Index: dll/3rdparty/mbedtls/mbedtls.spec
===================================================================
--- dll/3rdparty/mbedtls/mbedtls.spec	(revision 70967)
+++ dll/3rdparty/mbedtls/mbedtls.spec	(working copy)
@@ -29,4 +29,19 @@
 @ cdecl mbedtls_cipher_info_from_type(long)
 @ cdecl mbedtls_md_info_from_type(long)
 @ cdecl mbedtls_pk_get_bitlen(ptr)
-@ cdecl mbedtls_ctr_drbg_seed(ptr ptr ptr str long)
\ No newline at end of file
+@ cdecl mbedtls_ctr_drbg_seed(ptr ptr ptr str long)
+@ cdecl mbedtls_sha1_init(ptr)
+@ cdecl mbedtls_sha1_starts(ptr)
+@ cdecl mbedtls_sha1_update(ptr ptr long)
+@ cdecl mbedtls_sha1_finish(ptr ptr)
+@ cdecl mbedtls_sha1_free(ptr)
+@ cdecl mbedtls_sha256_init(ptr)
+@ cdecl mbedtls_sha256_starts(ptr long)
+@ cdecl mbedtls_sha256_update(ptr ptr long)
+@ cdecl mbedtls_sha256_finish(ptr ptr)
+@ cdecl mbedtls_sha256_free(ptr)
+@ cdecl mbedtls_sha512_init(ptr)
+@ cdecl mbedtls_sha512_starts(ptr long)
+@ cdecl mbedtls_sha512_update(ptr ptr long)
+@ cdecl mbedtls_sha512_finish(ptr ptr)
+@ cdecl mbedtls_sha512_free(ptr)
\ No newline at end of file
Index: dll/win32/bcrypt/bcrypt_main.c
===================================================================
--- dll/win32/bcrypt/bcrypt_main.c	(revision 70967)
+++ dll/win32/bcrypt/bcrypt_main.c	(working copy)
@@ -18,6 +18,7 @@
  */
 
 #include <wine/config.h>
+#include <wine/port.h>
 
 #include <ntstatus.h>
 #define WIN32_NO_STATUS
@@ -28,6 +29,12 @@
 
 #include <wine/debug.h>
 #include <wine/unicode.h>
+#include <wine/library.h>
+#ifdef SONAME_LIBMBEDTLS
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
+#endif
 
 WINE_DEFAULT_DEBUG_CHANNEL(bcrypt);
 
@@ -106,8 +113,92 @@
     wine_dlclose( libgnutls_handle, NULL, 0 );
     libgnutls_handle = NULL;
 }
-#endif /* HAVE_GNUTLS_HASH && !HAVE_COMMONCRYPTO_COMMONDIGEST_H */
+#elif defined(SONAME_LIBMBEDTLS) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H) && !defined(__REACTOS__)
+WINE_DECLARE_DEBUG_CHANNEL(winediag);
 
+void *libmbedtls_handle;
+
+#define MAKE_FUNCPTR(f) static typeof(f) * p##f
+MAKE_FUNCPTR(mbedtls_sha1_init);
+MAKE_FUNCPTR(mbedtls_sha1_starts);
+MAKE_FUNCPTR(mbedtls_sha1_update);
+MAKE_FUNCPTR(mbedtls_sha1_finish);
+MAKE_FUNCPTR(mbedtls_sha1_free);
+MAKE_FUNCPTR(mbedtls_sha256_init);
+MAKE_FUNCPTR(mbedtls_sha256_starts);
+MAKE_FUNCPTR(mbedtls_sha256_update);
+MAKE_FUNCPTR(mbedtls_sha256_finish);
+MAKE_FUNCPTR(mbedtls_sha256_free);
+MAKE_FUNCPTR(mbedtls_sha512_init);
+MAKE_FUNCPTR(mbedtls_sha512_starts);
+MAKE_FUNCPTR(mbedtls_sha512_update);
+MAKE_FUNCPTR(mbedtls_sha512_finish);
+MAKE_FUNCPTR(mbedtls_sha512_free);
+#undef MAKE_FUNCPTR
+
+#define mbedtls_sha1_init           pmbedtls_sha1_init
+#define mbedtls_sha1_starts         pmbedtls_sha1_starts
+#define mbedtls_sha1_update         pmbedtls_sha1_update
+#define mbedtls_sha1_finish         pmbedtls_sha1_finish
+#define mbedtls_sha1_free           pmbedtls_sha1_free
+#define mbedtls_sha256_init         pmbedtls_sha256_init
+#define mbedtls_sha256_starts       pmbedtls_sha256_starts
+#define mbedtls_sha256_update       pmbedtls_sha256_update
+#define mbedtls_sha256_finish       pmbedtls_sha256_finish
+#define mbedtls_sha256_free         pmbedtls_sha256_free
+#define mbedtls_sha512_init         pmbedtls_sha512_init
+#define mbedtls_sha512_starts       pmbedtls_sha512_starts
+#define mbedtls_sha512_update       pmbedtls_sha512_update
+#define mbedtls_sha512_finish       pmbedtls_sha512_finish
+#define mbedtls_sha512_free         pmbedtls_sha512_free
+
+static BOOL mbedtls_initialize(void)
+{
+    if (!(libmbedtls_handle = wine_dlopen( SONAME_LIBMBEDTLS, RTLD_NOW, NULL, 0 )))
+    {
+        ERR_(winediag)( "failed to load libmbedtls, no support for crypto hashes\n" );
+        return FALSE;
+    }
+
+#define LOAD_FUNCPTR(f) \
+    if (!(p##f = wine_dlsym( libmbedtls_handle, #f, NULL, 0 ))) \
+    { \
+        ERR( "failed to load %s\n", #f ); \
+        goto fail; \
+    }
+
+    LOAD_FUNCPTR(mbedtls_sha1_init)
+    LOAD_FUNCPTR(mbedtls_sha1_starts)
+    LOAD_FUNCPTR(mbedtls_sha1_update)
+    LOAD_FUNCPTR(mbedtls_sha1_finish)
+    LOAD_FUNCPTR(mbedtls_sha1_free);
+    LOAD_FUNCPTR(mbedtls_sha256_init)
+    LOAD_FUNCPTR(mbedtls_sha256_starts)
+    LOAD_FUNCPTR(mbedtls_sha256_update)
+    LOAD_FUNCPTR(mbedtls_sha256_finish)
+    LOAD_FUNCPTR(mbedtls_sha256_free);
+    LOAD_FUNCPTR(mbedtls_sha512_init)
+    LOAD_FUNCPTR(mbedtls_sha512_starts)
+    LOAD_FUNCPTR(mbedtls_sha512_update)
+    LOAD_FUNCPTR(mbedtls_sha512_finish)
+    LOAD_FUNCPTR(mbedtls_sha512_free);
+#undef LOAD_FUNCPTR
+
+    return TRUE;
+
+fail:
+    wine_dlclose( libmbedtls_handle, NULL, 0 );
+    libmbedtls_handle = NULL;
+    return FALSE;
+}
+
+static void mbedtls_uninitialize(void)
+{
+    wine_dlclose( libmbedtls_handle, NULL, 0 );
+    libmbedtls_handle = NULL;
+}
+#endif /* SONAME_LIBMBEDTLS && !HAVE_COMMONCRYPTO_COMMONDIGEST_H && !__REACTOS__ */
+
 NTSTATUS WINAPI BCryptEnumAlgorithms(ULONG dwAlgOperations, ULONG *pAlgCount,
                                      BCRYPT_ALGORITHM_IDENTIFIER **ppAlgList, ULONG dwFlags)
 {
@@ -390,6 +481,108 @@
     pgnutls_hash_deinit( hash->handle, output );
     return STATUS_SUCCESS;
 }
+#elif defined(SONAME_LIBMBEDTLS)
+struct hash
+{
+    struct object    hdr;
+    enum alg_id      alg_id;
+    union
+    {
+        mbedtls_sha1_context   sha1_ctx;
+        mbedtls_sha256_context sha256_ctx;
+        mbedtls_sha512_context sha512_ctx;
+    } u;
+};
+
+static NTSTATUS hash_init( struct hash *hash )
+{
+#ifndef __REACTOS__
+    if (!libmbedtls_handle) return STATUS_INTERNAL_ERROR;
+#endif
+    switch (hash->alg_id)
+    {
+    case ALG_ID_SHA1:
+        mbedtls_sha1_init(&hash->u.sha1_ctx);
+        mbedtls_sha1_starts(&hash->u.sha1_ctx);
+        break;
+
+    case ALG_ID_SHA256:
+        mbedtls_sha256_init(&hash->u.sha256_ctx);
+        mbedtls_sha256_starts(&hash->u.sha256_ctx, FALSE);
+        break;
+
+    case ALG_ID_SHA384:
+    case ALG_ID_SHA512:
+        mbedtls_sha512_init(&hash->u.sha512_ctx);
+        mbedtls_sha512_starts(&hash->u.sha512_ctx, hash->alg_id==ALG_ID_SHA384);
+        break;
+
+    default:
+        ERR( "unhandled id %u\n", hash->alg_id );
+        return STATUS_NOT_IMPLEMENTED;
+    }
+
+    return STATUS_SUCCESS;
+}
+
+static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+{
+#ifndef __REACTOS__
+    if (!libmbedtls_handle) return STATUS_INTERNAL_ERROR;
+#endif
+    switch (hash->alg_id)
+    {
+    case ALG_ID_SHA1:
+        mbedtls_sha1_update(&hash->u.sha1_ctx, input, size);
+        break;
+
+    case ALG_ID_SHA256:
+        mbedtls_sha256_update(&hash->u.sha256_ctx, input, size);
+        break;
+
+    case ALG_ID_SHA384:
+    case ALG_ID_SHA512:
+        mbedtls_sha512_update(&hash->u.sha512_ctx, input, size);
+        break;
+
+    default:
+        ERR( "unhandled id %u\n", hash->alg_id );
+        return STATUS_NOT_IMPLEMENTED;
+    }
+
+    return STATUS_SUCCESS;
+}
+
+static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
+{
+#ifndef __REACTOS__
+    if (!libmbedtls_handle) return STATUS_INTERNAL_ERROR;
+#endif
+    switch (hash->alg_id)
+    {
+    case ALG_ID_SHA1:
+        mbedtls_sha1_finish(&hash->u.sha1_ctx, output);
+        mbedtls_sha1_free(&hash->u.sha1_ctx);
+        break;
+
+    case ALG_ID_SHA256:
+        mbedtls_sha256_finish(&hash->u.sha256_ctx, output);
+        mbedtls_sha256_free(&hash->u.sha256_ctx);
+        break;
+
+    case ALG_ID_SHA384:
+    case ALG_ID_SHA512:
+        mbedtls_sha512_finish(&hash->u.sha512_ctx, output);
+        mbedtls_sha512_free(&hash->u.sha512_ctx);
+        break;
+
+    default:
+        ERR( "unhandled id %u\n", hash->alg_id );
+        return STATUS_NOT_IMPLEMENTED;
+    }
+
+    return STATUS_SUCCESS;
+}
 #else
 struct hash
 {
@@ -621,6 +814,8 @@
         DisableThreadLibraryCalls( hinst );
 #if defined(HAVE_GNUTLS_HASH) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
         gnutls_initialize();
+#elif defined(SONAME_LIBMBEDTLS) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H) && !defined(__REACTOS__)
+        mbedtls_initialize();
 #endif
         break;
 
@@ -628,6 +823,8 @@
         if (reserved) break;
 #if defined(HAVE_GNUTLS_HASH) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
         gnutls_uninitialize();
+#elif defined(SONAME_LIBMBEDTLS) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H) && !defined(__REACTOS__)
+        mbedtls_uninitialize();
 #endif
         break;
     }
Index: dll/win32/bcrypt/CMakeLists.txt
===================================================================
--- dll/win32/bcrypt/CMakeLists.txt	(revision 70967)
+++ dll/win32/bcrypt/CMakeLists.txt	(working copy)
@@ -1,6 +1,8 @@
 
 add_definitions(-D__WINESRC__)
-include_directories(${REACTOS_SOURCE_DIR}/include/reactos/wine)
+include_directories(
+    ${REACTOS_SOURCE_DIR}/include/reactos/wine
+    ${REACTOS_SOURCE_DIR}/include/reactos/libs/mbedtls)
 spec2def(bcrypt.dll bcrypt.spec ADD_IMPORTLIB)
 
 list(APPEND SOURCE
@@ -12,5 +14,5 @@
 add_library(bcrypt SHARED ${SOURCE})
 set_module_type(bcrypt win32dll)
 target_link_libraries(bcrypt wine)
-add_importlibs(bcrypt advapi32 msvcrt kernel32 ntdll)
+add_importlibs(bcrypt mbedtls advapi32 msvcrt kernel32 ntdll)
 add_cd_file(TARGET bcrypt DESTINATION reactos/system32 FOR all)
Index: include/reactos/wine/config.h
===================================================================
--- include/reactos/wine/config.h	(revision 70967)
+++ include/reactos/wine/config.h	(working copy)
@@ -1242,7 +1242,7 @@
 #define SONAME_LIBJPEG "libjpeg"
 
 /* Define to the soname of the libmbedtls library. */
-#define SONAME_LIBMBEDTLS L"mbedtls"
+#define SONAME_LIBMBEDTLS "mbedtls"
 
 /* Define to the soname of the libncurses library. */
 /* #undef SONAME_LIBNCURSES */