Trust" + rghAdditionalStore		// hWorld = hRoot + hExclusiveTrustedPeople + "CA" + "My" + rghAddi
		tionalStore
		//
		// Else
		// hRoot = hRestrictedRoot or System Store "Root"
		//
		// hTrust = hRestrictedTrust or hWorld (defined later)
		//
		// hOther = hRestrictedOther or (hRestrictedTrust == NULL) ? hWorld
		:
		// hRestrictedTrust + hWorld
		//
		// hWorld = hRoot + "CA" + "My" + "Trust" + rghAdditionalStore
		// Endif
//		//
// dwFlags - flags		// dwFlags - flags
//		//
// CERT_CHAIN_CACHE_END_CERT - information will be cached on		// CERT_CHAIN_CACHE_END_CERT - information will be cached on
// the end cert as well as the other		// the end cert as well as the other
// certs in the chain		// certs in the chain
//		//
// CERT_CHAIN_THREAD_STORE_SYNC - use separate thread for store syncs		// CERT_CHAIN_THREAD_STORE_SYNC - use separate thread for store syncs
// and related cache updates		// and related cache updates
//		//
// CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL - don't hit the wire to get		// CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL - don't hit the wire to get
// URL based objects		// URL based objects
//		//
// dwUrlRetrievalTimeout - timeout for wire based URL object retrievals		// dwUrlRetrievalTimeout - timeout for wire based URL object retrievals
// (milliseconds)		// (milliseconds)
//		//


#define CERT_CHAIN_CACHE_END_CERT 0x00000001		#define CERT_CHAIN_CACHE_END_CERT 0x00000001
#define CERT_CHAIN_THREAD_STORE_SYNC 0x00000002		#define CERT_CHAIN_THREAD_STORE_SYNC 0x00000002
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x00000004		#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x00000004
#define CERT_CHAIN_USE_LOCAL_MACHINE_STORE 0x00000008		#define CERT_CHAIN_USE_LOCAL_MACHINE_STORE 0x00000008
#define CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE 0x00000010		#define CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE 0x00000010
#define CERT_CHAIN_ENABLE_SHARE_STORE 0x00000020		#define CERT_CHAIN_ENABLE_SHARE_STORE 0x00000020

typedef struct _CERT_CHAIN_ENGINE_CONFIG {		typedef struct _CERT_CHAIN_ENGINE_CONFIG {

DWORD cbSize;		DWORD cbSize;
HCERTSTORE hRestrictedRoot;		HCERTSTORE hRestrictedRoot;
HCERTSTORE hRestrictedTrust;		HCERTSTORE hRestrictedTrust;
HCERTSTORE hRestrictedOther;		HCERTSTORE hRestrictedOther;
DWORD cAdditionalStore;		DWORD cAdditionalStore;
HCERTSTORE* rghAdditionalStore;		HCERTSTORE* rghAdditionalStore;
DWORD dwFlags;		DWORD dwFlags;
DWORD dwUrlRetrievalTimeout; // milliseconds		DWORD dwUrlRetrievalTimeout; // milliseconds
DWORD MaximumCachedCertificates;		DWORD MaximumCachedCertificates;
DWORD CycleDetectionModulus;		DWORD CycleDetectionModulus;


		#if (NTDDI_VERSION >= NTDDI_WIN7)
		HCERTSTORE hExclusiveRoot;
		HCERTSTORE hExclusiveTrustedPeople;
		#endif

} CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;		} CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;

WINCRYPT32API		WINCRYPT32API
__success(return == TRUE)		__success(return == TRUE)
BOOL		BOOL
WINAPI		WINAPI
CertCreateCertificateChainEngine (		CertCreateCertificateChainEngine (
__in PCERT_CHAIN_ENGINE_CONFIG pConfig,		__in PCERT_CHAIN_ENGINE_CONFIG pConfig,
__out HCERTCHAINENGINE* phChainEngine		__out HCERTCHAINENGINE* phChainEngine
);		);

skipping to change at line 17554		skipping to change at line 17825
#define CERT_TRUST_IS_SELF_SIGNED 0x00000008		#define CERT_TRUST_IS_SELF_SIGNED 0x00000008

// These can be applied to certificates and chains		// These can be applied to certificates and chains

#define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100		#define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100
#define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200		#define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400		#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400
#define CERT_TRUST_IS_PEER_TRUSTED 0x00000800		#define CERT_TRUST_IS_PEER_TRUSTED 0x00000800
#define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000		#define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000


		// Indicates that the certificate was found in
		// a store specified by hExclusiveRoot or hExclusiveTrustedPeople
		#define CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE 0x00002000

// These can be applied to chains only		// These can be applied to chains only

#define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000		#define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000

//		//
// Each certificate context in a simple chain has a corresponding chain element		// Each certificate context in a simple chain has a corresponding chain element
// in the simple chain context		// in the simple chain context
//		//
// dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set		// dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set
// dwErrorStatus has CERT_TRUST_REVOCATION_STATUS_UNKNOWN, pRevocationInfo set		// dwErrorStatus has CERT_TRUST_REVOCATION_STATUS_UNKNOWN, pRevocationInfo set

skipping to change at line 17620		skipping to change at line 17895
DWORD cbSize;		DWORD cbSize;
PCCERT_CONTEXT pCertContext;		PCCERT_CONTEXT pCertContext;
CERT_TRUST_STATUS TrustStatus;		CERT_TRUST_STATUS TrustStatus;
PCERT_REVOCATION_INFO pRevocationInfo;		PCERT_REVOCATION_INFO pRevocationInfo;

PCERT_ENHKEY_USAGE pIssuanceUsage; // If NULL, any		PCERT_ENHKEY_USAGE pIssuanceUsage; // If NULL, any
PCERT_ENHKEY_USAGE pApplicationUsage; // If NULL, any		PCERT_ENHKEY_USAGE pApplicationUsage; // If NULL, any

LPCWSTR pwszExtendedErrorInfo; // If NULL, none		LPCWSTR pwszExtendedErrorInfo; // If NULL, none
} CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT;		} CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT;

		typedef const CERT_CHAIN_ELEMENT* PCCERT_CHAIN_ELEMENT;

//		//
// The simple chain is an array of chain elements and a summary trust status		// The simple chain is an array of chain elements and a summary trust status
// for the chain		// for the chain
//		//
// rgpElements[0] is the end certificate chain element		// rgpElements[0] is the end certificate chain element
//		//
// rgpElements[cElement-1] is the self-signed "root" certificate chain element		// rgpElements[cElement-1] is the self-signed "root" certificate chain element
//		//


skipping to change at line 17648		skipping to change at line 17924
// fHasRevocationFreshnessTime is only set if we are able to retrieve		// fHasRevocationFreshnessTime is only set if we are able to retrieve
// revocation information for all elements checked for revocation.		// revocation information for all elements checked for revocation.
// For a CRL its CurrentTime - ThisUpdate.		// For a CRL its CurrentTime - ThisUpdate.
//		//
// dwRevocationFreshnessTime is the largest time across all elements		// dwRevocationFreshnessTime is the largest time across all elements
// checked.		// checked.
BOOL fHasRevocationFreshnessTime;		BOOL fHasRevocationFreshnessTime;
DWORD dwRevocationFreshnessTime; // seconds		DWORD dwRevocationFreshnessTime; // seconds

} CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN;		} CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN;

		typedef const CERT_SIMPLE_CHAIN* PCCERT_SIMPLE_CHAIN;

//		//
// And the chain context contains an array of simple chains and summary trust		// And the chain context contains an array of simple chains and summary trust
// status for all the connected simple chains		// status for all the connected simple chains
//		//
// rgpChains[0] is the end certificate simple chain		// rgpChains[0] is the end certificate simple chain
//		//
// rgpChains[cChain-1] is the final (possibly trust list signer) chain which		// rgpChains[cChain-1] is the final (possibly trust list signer) chain which
// ends in a certificate which is contained in the root store		// ends in a certificate which is contained in the root store
//		//

skipping to change at line 17779		skipping to change at line 18056
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x20000000		#define CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x20000000
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x40000000		#define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x40000000
#define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x80000000		#define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x80000000

// By default, the dwUrlRetrievalTimeout in pChainPara is the timeout used		// By default, the dwUrlRetrievalTimeout in pChainPara is the timeout used
// for each revocation URL wire retrieval. When the following flag is set,		// for each revocation URL wire retrieval. When the following flag is set,
// dwUrlRetrievalTimeout is the accumulative timeout across all		// dwUrlRetrievalTimeout is the accumulative timeout across all
// revocation URL wire retrievals.		// revocation URL wire retrievals.
#define CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT 0x08000000		#define CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT 0x08000000


		// Revocation checking for an independent OCSP signer certificate.
		//
		// The above revocation flags indicate if just the signer certificate or all
		// the certificates in the chain, excluding the root should be checked
		// for revocation. If the signer certificate contains the
		// szOID_PKIX_OCSP_NOCHECK extension, then, revocation checking is skipped
		// for the leaf signer certificate. Both OCSP and CRL checking are allowed.
		// However, recursive, independent OCSP signer certs are disabled.
		#define CERT_CHAIN_REVOCATION_CHECK_OCSP_CERT 0x04000000

// First pass determines highest quality based upon:		// First pass determines highest quality based upon:
// - Chain signature valid (higest quality bit of this set)		// - Chain signature valid (higest quality bit of this set)
// - Complete chain		// - Complete chain
// - Trusted root (lowestest quality bit of this set)		// - Trusted root (lowestest quality bit of this set)
// By default, second pass only considers paths >= highest first pass quality		// By default, second pass only considers paths >= highest first pass quality
#define CERT_CHAIN_DISABLE_PASS1_QUALITY_FILTERING 0x00000040		#define CERT_CHAIN_DISABLE_PASS1_QUALITY_FILTERING 0x00000040

#define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS 0x00000080		#define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS 0x00000080

#define CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE 0x00000100		#define CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE 0x00000100

skipping to change at line 17854		skipping to change at line 18141
// Duplicate (add a reference to) a certificate chain		// Duplicate (add a reference to) a certificate chain
//		//

WINCRYPT32API		WINCRYPT32API
PCCERT_CHAIN_CONTEXT		PCCERT_CHAIN_CONTEXT
WINAPI		WINAPI
CertDuplicateCertificateChain (		CertDuplicateCertificateChain (
__in PCCERT_CHAIN_CONTEXT pChainContext		__in PCCERT_CHAIN_CONTEXT pChainContext
);		);


		//+-------------------------------------------------------------------------
		// This data structure is optionally pointed to by the pChainPara field
		// in the CERT_REVOCATION_PARA and CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO
		// data structures. CertGetCertificateChain() populates when it calls
		// the CertVerifyRevocation() API.
		//--------------------------------------------------------------------------
		struct _CERT_REVOCATION_CHAIN_PARA {
		DWORD cbSize;
		HCERTCHAINENGINE hChainEngine;
		HCERTSTORE hAdditionalStore;
		DWORD dwChainFlags;
		DWORD dwUrlRetrievalTimeout; // milliseconds
		LPFILETIME pftCurrentTime;
		LPFILETIME pftCacheResync;

		// Max size of the URL object to download, in bytes.
		// 0 value means no limit.
		DWORD cbMaxUrlRetrievalByteCount;
		};

//		//
// Specific Revocation Type OID and structure definitions		// Specific Revocation Type OID and structure definitions
//		//

//		//
// CRL Revocation OID		// CRL Revocation OID
//		//

#define REVOCATION_OID_CRL_REVOCATION ((LPCSTR)1)		#define REVOCATION_OID_CRL_REVOCATION ((LPCSTR)1)


skipping to change at line 18151		skipping to change at line 18458
//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Predefined verify chain policies		// Predefined verify chain policies
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define CERT_CHAIN_POLICY_BASE ((LPCSTR) 1)		#define CERT_CHAIN_POLICY_BASE ((LPCSTR) 1)
#define CERT_CHAIN_POLICY_AUTHENTICODE ((LPCSTR) 2)		#define CERT_CHAIN_POLICY_AUTHENTICODE ((LPCSTR) 2)
#define CERT_CHAIN_POLICY_AUTHENTICODE_TS ((LPCSTR) 3)		#define CERT_CHAIN_POLICY_AUTHENTICODE_TS ((LPCSTR) 3)
#define CERT_CHAIN_POLICY_SSL ((LPCSTR) 4)		#define CERT_CHAIN_POLICY_SSL ((LPCSTR) 4)
#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS ((LPCSTR) 5)		#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS ((LPCSTR) 5)
#define CERT_CHAIN_POLICY_NT_AUTH ((LPCSTR) 6)		#define CERT_CHAIN_POLICY_NT_AUTH ((LPCSTR) 6)
#define CERT_CHAIN_POLICY_MICROSOFT_ROOT ((LPCSTR) 7)		#define CERT_CHAIN_POLICY_MICROSOFT_ROOT ((LPCSTR) 7)

		#define CERT_CHAIN_POLICY_EV ((LPCSTR) 8)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CERT_CHAIN_POLICY_BASE		// CERT_CHAIN_POLICY_BASE
//		//
// Implements the base chain policy verification checks. dwFlags can		// Implements the base chain policy verification checks. dwFlags can
// be set in pPolicyPara to alter the default policy checking behaviour.		// be set in pPolicyPara to alter the default policy checking behaviour.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// CERT_CHAIN_POLICY_AUTHENTICODE		// CERT_CHAIN_POLICY_AUTHENTICODE

skipping to change at line 18219		skipping to change at line 18527
// pvExtraPolicyPara may optionally be set to point to the following		// pvExtraPolicyPara may optionally be set to point to the following
// SSL_EXTRA_CERT_CHAIN_POLICY_PARA data structure		// SSL_EXTRA_CERT_CHAIN_POLICY_PARA data structure
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------

// fdwChecks flags are defined in wininet.h		// fdwChecks flags are defined in wininet.h
typedef struct _HTTPSPolicyCallbackData		typedef struct _HTTPSPolicyCallbackData
{		{
union {		union {
DWORD cbStruct; // sizeof(HTTPSPolicyCallbackData);		DWORD cbStruct; // sizeof(HTTPSPolicyCallbackData);
DWORD cbSize; // sizeof(HTTPSPolicyCallbackData);		DWORD cbSize; // sizeof(HTTPSPolicyCallbackData);

};		} DUMMYUNIONNAME;

DWORD dwAuthType;		DWORD dwAuthType;
# define AUTHTYPE_CLIENT 1		# define AUTHTYPE_CLIENT 1
# define AUTHTYPE_SERVER 2		# define AUTHTYPE_SERVER 2

DWORD fdwChecks;		DWORD fdwChecks;

WCHAR *pwszServerName; // used to check against CN=xxxx		WCHAR *pwszServerName; // used to check against CN=xxxx

} HTTPSPolicyCallbackData, *PHTTPSPolicyCallbackData,		} HTTPSPolicyCallbackData, *PHTTPSPolicyCallbackData,

skipping to change at line 18309		skipping to change at line 18617
// pPolicyPara is optional. However,		// pPolicyPara is optional. However,
// MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in		// MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in
// the dwFlags in pPolicyPara to also check for the Microsoft Test Roots.		// the dwFlags in pPolicyPara to also check for the Microsoft Test Roots.
//		//
// pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set		// pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set
// to NULL.		// to NULL.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000		#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------

		// CERT_CHAIN_POLICY_EV
		//
		// Verify the issuance policy in the end certificate of the first simple
		// chain matches with the root certificate EV policy.
		//
		// pvExtraPolicyPara may optionally be set to point to the following
		// EV_EXTRA_CERT_CHAIN_POLICY_PARA. The dwRootProgramQualifierFlags member
		// can be set to one or more of the CERT_ROOT_PROGRAM_FLAG_* to define
		// which of the EV policy qualifier bits are required for validation.
		//
		// pvExtraPolicyStatus may optionally be set to point to the following
		// EV_EXTRA_CERT_CHAIN_POLICY_STATUS. The fQualifiers member will contain
		// a combination of CERT_ROOT_PROGRAM_FLAG_* flags.
		//--------------------------------------------------------------------------

		typedef struct _EV_EXTRA_CERT_CHAIN_POLICY_PARA {
		DWORD cbSize;
		DWORD dwRootProgramQualifierFlags;
		} EV_EXTRA_CERT_CHAIN_POLICY_PARA,
		*PEV_EXTRA_CERT_CHAIN_POLICY_PARA;

		typedef struct _EV_EXTRA_CERT_CHAIN_POLICY_STATUS {
		DWORD cbSize;
		DWORD dwQualifiers;
		DWORD dwIssuanceUsageIndex;
		} EV_EXTRA_CERT_CHAIN_POLICY_STATUS, *PEV_EXTRA_CERT_CHAIN_POLICY_STATUS;

		//+-------------------------------------------------------------------------
// convert formatted string to binary		// convert formatted string to binary
// If cchString is 0, then pszString is NULL terminated and		// If cchString is 0, then pszString is NULL terminated and
// cchString is obtained via strlen() + 1.		// cchString is obtained via strlen() + 1.
// dwFlags defines string format		// dwFlags defines string format
// if pbBinary is NULL, *pcbBinary returns the size of required memory		// if pbBinary is NULL, *pcbBinary returns the size of required memory
// *pdwSkip returns the character count of skipped strings, optional		// *pdwSkip returns the character count of skipped strings, optional
// *pdwFlags returns the actual format used in the conversion, optional		// *pdwFlags returns the actual format used in the conversion, optional
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32STRINGAPI		WINCRYPT32STRINGAPI
BOOL		BOOL

skipping to change at line 18410		skipping to change at line 18746
#define CRYPT_STRING_HEX 0x00000004		#define CRYPT_STRING_HEX 0x00000004
#define CRYPT_STRING_HEXASCII 0x00000005		#define CRYPT_STRING_HEXASCII 0x00000005
#define CRYPT_STRING_BASE64_ANY 0x00000006		#define CRYPT_STRING_BASE64_ANY 0x00000006
#define CRYPT_STRING_ANY 0x00000007		#define CRYPT_STRING_ANY 0x00000007
#define CRYPT_STRING_HEX_ANY 0x00000008		#define CRYPT_STRING_HEX_ANY 0x00000008
#define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009		#define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
#define CRYPT_STRING_HEXADDR 0x0000000a		#define CRYPT_STRING_HEXADDR 0x0000000a
#define CRYPT_STRING_HEXASCIIADDR 0x0000000b		#define CRYPT_STRING_HEXASCIIADDR 0x0000000b
#define CRYPT_STRING_HEXRAW 0x0000000c		#define CRYPT_STRING_HEXRAW 0x0000000c


		#define CRYPT_STRING_HASHDATA 0x10000000
		#define CRYPT_STRING_STRICT 0x20000000
#define CRYPT_STRING_NOCRLF 0x40000000		#define CRYPT_STRING_NOCRLF 0x40000000
#define CRYPT_STRING_NOCR 0x80000000		#define CRYPT_STRING_NOCR 0x80000000
// certenrolld_end		// certenrolld_end

// CryptBinaryToString uses the following flags		// CryptBinaryToString uses the following flags
// CRYPT_STRING_BASE64HEADER - base64 format with certificate begin		// CRYPT_STRING_BASE64HEADER - base64 format with certificate begin
// and end headers		// and end headers
// CRYPT_STRING_BASE64 - only base64 without headers		// CRYPT_STRING_BASE64 - only base64 without headers
// CRYPT_STRING_BINARY - pure binary copy		// CRYPT_STRING_BINARY - pure binary copy
// CRYPT_STRING_BASE64REQUESTHEADER - base64 format with request begin		// CRYPT_STRING_BASE64REQUESTHEADER - base64 format with request begin

skipping to change at line 18616		skipping to change at line 18954
__in DWORD dwFlags);		__in DWORD dwFlags);

//+=========================================================================		//+=========================================================================
// APIs to get a non-blocking, time valid OCSP response for		// APIs to get a non-blocking, time valid OCSP response for
// a server certificate chain.		// a server certificate chain.
//		//
// Normally, this OCSP response will be included along with the server		// Normally, this OCSP response will be included along with the server
// certificate in a message returned to the client. As a result only the		// certificate in a message returned to the client. As a result only the
// server should need to contact the OCSP responser for its certificate.		// server should need to contact the OCSP responser for its certificate.
//==========================================================================		//==========================================================================

		#if (NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Server OCSP response handle.		// Server OCSP response handle.
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
typedef VOID *HCERT_SERVER_OCSP_RESPONSE;		typedef VOID *HCERT_SERVER_OCSP_RESPONSE;

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Open a handle to an OCSP response associated with a server certificate		// Open a handle to an OCSP response associated with a server certificate
// chain. If the end certificate doesn't have an OCSP AIA URL, NULL is		// chain. If the end certificate doesn't have an OCSP AIA URL, NULL is
// returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL		// returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL

skipping to change at line 18740		skipping to change at line 19079
// Free the OCSP response context returned by		// Free the OCSP response context returned by
// CertGetServerOcspResponseContext().		// CertGetServerOcspResponseContext().
//--------------------------------------------------------------------------		//--------------------------------------------------------------------------
WINCRYPT32API		WINCRYPT32API
VOID		VOID
WINAPI		WINAPI
CertFreeServerOcspResponseContext(		CertFreeServerOcspResponseContext(
__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext		__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext
);		);


		#endif // (NTDDI_VERSION >= NTDDI_WINLH)

//+-------------------------------------------------------------------------		//+-------------------------------------------------------------------------
// Helper function to do URL retrieval of logo or biometric information		// Helper function to do URL retrieval of logo or biometric information
// specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT		// specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT
// certificate extension.		// certificate extension.
//		//
// Only the first hashed URL matching lpszLogoOrBiometricType is used		// Only the first hashed URL matching lpszLogoOrBiometricType is used
// to do the URL retrieval. Only direct logotypes are supported.		// to do the URL retrieval. Only direct logotypes are supported.
// The bytes at the first URL are retrieved via		// The bytes at the first URL are retrieved via
// CryptRetrieveObjectByUrlW and hashed. The computed hash is compared		// CryptRetrieveObjectByUrlW and hashed. The computed hash is compared
// against the hash in the certificate. For success, ppbData, pcbData		// against the hash in the certificate. For success, ppbData, pcbData

skipping to change at line 18816		skipping to change at line 19157
#define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3)		#define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3)

// Predefined Biometric types		// Predefined Biometric types
#define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000)		#define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000)

#define CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE \		#define CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE \
(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_PICTURE_TYPE)		(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_PICTURE_TYPE)
#define CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE \		#define CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE \
(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_SIGNATURE_TYP E)		(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_SIGNATURE_TYP E)


		//
		// Certificate Selection API
		//

		#if (NTDDI_VERSION >= NTDDI_WIN7)

		typedef struct _CERT_SELECT_CHAIN_PARA
		{
		HCERTCHAINENGINE hChainEngine;
		PFILETIME pTime;
		HCERTSTORE hAdditionalStore;
		PCERT_CHAIN_PARA pChainPara;
		DWORD dwFlags;
		}
		CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA;
		typedef const CERT_SELECT_CHAIN_PARA* PCCERT_SELECT_CHAIN_PARA;

		#define CERT_SELECT_MAX_PARA 500

		typedef struct _CERT_SELECT_CRITERIA
		{
		DWORD dwType;
		DWORD cPara;
		__field_ecount(cPara) void** ppPara;
		}
		CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA;
		typedef const CERT_SELECT_CRITERIA* PCCERT_SELECT_CRITERIA;

		// Selection Criteria

		#define CERT_SELECT_BY_ENHKEY_USAGE 1
		#define CERT_SELECT_BY_KEY_USAGE 2
		#define CERT_SELECT_BY_POLICY_OID 3
		#define CERT_SELECT_BY_PROV_NAME 4
		#define CERT_SELECT_BY_EXTENSION 5
		#define CERT_SELECT_BY_SUBJECT_HOST_NAME 6
		#define CERT_SELECT_BY_ISSUER_ATTR 7
		#define CERT_SELECT_BY_SUBJECT_ATTR 8
		#define CERT_SELECT_BY_ISSUER_NAME 9
		#define CERT_SELECT_BY_PUBLIC_KEY 10
		#define CERT_SELECT_BY_TLS_SIGNATURES 11

		#define CERT_SELECT_LAST CERT_SELECT_BY_TLS_SIGNATURES
		#define CERT_SELECT_MAX (CERT_SELECT_LAST * 3)

		// Selection Flags

		#define CERT_SELECT_ALLOW_EXPIRED 0x00000001
		#define CERT_SELECT_TRUSTED_ROOT 0x00000002
		#define CERT_SELECT_DISALLOW_SELFSIGNED 0x00000004
		#define CERT_SELECT_HAS_PRIVATE_KEY 0x00000008
		#define CERT_SELECT_HAS_KEY_FOR_SIGNATURE 0x00000010
		#define CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE 0x00000020
		#define CERT_SELECT_HARDWARE_ONLY 0x00000040
		#define CERT_SELECT_ALLOW_DUPLICATES 0x00000080

		//+-------------------------------------------------------------------------
		// Build certificate chains from the certificates in the store and select
		// the matching ones based on the flags and selection criteria.
		//--------------------------------------------------------------------------

		WINCRYPT32API
		BOOL
		WINAPI
		CertSelectCertificateChains(
		__in_opt LPCGUID pSelectionContext,
		__in DWORD dwFlags,
		__in_opt PCCERT_SELECT_CHAIN_PARA pChainParameters,
		__in DWORD cCriteria,
		__in_ecount_opt(cCriteria) PCCERT_SELECT_CRITERIA rgpCriteria,
		__in HCERTSTORE hStore,
		__out PDWORD pcSelection,
		__out_ecount(pcSelection) PCCERT_CHAIN_CONTEXT* pprgpSelection
		);

		//+-------------------------------------------------------------------------
		// Free the array of pointers to chain contexts.
		// CertFreeCertificateChain is NOT called for each entry.
		//--------------------------------------------------------------------------

		WINCRYPT32API
		VOID
		WINAPI
		CertFreeCertificateChainList(
		__in PCCERT_CHAIN_CONTEXT* prgpSelection
		);

		#endif // (NTDDI_VERSION >= NTDDI_WIN7)

		//
		// Time stamp API
		//

		#if (NTDDI_VERSION >= NTDDI_WIN7)

		//+-------------------------------------------------------------------------
		// CRYPT_TIMESTAMP_REQUEST
		//
		//--------------------------------------------------------------------------
		#define TIMESTAMP_VERSION 1

		typedef struct _CRYPT_TIMESTAMP_REQUEST
		{
		DWORD dwVersion; // v1
		CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
		CRYPT_DER_BLOB HashedMessage;
		LPSTR pszTSAPolicyId; // OPTIONAL
		CRYPT_INTEGER_BLOB Nonce; // OPTIONAL
		BOOL fCertReq; // DEFAULT FALSE
		DWORD cExtension;
		__field_ecount(cExtension)
		PCERT_EXTENSION rgExtension; // OPTIONAL
		} CRYPT_TIMESTAMP_REQUEST, *PCRYPT_TIMESTAMP_REQUEST;

		//+-------------------------------------------------------------------------
		// CRYPT_TIMESTAMP_RESPONSE
		//
		//--------------------------------------------------------------------------
		typedef struct _CRYPT_TIMESTAMP_RESPONSE
		{
		DWORD dwStatus;
		DWORD cFreeText; // OPTIONAL
		__field_ecount(cFreeText)
		LPWSTR* rgFreeText;
		CRYPT_BIT_BLOB FailureInfo; // OPTIONAL
		CRYPT_DER_BLOB ContentInfo; // OPTIONAL
		} CRYPT_TIMESTAMP_RESPONSE, *PCRYPT_TIMESTAMP_RESPONSE;

		#define TIMESTAMP_STATUS_GRANTED 0
		#define TIMESTAMP_STATUS_GRANTED_WITH_MODS 1
		#define TIMESTAMP_STATUS_REJECTED 2
		#define TIMESTAMP_STATUS_WAITING 3
		#define TIMESTAMP_STATUS_REVOCATION_WARNING 4
		#define TIMESTAMP_STATUS_REVOKED 5

		#define TIMESTAMP_FAILURE_BAD_ALG 0
		#define TIMESTAMP_FAILURE_BAD_REQUEST 2
		#define TIMESTAMP_FAILURE_BAD_FORMAT 5
		#define TIMESTAMP_FAILURE_TIME_NOT_AVAILABLE 14
		#define TIMESTAMP_FAILURE_POLICY_NOT_SUPPORTED 15
		#define TIMESTAMP_FAILURE_EXTENSION_NOT_SUPPORTED 16
		#define TIMESTAMP_FAILURE_INFO_NOT_AVAILABLE 17
		#define TIMESTAMP_FAILURE_SYSTEM_FAILURE 25

		//+-------------------------------------------------------------------------
		// CRYPT_TIMESTAMP_ACCURACY
		//
		//--------------------------------------------------------------------------
		typedef struct _CRYPT_TIMESTAMP_ACCURACY
		{
		DWORD dwSeconds; // OPTIONAL
		DWORD dwMillis; // OPTIONAL
		DWORD dwMicros; // OPTIONAL
		} CRYPT_TIMESTAMP_ACCURACY, *PCRYPT_TIMESTAMP_ACCURACY;

		//+-------------------------------------------------------------------------
		// CRYPT_TIMESTAMP_INFO
		//
		//--------------------------------------------------------------------------
		typedef struct _CRYPT_TIMESTAMP_INFO
		{
		DWORD dwVersion; // v1
		LPSTR pszTSAPolicyId;
		CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
		CRYPT_DER_BLOB HashedMessage;
		CRYPT_INTEGER_BLOB SerialNumber;
		FILETIME ftTime;
		PCRYPT_TIMESTAMP_ACCURACY pvAccuracy; // OPTIONAL
		BOOL fOrdering; // OPTIONAL
		CRYPT_DER_BLOB Nonce; // OPTIONAL
		CRYPT_DER_BLOB Tsa; // OPTIONAL
		DWORD cExtension;
		__field_ecount(cExtension)
		PCERT_EXTENSION rgExtension; // OPTIONAL
		} CRYPT_TIMESTAMP_INFO, *PCRYPT_TIMESTAMP_INFO;

		//+-------------------------------------------------------------------------
		// CRYPT_TIMESTAMP_CONTEXT
		//
		//--------------------------------------------------------------------------
		typedef struct _CRYPT_TIMESTAMP_CONTEXT
		{
		DWORD cbEncoded;
		__field_bcount(cbEncoded)
		BYTE *pbEncoded;
		PCRYPT_TIMESTAMP_INFO pTimeStamp;
		} CRYPT_TIMESTAMP_CONTEXT, *PCRYPT_TIMESTAMP_CONTEXT;

		//+-------------------------------------------------------------------------
		// CRYPT_TIMESTAMP_PARA
		//
		// pszTSAPolicyId
		// [optional] Specifies the TSA policy under which the time stamp token
		// should be provided.
		//
		// Nonce
		// [optional] Specifies the nonce value used by the client to verify the
		// timeliness of the response when no local clock is available.
		//
		// fCertReq
		// Specifies whether the TSA must include in response the certificates
		// used to sign the time stamp token.
		//
		// rgExtension
		// [optional] Specifies Extensions to be included in request.

		//--------------------------------------------------------------------------
		typedef struct _CRYPT_TIMESTAMP_PARA
		{
		LPCSTR pszTSAPolicyId; // OPTIONAL
		BOOL fRequestCerts; // Default is TRUE
		CRYPT_INTEGER_BLOB Nonce; // OPTIONAL
		DWORD cExtension;
		__field_ecount(cExtension)
		PCERT_EXTENSION rgExtension; // OPTIONAL
		} CRYPT_TIMESTAMP_PARA, *PCRYPT_TIMESTAMP_PARA;

		//+-------------------------------------------------------------------------
		// CryptRetrieveTimeStamp
		//
		// wszUrl
		// [in] Specifies TSA where to send request to.
		//
		// dwRetrievalFlags
		// [in]
		// TIMESTAMP_VERIFY_CONTEXT_SIGNATURE
		// TIMESTAMP_NO_AUTH_RETRIEVAL
		// TIMESTAMP_DONT_HASH_DATA
		//
		// dwTimeout
		// [in] Specifies the maximum number of milliseconds to wait for retrieval.
		// If a value of zero is specified, this function does not time-out.
		//
		// pszHashId
		// [in] Specifies hash algorithm OID.
		//
		// pPara
		// [in, optional] Specifies additional request parameters.
		//
		// pbData
		// [in] Points to array of bytes to be timestamped.
		//
		// cbData
		// [in] Number of bytes in pbData.
		//
		// ppTsContext
		// [out] The caller must free ppTsContext with CryptMemFree.
		//
		// ppTsSigner
		// [out, optional] The address of a CERT_CONTEXT structure pointer that
		// receives the certificate of the signer.
		// When you have finished using this structure, free it by passing this
		// pointer to the CertFreeCertificateContext function.
		// This parameter can be NULL if the TSA signer's certificate is not needed.
		//
		// Remarks:
		//
		// The TIMESTAMP_VERIFY_CONTEXT_SIGNATURE flag can be only used,
		// if fRequestCerts value is TRUE.
		//
		//--------------------------------------------------------------------------
		BOOL
		WINAPI
		CryptRetrieveTimeStamp(
		__in LPCWSTR wszUrl,
		DWORD dwRetrievalFlags,
		DWORD dwTimeout,
		__in LPCSTR pszHashId,
		__in_opt const CRYPT_TIMESTAMP_PARA *pPara,
		__in_bcount(cbData)
		const BYTE *pbData,
		DWORD cbData,
		__deref_out PCRYPT_TIMESTAMP_CONTEXT *ppTsContext,
		__deref_out_opt PCCERT_CONTEXT *ppTsSigner,
		__out_opt HCERTSTORE *phStore
		);

		// Set this flag to inhibit hash calculation on pbData
		#define TIMESTAMP_DONT_HASH_DATA 0x00000001

		// Set this flag to enforce signature validation on retrieved time stamp.
		#define TIMESTAMP_VERIFY_CONTEXT_SIGNATURE 0x00000020 // CRYPT_VERIFY_CON
		TEXT_SIGNATURE

		// Set this flag to inhibit automatic authentication handling. See the
		// wininet flag, INTERNET_FLAG_NO_AUTH, for more details.
		#define TIMESTAMP_NO_AUTH_RETRIEVAL 0x00020000 // CRYPT_NO_AUTH_RE
		TRIEVAL

		//+-------------------------------------------------------------------------
		// CryptVerifyTimeStampSignature
		//
		// pbTSContentInfo
		// [in] Points to a buffer with timestamp content.
		// These bytes are the same as returned in response by CRYPT_TIMESTAMP_CONT
		EXT::pbEncoded
		//
		// cbTSContentInfo
		// [in] Number of bytes in pbTSContentInfo.
		//
		// pbData
		// [in] Points to array of bytes to be timestamped.
		//
		// cbData
		// [in] Number of bytes in pbData.
		//
		// hAdditionalStore
		// [in] Handle of any additional store to search for supporting
		// TSA's signing certificates and certificate trust lists (CTLs).
		// This parameter can be NULL if no additional store is to be searched.
		//
		// ppTsContext
		// [out] The caller must free ppTsContext with CryptMemFree
		//
		// ppTsSigner
		// [out, optional] The address of a CERT_CONTEXT structure pointer that
		// receives the certificate of the signer.
		// When you have finished using this structure, free it by passing this
		// pointer to the CertFreeCertificateContext function.
		// This parameter can be NULL if the TSA signer's certificate is not needed.
		//
		// NOTE:
		// The caller should validate pszTSAPolicyId, if any was specified in the req
		uest,
		// and ftTime.
		// The caller should also build a chain for ppTsSigner and validate the trust
		.
		//--------------------------------------------------------------------------
		__success(return == TRUE)
		BOOL
		WINAPI
		CryptVerifyTimeStampSignature (
		__in_bcount( cbTSContentInfo )
		const BYTE *pbTSContentInfo,
		DWORD cbTSContentInfo,
		__in_bcount_opt(cbData)
		const BYTE *pbData,
		DWORD cbData,
		__in_opt HCERTSTORE hAdditionalStore,
		__deref_out PCRYPT_TIMESTAMP_CONTEXT *ppTsContext,
		__deref_out_opt PCCERT_CONTEXT *ppTsSigner,
		__out_opt HCERTSTORE *phStore
		);

		#endif // (NTDDI_VERSION >= NTDDI_WIN7)

#endif //!defined(_DDK_DRIVER_)		#endif //!defined(_DDK_DRIVER_)

#ifdef __cplusplus		#ifdef __cplusplus
} // Balance extern "C" above		} // Balance extern "C" above
#endif		#endif

#if defined (_MSC_VER)		#if defined (_MSC_VER)
#if ( _MSC_VER >= 800 )		#if ( _MSC_VER >= 800 )

#if _MSC_VER >= 1200		#if _MSC_VER >= 1200

End of changes. 137 change blocks.
143 lines changed or deleted		836 lines changed or added

This html diff was produced by rfcdiff 1.41.