diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index 787df093c..6956c1d35 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -306,6 +306,7 @@ MAXQ_EXPORT_TLS_KEYS
 MAXQ_SHA1
 MAXSEG_64K
 MAX_WOLFSSL_FILE_SIZE
+MAX_OID_SZ
 MDK_CONF_BARE_METAL
 MDK_CONF_FS
 MDK_CONF_RTX_TCP_FS
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index cb20eb5ea..2a3f387f7 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6852,6 +6852,12 @@ word32 wc_oid_sum(const byte* input, int length)
     int shift = 0;
 #endif
 
+    /* Check for valid input. */
+    if (input == NULL || length > MAX_OID_SZ) {
+        WOLFSSL_MSG("wc_oid_sum: invalid args");
+        return 0;
+    }
+
     /* Sum it up for now. */
     for (i = 0; i < length; i++) {
     #ifdef WOLFSSL_OLD_OID_SUM
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index fc484dff8..b197bab81 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1145,10 +1145,12 @@ enum Misc_ASN {
     #endif
                           /* Max total extensions, id + len + others */
 #endif
+#ifndef MAX_OID_SZ
+    MAX_OID_SZ          = 32,      /* Max DER length of OID*/
+#endif
 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
         defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) || \
         defined(HAVE_OID_DECODING) || defined(HAVE_OID_ENCODING)
-    MAX_OID_SZ          = 32,      /* Max DER length of OID*/
     MAX_OID_STRING_SZ   = 64,      /* Max string length representation of OID*/
 #endif
 #ifdef WOLFSSL_CERT_EXT