Enforce basic sanity of SCT lists. According to the RFC[1], SCT lists may not be empty and nor may any SCT itself be empty. [1] https://tools.ietf.org/html/rfc6962#section-3.3 Change-Id: Ia1f855907588b36a4fea60872f87e25dc20782b4 Reviewed-on: https://boringssl-review.googlesource.com/12362 Reviewed-by: Adam Langley <agl@google.com>

commit: cfa08c3b7740275ef3994ff07a2c7f4639c88ccb [log] [tgz]
author: Adam Langley <alangley@gmail.com> Thu Nov 17 13:21:27 2016 -0800
committer: Adam Langley <agl@google.com> Fri Nov 18 19:19:48 2016 +0000
tree: f3d1b9ac22a86e3124af1ef63bc180525870d402
parent: b5172a722ccb62e5bdd893e9d4c6741b8425c942 [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index 7e505db..1d78ec1 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1073,6 +1073,10 @@
                                              uint8_t *out_alert, CBS *contents);
 int ssl_ext_pre_shared_key_add_serverhello(SSL *ssl, CBB *out);
 
+/* ssl_is_sct_list_valid does a shallow parse of the SCT list in |contents| and
+ * returns one iff it's valid. */
+int ssl_is_sct_list_valid(const CBS *contents);
+
 int ssl_write_client_hello(SSL *ssl);
 
 /* ssl_clear_tls13_state releases client state only needed for TLS 1.3. It
commit	cfa08c3b7740275ef3994ff07a2c7f4639c88ccb	[log] [tgz]
author	Adam Langley <alangley@gmail.com>	Thu Nov 17 13:21:27 2016 -0800
committer	Adam Langley <agl@google.com>	Fri Nov 18 19:19:48 2016 +0000
tree	f3d1b9ac22a86e3124af1ef63bc180525870d402
parent	b5172a722ccb62e5bdd893e9d4c6741b8425c942 [diff] [blame]