diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index bc71307f5..0ccc34fdf 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -50,26 +50,41 @@
 
 #include <windows.h>
 #if _WIN32_WINNT >= 0x0501 /* _WIN32_WINNT_WINXP */
-#include <wincrypt.h>
+#include <bcrypt.h>
+#if _MSC_VER <= 1600
+/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and <intsafe.h> are included, as they
+ * redefine a number of <TYPE>_MAX constants. These constants are guaranteed to be the same, though, so
+ * we suppress the warning when including intsafe.h.
+ */
+#pragma warning( push )
+#pragma warning( disable : 4005 )
+#endif
+#include <intsafe.h>
+#if _MSC_VER <= 1600
+#pragma warning( pop )
+#endif
 
 int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len,
                                   size_t *olen)
 {
-    HCRYPTPROV provider;
+    ULONG len_as_ulong = 0;
     ((void) data);
     *olen = 0;
 
-    if (CryptAcquireContext(&provider, NULL, NULL,
-                            PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    /*
+     * BCryptGenRandom takes ULONG for size, which is smaller than size_t on 64-bit platforms.
+     * Ensure len's value can be safely converted into a ULONG.
+     */
+    if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) )
+    {
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
     }
 
-    if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
-        CryptReleaseContext(provider, 0);
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) )
+    {
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
     }
 
-    CryptReleaseContext(provider, 0);
     *olen = len;
 
     return 0;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 8d07694a2..136f60b4a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -61,6 +61,18 @@
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 #define WIN32_LEAN_AND_MEAN
 #include <windows.h>
+#if _MSC_VER <= 1600
+/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and <intsafe.h> are included, as they
+ * redefine a number of <TYPE>_MAX constants. These constants are guaranteed to be the same, though, so
+ * we suppress the warning when including intsafe.h.
+ */
+#pragma warning( push )
+#pragma warning( disable : 4005 )
+#endif
+#include <intsafe.h>
+#if _MSC_VER <= 1600
+#pragma warning( pop )
+#endif
 #else
 #include <time.h>
 #endif
@@ -1541,6 +1553,7 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
     char filename[MAX_PATH];
     char *p;
     size_t len = strlen(path);
+    int lengthAsInt = 0;
 
     WIN32_FIND_DATAW file_data;
     HANDLE hFind;
@@ -1556,6 +1569,9 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
     p = filename + len;
     filename[len++] = '*';
 
+    if (FAILED (SizeTToInt(len, &lengthAsInt)))
+        return(MBEDTLS_ERR_X509_FILE_IO_ERROR);
+
     w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
                                 MAX_PATH - 3);
     if (w_ret == 0) {
@@ -1579,6 +1595,9 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
                                     -1,
                                     p, (int) len,
                                     NULL, NULL);
+        if (FAILED(SizeTToInt(wcslen(file_data.cFileName), &lengthAsInt)))
+            return(MBEDTLS_ERR_X509_FILE_IO_ERROR);
+
         if (w_ret == 0) {
             ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
             goto cleanup;
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 3ad56436e..81f4311c5 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -1,3 +1,7 @@
+if(MSVC)
+    set(libs ${libs} bcrypt)
+endif()
+
 set(executables_mbedtls
     dh_client
     dh_server
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index e5edf7b58..e78ce06b5 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -1,3 +1,7 @@
+if(MSVC)
+    set(libs ${libs} bcrypt)
+endif()
+
 set(executables
     gen_entropy
     gen_random_ctr_drbg
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 280bbcf3d..9871952f2 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -5,6 +5,10 @@ set(libs
     ${mbedtls_target}
 )
 
+if(MSVC)
+    set(libs ${libs} bcrypt)
+endif()
+
 set(executables
     dtls_client
     dtls_server
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index a75f8d923..1853d7ff8 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -2,6 +2,10 @@ set(libs
     ${mbedtls_target}
 )
 
+if(MSVC)
+    set(libs ${libs} bcrypt)
+endif()
+
 set(executables_libs
     query_included_headers
     selftest
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index 5876b8d21..30d272da9 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -1,6 +1,9 @@
 set(libs
     ${mbedx509_target}
 )
+if(MSVC)
+    set(libs ${libs} bcrypt)
+endif()
 
 set(executables
     cert_app
diff --git a/scripts/data_files/vs2013-app-template.vcxproj b/scripts/data_files/vs2013-app-template.vcxproj
index 039fd09a2..f6d4d4af3 100644
--- a/scripts/data_files/vs2013-app-template.vcxproj
+++ b/scripts/data_files/vs2013-app-template.vcxproj
@@ -99,7 +99,7 @@ INCLUDE_DIRECTORIES
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>bcrypt.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
     </Link>
     <ProjectReference>
@@ -118,7 +118,7 @@ INCLUDE_DIRECTORIES
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>bcrypt.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
     </Link>
     <ProjectReference>
@@ -142,7 +142,7 @@ INCLUDE_DIRECTORIES
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
-      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>bcrypt.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/scripts/data_files/vs2013-main-template.vcxproj b/scripts/data_files/vs2013-main-template.vcxproj
index c0f3a3c1f..6f1b5dadb 100644
--- a/scripts/data_files/vs2013-main-template.vcxproj
+++ b/scripts/data_files/vs2013-main-template.vcxproj
@@ -91,6 +91,9 @@ INCLUDE_DIRECTORIES
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalDependencies>bcrypt.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -106,6 +109,9 @@ INCLUDE_DIRECTORIES
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ShowProgress>NotSet</ShowProgress>
+      <AdditionalDependencies>bcrypt.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -124,6 +130,8 @@ INCLUDE_DIRECTORIES
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+      <AdditionalDependencies>bcrypt.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">