From c715bb5ade6311260bbe11445b4d94a2272ffc7a Mon Sep 17 00:00:00 2001
From: Go Hosohara <go@wolfssl.com>
Date: Thu, 24 May 2018 18:14:47 +0900
Subject: [PATCH] X509_check_ca

---
 src/ssl.c   | 10 +++++++---
 tests/api.c | 15 +++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 448c4a8dc..167be0f5b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -21583,19 +21583,19 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     return ret;
 }
 
-#define RAND_ENTROPY_SZ (256/16)
 
 int wolfSSL_RAND_poll()
 {
     WOLFSSL_ENTER("wolfSSL_RAND_poll");
-    byte  entropy[RAND_ENTROPY_SZ];
+    byte  entropy[16];
     int  ret = 0;
+    const int entropy_sz = 16;
 
     if (initGlobalRNG == 0){
         WOLFSSL_MSG("Global RNG no Init");
         return  WOLFSSL_FAILURE;
     }
-    ret = wc_GenerateSeed(&globalRNG.seed, entropy, RAND_ENTROPY_SZ);
+    ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz);
     if (ret != 0){
         WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
         ret = WOLFSSL_FAILURE;
@@ -32628,8 +32628,12 @@ int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509)
 {
     WOLFSSL_ENTER("X509_check_ca");
 
+    if (x509 == NULL)
+        return WOLFSSL_FAILURE;
     if (x509->isCa)
         return 1;
+    if (x509->extKeyUsageCrit)
+        return 4;
 
     return 0;
 }
diff --git a/tests/api.c b/tests/api.c
index 44ed1c806..e4d0c9fc3 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -18581,6 +18581,20 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
 #endif
 }
 
+static void test_wolfSSL_X509_check_ca(void){
+#if defined(OPENSSL_EXTRA)
+    WOLFSSL_X509 *x509;
+
+    x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
+    AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
+    wolfSSL_X509_free(x509);
+
+    x509 = wolfSSL_X509_load_certificate_file(ntruCertFile, WOLFSSL_FILETYPE_PEM);
+    AssertIntEQ(wolfSSL_X509_check_ca(x509), 0);
+    wolfSSL_X509_free(x509);
+#endif
+}
+
 static void test_no_op_functions(void)
 {
     #if defined(OPENSSL_EXTRA)
@@ -19678,6 +19692,7 @@ void ApiTest(void)
     test_wolfSSL_ASN1_STRING_print_ex();
     test_wolfSSL_ASN1_TIME_to_generalizedtime();
     test_wolfSSL_i2c_ASN1_INTEGER();
+    test_wolfSSL_X509_check_ca();
 
     /* test the no op functions for compatibility */
     test_no_op_functions();