+Index: crypto/bio/bss_file.c\r
+===================================================================\r
+--- crypto/bio/bss_file.c (revision 1)\r
++++ crypto/bio/bss_file.c (working copy)\r
+@@ -428,6 +428,23 @@\r
+ return(ret);\r
+ }\r
+ \r
++#else\r
++\r
++BIO_METHOD *BIO_s_file(void)\r
++ {\r
++ return NULL;\r
++ }\r
++\r
++BIO *BIO_new_file(const char *filename, const char *mode)\r
++ {\r
++ return NULL;\r
++ }\r
++\r
++BIO *BIO_new_fp(FILE *stream, int close_flag)\r
++ {\r
++ return NULL;\r
++ }\r
++\r
+ #endif /* OPENSSL_NO_STDIO */\r
+ \r
+ #endif /* HEADER_BSS_FILE_C */\r
+Index: crypto/err/err.c\r
+===================================================================\r
+--- crypto/err/err.c (revision 1)\r
++++ crypto/err/err.c (working copy)\r
+@@ -313,7 +313,12 @@\r
+ es->err_data_flags[i]=flags;\r
+ }\r
+ \r
++/* Add EFIAPI for UEFI version. */\r
++#if defined(OPENSSL_SYS_UEFI)\r
++void EFIAPI ERR_add_error_data(int num, ...)\r
++#else\r
+ void ERR_add_error_data(int num, ...)\r
++#endif\r
+ {\r
+ va_list args;\r
+ int i,n,s;\r
+Index: crypto/err/err.h\r
+===================================================================\r
+--- crypto/err/err.h (revision 1)\r
++++ crypto/err/err.h (working copy)\r
+@@ -286,8 +286,14 @@\r
+ #endif\r
+ #ifndef OPENSSL_NO_BIO\r
+ void ERR_print_errors(BIO *bp);\r
++\r
++/* Add EFIAPI for UEFI version. */\r
++#if defined(OPENSSL_SYS_UEFI)\r
++void EFIAPI ERR_add_error_data(int num, ...);\r
++#else\r
+ void ERR_add_error_data(int num, ...);\r
+ #endif\r
++#endif\r
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);\r
+ void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);\r
+ void ERR_load_ERR_strings(void);\r
+Index: crypto/opensslconf.h\r
+===================================================================\r
+--- crypto/opensslconf.h (revision 1)\r
++++ crypto/opensslconf.h (working copy)\r
+@@ -162,6 +162,9 @@\r
+ /* The prime number generation stuff may not work when\r
+ * EIGHT_BIT but I don't care since I've only used this mode\r
+ * for debuging the bignum libraries */\r
++\r
++/* Bypass following definition for UEFI version. */\r
++#if !defined(OPENSSL_SYS_UEFI)\r
+ #undef SIXTY_FOUR_BIT_LONG\r
+ #undef SIXTY_FOUR_BIT\r
+ #define THIRTY_TWO_BIT\r
+@@ -169,6 +172,8 @@\r
+ #undef EIGHT_BIT\r
+ #endif\r
+ \r
++#endif\r
++\r
+ #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)\r
+ #define CONFIG_HEADER_RC4_LOCL_H\r
+ /* if this is defined data[i] is used instead of *data, this is a %20\r
+Index: crypto/pkcs7/pk7_smime.c\r
+===================================================================\r
+--- crypto/pkcs7/pk7_smime.c (revision 1)\r
++++ crypto/pkcs7/pk7_smime.c (working copy)\r
+@@ -88,7 +88,10 @@\r
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))\r
+ goto err;\r
+ \r
+- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {\r
++ /* \r
++ NOTE: Update to SHA-256 digest algorithm for UEFI version.\r
++ */\r
++ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {\r
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);\r
+ goto err;\r
+ }\r
+Index: crypto/rand/rand_egd.c\r
+===================================================================\r
+--- crypto/rand/rand_egd.c (revision 1)\r
++++ crypto/rand/rand_egd.c (working copy)\r
+@@ -95,7 +95,7 @@\r
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.\r
+ */\r
+ \r
+-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)\r
++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)\r
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)\r
+ {\r
+ return(-1);\r
+Index: crypto/rand/rand_unix.c\r
+===================================================================\r
+--- crypto/rand/rand_unix.c (revision 1)\r
++++ crypto/rand/rand_unix.c (working copy)\r
+@@ -116,7 +116,7 @@\r
+ #include <openssl/rand.h>\r
+ #include "rand_lcl.h"\r
+ \r
+-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))\r
++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))\r
+ \r
+ #include <sys/types.h>\r
+ #include <sys/time.h>\r
+@@ -322,7 +322,7 @@\r
+ #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */\r
+ \r
+ \r
+-#if defined(OPENSSL_SYS_VXWORKS)\r
++#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)\r
+ int RAND_poll(void)\r
+ {\r
+ return 0;\r
+Index: crypto/x509/x509_vfy.c\r
+===================================================================\r
+--- crypto/x509/x509_vfy.c (revision 1)\r
++++ crypto/x509/x509_vfy.c (working copy)\r
+@@ -386,7 +386,11 @@\r
+ \r
+ static int check_chain_extensions(X509_STORE_CTX *ctx)\r
+ {\r
+-#ifdef OPENSSL_NO_CHAIN_VERIFY\r
++#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)\r
++ /* \r
++ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r
++ in Authenticode Signing Certificates. \r
++ */\r
+ return 1;\r
+ #else\r
+ int i, ok=0, must_be_ca, plen = 0;\r
+@@ -899,6 +903,10 @@\r
+ \r
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
+ {\r
++#if defined(OPENSSL_SYS_UEFI)\r
++ /* Bypass Certificate Time Checking for UEFI version. */\r
++ return 1;\r
++#else\r
+ time_t *ptime;\r
+ int i;\r
+ \r
+@@ -942,6 +950,7 @@\r
+ }\r
+ \r
+ return 1;\r
++#endif \r
+ }\r
+ \r
+ static int internal_verify(X509_STORE_CTX *ctx)\r