diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile
index f3ff45069..e5bf67604 100644
--- a/tests/fuzz/Makefile
+++ b/tests/fuzz/Makefile
@@ -4,6 +4,7 @@ LIBFUZZ_OBJS := $(LIBFUZZ_SRC:.c=.o)
 
 tests/fuzz/fuzz-connectd-handshake-act*.o: tests/fuzz/connectd_handshake.h
 tests/fuzz/fuzz-ripemd160: LDLIBS += -lcrypto
+tests/fuzz/fuzz-sha256: LDLIBS += -lcrypto
 
 FUZZ_TARGETS_SRC := $(wildcard tests/fuzz/fuzz-*.c)
 FUZZ_TARGETS_OBJS := $(FUZZ_TARGETS_SRC:.c=.o)
diff --git a/tests/fuzz/fuzz-sha256.c b/tests/fuzz/fuzz-sha256.c
new file mode 100644
index 000000000..38aedcfa0
--- /dev/null
+++ b/tests/fuzz/fuzz-sha256.c
@@ -0,0 +1,64 @@
+/* This is a differential fuzz test comparing the output from CCAN's sha256
+ * implementation against OpenSSL's.
+ */
+#include "config.h"
+#include <assert.h>
+#include <ccan/crypto/sha256/sha256.h>
+#include <ccan/mem/mem.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#include <tests/fuzz/libfuzz.h>
+
+void init(int *argc, char ***argv) {}
+
+/* Test that splitting the data and hashing via multiple updates yields the same
+ * result as not splitting the data. */
+static void test_split_update(int num_splits, const struct sha256 *expected,
+			      const u8 *data, size_t size)
+{
+	const size_t split_size = size / (num_splits + 1);
+	struct sha256_ctx ctx = SHA256_INIT;
+	struct sha256 actual;
+
+	for (int i = 0; i < num_splits; ++i) {
+		sha256_update(&ctx, data, split_size);
+		data += split_size;
+		size -= split_size;
+	}
+	sha256_update(&ctx, data, size); /* Hash remaining data. */
+
+	sha256_done(&ctx, &actual);
+	assert(memeq(expected, sizeof(*expected), &actual, sizeof(actual)));
+}
+
+/* Test that the hash calculated by CCAN matches OpenSSL's hash. */
+static void test_vs_openssl(const struct sha256 *expected, const u8 *data,
+			    size_t size)
+{
+	u8 openssl_hash[SHA256_DIGEST_LENGTH];
+	unsigned hash_size;
+
+	assert(EVP_Digest(data, size, openssl_hash, &hash_size, EVP_sha256(),
+			  NULL));
+	assert(hash_size == SHA256_DIGEST_LENGTH);
+	assert(memeq(expected, sizeof(*expected), openssl_hash,
+		     sizeof(openssl_hash)));
+}
+
+void run(const u8 *data, size_t size)
+{
+	struct sha256 expected;
+	u8 num_splits;
+
+	if (size < 1)
+		return;
+
+	num_splits = *data;
+	++data;
+	--size;
+
+	sha256(&expected, data, size);
+
+	test_split_update(num_splits, &expected, data, size);
+	test_vs_openssl(&expected, data, size);
+}