2 files changed, 5 insertions, 9 deletions

diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c
index dc2e7df8..b3acd80f 100755
--- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c
+++ b/Cryptlib/OpenSSL/crypto/x509/by_dir.c
@@ -92,10 +92,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 static int new_dir(X509_LOOKUP *lu);
 static void free_dir(X509_LOOKUP *lu);
 static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
-#ifndef OPENSSL_NO_STDIO
 static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
 	X509_OBJECT *ret);
-#endif
 X509_LOOKUP_METHOD x509_dir_lookup=
 	{
 	"Load certs from files in a directory",
@@ -104,11 +102,7 @@ X509_LOOKUP_METHOD x509_dir_lookup=
 	NULL, 			/* init */
 	NULL,			/* shutdown */
 	dir_ctrl,		/* ctrl */
-#ifdef OPENSSL_NO_STDIO
-	NULL,			/* get_by_subject */
-#else
 	get_cert_by_subject,	/* get_by_subject */
-#endif
 	NULL,			/* get_by_issuer_serial */
 	NULL,			/* get_by_fingerprint */
 	NULL,			/* get_by_alias */
@@ -248,7 +242,6 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 	return(1);
 	}
 
-#ifndef OPENSSL_NO_STDIO
 static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 	     X509_OBJECT *ret)
 	{
@@ -390,4 +383,3 @@ finish:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ok);
 	}
-#endif
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
index b87617ac..af12520f 100755
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
@@ -386,7 +386,11 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 
 static int check_chain_extensions(X509_STORE_CTX *ctx)
 {
-#ifdef OPENSSL_NO_CHAIN_VERIFY
+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)
+  /* 
+    NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting
+          in Authenticode Signing Certificates. 
+  */
 	return 1;
 #else
 	int i, ok=0, must_be_ca, plen = 0;