diff --git a/patches/crypt32-ECDSA_Cert_Chains/0005-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch b/patches/crypt32-ECDSA_Cert_Chains/0005-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch
index 99d44b9b..7a0d1b1b 100644
--- a/patches/crypt32-ECDSA_Cert_Chains/0005-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch
+++ b/patches/crypt32-ECDSA_Cert_Chains/0005-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch
@@ -1,15 +1,15 @@
-From 13ffc8c6432546a32aa4c2af5cd4c3fa1337947e Mon Sep 17 00:00:00 2001
+From 09e86a5b33ead90b064eeb1d728f567283dfa389 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 29 Sep 2017 20:31:00 +0200
 Subject: bcrypt: Implement BCryptVerifySignature for ecdsa signatures.
 
 ---
- dlls/bcrypt/bcrypt_main.c  | 281 ++++++++++++++++++++++++++++++++++++++++++++-
+ dlls/bcrypt/bcrypt_main.c  | 326 ++++++++++++++++++++++++++++++++++++++++++++-
  dlls/bcrypt/tests/bcrypt.c |   4 +-
- 2 files changed, 281 insertions(+), 4 deletions(-)
+ 2 files changed, 326 insertions(+), 4 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index f822a7aadf3..866364f237e 100644
+index f822a7aadf3..881f6f7eb0c 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -27,6 +27,7 @@
@@ -20,31 +20,106 @@ index f822a7aadf3..866364f237e 100644
  #endif
  
  #include "ntstatus.h"
-@@ -64,6 +65,11 @@ MAKE_FUNCPTR(gnutls_global_init);
+@@ -49,9 +50,26 @@ static HINSTANCE instance;
+ #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
+ WINE_DECLARE_DEBUG_CHANNEL(winediag);
+ 
++#if GNUTLS_VERSION_MAJOR < 3
++typedef enum
++{
++    GNUTLS_ECC_CURVE_INVALID = 0,
++    GNUTLS_ECC_CURVE_SECP224R1,
++    GNUTLS_ECC_CURVE_SECP256R1,
++    GNUTLS_ECC_CURVE_SECP384R1,
++    GNUTLS_ECC_CURVE_SECP521R1,
++} gnutls_ecc_curve_t;
++#endif
++
+ /* Not present in gnutls version < 3.0 */
+ static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void *tag, size_t tag_size);
+ static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size);
++static int (*pgnutls_pubkey_import_ecc_raw)(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
++                                            const gnutls_datum_t *x, const gnutls_datum_t *y);
++static gnutls_sign_algorithm_t (*pgnutls_pk_to_sign)(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash);
++static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo,
++                                          unsigned int flags, const gnutls_datum_t *hash,
++                                          const gnutls_datum_t *signature);
+ 
+ static void *libgnutls_handle;
+ #define MAKE_FUNCPTR(f) static typeof(f) * p##f
+@@ -64,12 +82,15 @@ MAKE_FUNCPTR(gnutls_global_init);
  MAKE_FUNCPTR(gnutls_global_set_log_function);
  MAKE_FUNCPTR(gnutls_global_set_log_level);
  MAKE_FUNCPTR(gnutls_perror);
 +MAKE_FUNCPTR(gnutls_pubkey_init);
 +MAKE_FUNCPTR(gnutls_pubkey_deinit);
-+MAKE_FUNCPTR(gnutls_pubkey_import_ecc_raw);
-+MAKE_FUNCPTR(gnutls_pk_to_sign);
-+MAKE_FUNCPTR(gnutls_pubkey_verify_hash2);
  #undef MAKE_FUNCPTR
  
  #if GNUTLS_VERSION_MAJOR < 3
-@@ -113,6 +119,11 @@ static BOOL gnutls_initialize(void)
+ #define GNUTLS_CIPHER_AES_192_CBC 92
+ #define GNUTLS_CIPHER_AES_128_GCM 93
+ #define GNUTLS_CIPHER_AES_256_GCM 94
++#define GNUTLS_PK_ECC 4
+ #endif
+ 
+ static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+@@ -82,6 +103,24 @@ static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *
+     return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ }
+ 
++static int compat_gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
++                                               const gnutls_datum_t *x, const gnutls_datum_t *y)
++{
++    return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
++}
++
++static gnutls_sign_algorithm_t compat_gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
++{
++    return GNUTLS_SIGN_UNKNOWN;
++}
++
++static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo,
++                                             unsigned int flags, const gnutls_datum_t *hash,
++                                             const gnutls_datum_t *signature)
++{
++    return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
++}
++
+ static void gnutls_log( int level, const char *msg )
+ {
+     TRACE( "<%d> %s", level, msg );
+@@ -113,6 +152,8 @@ static BOOL gnutls_initialize(void)
      LOAD_FUNCPTR(gnutls_global_set_log_function)
      LOAD_FUNCPTR(gnutls_global_set_log_level)
      LOAD_FUNCPTR(gnutls_perror)
 +    LOAD_FUNCPTR(gnutls_pubkey_init);
 +    LOAD_FUNCPTR(gnutls_pubkey_deinit);
-+    LOAD_FUNCPTR(gnutls_pubkey_import_ecc_raw);
-+    LOAD_FUNCPTR(gnutls_pk_to_sign);
-+    LOAD_FUNCPTR(gnutls_pubkey_verify_hash2);
  #undef LOAD_FUNCPTR
  
      if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 )))
-@@ -1124,6 +1135,264 @@ static NTSTATUS key_symmetric_get_secret( struct key *key, UCHAR **secret, ULONG
+@@ -125,6 +166,21 @@ static BOOL gnutls_initialize(void)
+         WARN("gnutls_cipher_add_auth not found\n");
+         pgnutls_cipher_add_auth = compat_gnutls_cipher_add_auth;
+     }
++    if (!(pgnutls_pubkey_import_ecc_raw = wine_dlsym( libgnutls_handle, "gnutls_pubkey_import_ecc_raw", NULL, 0 )))
++    {
++        WARN("gnutls_pubkey_import_ecc_raw not found\n");
++        pgnutls_pubkey_import_ecc_raw = compat_gnutls_pubkey_import_ecc_raw;
++    }
++    if (!(pgnutls_pk_to_sign = wine_dlsym( libgnutls_handle, "gnutls_pk_to_sign", NULL, 0 )))
++    {
++        WARN("gnutls_pk_to_sign not found\n");
++        pgnutls_pk_to_sign = compat_gnutls_pk_to_sign;
++    }
++    if (!(pgnutls_pubkey_verify_hash2 = wine_dlsym( libgnutls_handle, "gnutls_pubkey_verify_hash2", NULL, 0 )))
++    {
++        WARN("gnutls_pubkey_verify_hash2 not found\n");
++        pgnutls_pubkey_verify_hash2 = compat_gnutls_pubkey_verify_hash2;
++    }
+ 
+     if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
+     {
+@@ -1124,6 +1180,264 @@ static NTSTATUS key_symmetric_get_secret( struct key *key, UCHAR **secret, ULONG
      return STATUS_SUCCESS;
  }
  
@@ -274,7 +349,7 @@ index f822a7aadf3..866364f237e 100644
 +    {
 +        case ALG_ID_ECDSA_P256:
 +        case ALG_ID_ECDSA_P384:
-+            pk_algo = GNUTLS_PK_ECDSA;
++            pk_algo = GNUTLS_PK_ECC;
 +            break;
 +
 +        default:
@@ -309,7 +384,7 @@ index f822a7aadf3..866364f237e 100644
  static NTSTATUS key_destroy( struct key *key )
  {
      if (key_is_symmetric(key))
-@@ -1230,6 +1499,13 @@ static NTSTATUS key_symmetric_get_secret( struct key *key, UCHAR **secret, ULONG
+@@ -1230,6 +1544,13 @@ static NTSTATUS key_symmetric_get_secret( struct key *key, UCHAR **secret, ULONG
      return STATUS_NOT_IMPLEMENTED;
  }
  
@@ -323,7 +398,7 @@ index f822a7aadf3..866364f237e 100644
  static NTSTATUS key_destroy( struct key *key )
  {
      ERR( "support for keys not available at build time\n" );
-@@ -1463,13 +1739,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
+@@ -1463,13 +1784,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
  {
      struct key *key = handle;