Use an actual SCT for fuzzing.

SSL_CTX_set_signed_cert_timestamp_list fails now if its input is not
well-formed.

Change-Id: I84a4034f66868da11f98bf33e5b7f5c9fc958933
Reviewed-on: https://boringssl-review.googlesource.com/14484
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

fuzz/server.cc

@@ -13,6 +13,7 @@
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
 #include <assert.h>
+#include <stdlib.h>
 
 #include <openssl/bio.h>
 #include <openssl/dh.h>
@@ -195,7 +196,7 @@ static const uint8_t kRSAPrivateKeyDER[] = {
 };
 
 static const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
-static const uint8_t kSCT[] = {0x05, 0x06, 0x07, 0x08};
+static const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
 
 static int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
                               const uint8_t *in, unsigned in_len, void *arg) {
@@ -235,8 +236,10 @@ struct GlobalState {
     SSL_CTX_use_certificate(ctx, cert);
     X509_free(cert);
 
-    SSL_CTX_set_ocsp_response(ctx, kOCSPResponse, sizeof(kOCSPResponse));
-    SSL_CTX_set_signed_cert_timestamp_list(ctx, kSCT, sizeof(kSCT));
+    if (!SSL_CTX_set_ocsp_response(ctx, kOCSPResponse, sizeof(kOCSPResponse)) ||
+        !SSL_CTX_set_signed_cert_timestamp_list(ctx, kSCT, sizeof(kSCT))) {
+      abort();
+    }
 
     SSL_CTX_set_alpn_select_cb(ctx, ALPNSelectCallback, nullptr);
     SSL_CTX_set_next_protos_advertised_cb(ctx, NPNAdvertiseCallback, nullptr);