From 8d7885abc1e65307794225b1b1af7b8d9ccc7101 Mon Sep 17 00:00:00 2001
From: Matt Morehouse <mattmorehouse@gmail.com>
Date: Tue, 27 Jun 2023 16:32:11 -0500
Subject: [PATCH] fuzz: add ripemd160 target

The target fuzzes CCAN's implementation of ripemd160 and compares the
hash results against OpenSSL's implementation.
---
 tests/fuzz/Makefile         |  1 +
 tests/fuzz/fuzz-ripemd160.c | 80 +++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 tests/fuzz/fuzz-ripemd160.c

diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile
index 299314dad..f3ff45069 100644
--- a/tests/fuzz/Makefile
+++ b/tests/fuzz/Makefile
@@ -3,6 +3,7 @@ LIBFUZZ_HEADERS := $(LIBFUZZ_SRC:.c=.h)
 LIBFUZZ_OBJS := $(LIBFUZZ_SRC:.c=.o)
 
 tests/fuzz/fuzz-connectd-handshake-act*.o: tests/fuzz/connectd_handshake.h
+tests/fuzz/fuzz-ripemd160: LDLIBS += -lcrypto
 
 FUZZ_TARGETS_SRC := $(wildcard tests/fuzz/fuzz-*.c)
 FUZZ_TARGETS_OBJS := $(FUZZ_TARGETS_SRC:.c=.o)
diff --git a/tests/fuzz/fuzz-ripemd160.c b/tests/fuzz/fuzz-ripemd160.c
new file mode 100644
index 000000000..10657b180
--- /dev/null
+++ b/tests/fuzz/fuzz-ripemd160.c
@@ -0,0 +1,80 @@
+/* This is a differential fuzz test comparing the output from CCAN's ripemd160
+ * implementation against OpenSSL's.
+ */
+#include "config.h"
+#include <assert.h>
+#include <ccan/crypto/ripemd160/ripemd160.h>
+#include <ccan/mem/mem.h>
+#include <openssl/evp.h>
+#include <openssl/provider.h>
+#include <openssl/ripemd.h>
+#include <tests/fuzz/libfuzz.h>
+
+/* Some versions of OpenSSL removed ripemd160 from the default provider. Check
+ * and load the legacy provider if necessary. */
+void init(int *argc, char ***argv)
+{
+	const char data[] = "hash test data";
+	u8 openssl_hash[RIPEMD160_DIGEST_LENGTH];
+	unsigned hash_size;
+
+	if (!EVP_Digest(data, sizeof(data), openssl_hash, &hash_size,
+			EVP_ripemd160(), NULL)) {
+		OSSL_PROVIDER_load(NULL, "legacy");
+		assert(EVP_Digest(data, sizeof(data), openssl_hash, &hash_size,
+				  EVP_ripemd160(), NULL));
+	}
+	assert(hash_size == RIPEMD160_DIGEST_LENGTH);
+}
+
+/* Test that splitting the data and hashing via multiple updates yields the same
+ * result as not splitting the data. */
+static void test_split_update(int num_splits, const struct ripemd160 *expected,
+			      const u8 *data, size_t size)
+{
+	const size_t split_size = size / (num_splits + 1);
+	struct ripemd160_ctx ctx = RIPEMD160_INIT;
+	struct ripemd160 actual;
+
+	for (int i = 0; i < num_splits; ++i) {
+		ripemd160_update(&ctx, data, split_size);
+		data += split_size;
+		size -= split_size;
+	}
+	ripemd160_update(&ctx, data, size); /* Hash remaining data. */
+
+	ripemd160_done(&ctx, &actual);
+	assert(memeq(expected, sizeof(*expected), &actual, sizeof(actual)));
+}
+
+/* Test that the hash calculated by CCAN matches OpenSSL's hash. */
+static void test_vs_openssl(const struct ripemd160 *expected, const u8 *data,
+			    size_t size)
+{
+	u8 openssl_hash[RIPEMD160_DIGEST_LENGTH];
+	unsigned hash_size;
+
+	assert(EVP_Digest(data, size, openssl_hash, &hash_size, EVP_ripemd160(),
+			  NULL));
+	assert(hash_size == RIPEMD160_DIGEST_LENGTH);
+	assert(memeq(expected, sizeof(*expected), openssl_hash,
+		     sizeof(openssl_hash)));
+}
+
+void run(const u8 *data, size_t size)
+{
+	struct ripemd160 expected;
+	u8 num_splits;
+
+	if (size < 1)
+		return;
+
+	num_splits = *data;
+	++data;
+	--size;
+
+	ripemd160(&expected, data, size);
+
+	test_split_update(num_splits, &expected, data, size);
+	test_vs_openssl(&expected, data, size);
+}