fix to free CRL reason extension

[JacobBarthelmeh]

Fix for oss-fuzz leak report https://oss-fuzz.com/testcase-detail/5890885517901824

[Copilot]

Pull request overview

Fixes a memory leak reported by OSS-Fuzz when parsing CRLs that contain per-revoked-entry reason extensions, and adds a regression test plus test fixtures to exercise the affected cleanup path.

Changes:

• Free revoked-entry extensions during FreeDecodedCRL() teardown under OPENSSL_EXTRA.
• Add an API test that loads a CRL containing a revoked-entry reason extension to validate cleanup.
• Add/generate and distribute a new CRL fixture (crl_reason.pem) used by the test.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
wolfcrypt/src/asn.c	Frees revoked certificate extensions during CRL decode cleanup to address a leak.
tests/api/test_certman.h	Registers a new CRL cleanup regression test in the certman test group.
tests/api/test_certman.c	Adds a regression test that loads a CRL with reason-code entry extensions.
certs/renewcerts.sh	Documents the newly added CRL fixture in the cert renewal script header comment.
certs/crl/include.am	Distributes the new CRL fixture as part of EXTRA_DIST.
certs/crl/gencrls.sh	Adds steps to generate the new “reason extension” CRL fixture.
certs/crl/crl_reason.pem	Adds the CRL fixture used by the new regression test.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[JacobBarthelmeh]

Retest this please Jenkins