check length in wc_oid_sum()

add MAX_OID_SZ to known macro extras

Author: rlm2002

.wolfssl_known_macro_extras

@@ -306,6 +306,7 @@ MAXQ_EXPORT_TLS_KEYS
 MAXQ_SHA1
 MAXSEG_64K
 MAX_WOLFSSL_FILE_SIZE
+MAX_OID_SZ
 MDK_CONF_BARE_METAL
 MDK_CONF_FS
 MDK_CONF_RTX_TCP_FS

wolfcrypt/src/asn.c

@@ -6852,6 +6852,12 @@ word32 wc_oid_sum(const byte* input, int length)
     int shift = 0;
 #endif
 
+    /* Check for valid input. */
+    if (input == NULL || length > MAX_OID_SZ) {
+        WOLFSSL_MSG("wc_oid_sum: invalid args");
+        return 0;
+    }
+
     /* Sum it up for now. */
     for (i = 0; i < length; i++) {
     #ifdef WOLFSSL_OLD_OID_SUM

wolfssl/wolfcrypt/asn.h

@@ -1145,10 +1145,12 @@ enum Misc_ASN {
     #endif
                           /* Max total extensions, id + len + others */
 #endif
+#ifndef MAX_OID_SZ
+    MAX_OID_SZ          = 32,      /* Max DER length of OID*/
+#endif
 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
         defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) || \
         defined(HAVE_OID_DECODING) || defined(HAVE_OID_ENCODING)
-    MAX_OID_SZ          = 32,      /* Max DER length of OID*/
     MAX_OID_STRING_SZ   = 64,      /* Max string length representation of OID*/
 #endif
 #ifdef WOLFSSL_CERT_EXT