fuzz: use explicit fetching for digest algorithms

For better performance it is recommended to use the modern OpenSSL EVP_MD_fetch API to load digest algorithms (i.e. explicit fetching), instead of the older implicit fetching API. As a side effect, using this API seems to avoid memory leaks with some versions of OpenSSL.
morehouse · Feb 2, 2024 · 375210e · 375210e
1 parent 777f715
commit 375210e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 7 deletions.
diff --git a/tests/fuzz/fuzz-ripemd160.c b/tests/fuzz/fuzz-ripemd160.c
@@ -10,6 +10,8 @@
 #include <openssl/ripemd.h>
 #include <tests/fuzz/libfuzz.h>
 
+static EVP_MD *ripemd160_algo;
+
 /* Some versions of OpenSSL removed ripemd160 from the default provider. Check
  * and load the legacy provider if necessary. */
 void init(int *argc, char ***argv)
@@ -18,12 +20,15 @@ void init(int *argc, char ***argv)
 	u8 openssl_hash[RIPEMD160_DIGEST_LENGTH];
 	unsigned hash_size;
 
-	if (!EVP_Digest(data, sizeof(data), openssl_hash, &hash_size,
-			EVP_ripemd160(), NULL)) {
+	ripemd160_algo = EVP_MD_fetch(NULL, "RIPEMD-160", NULL);
+	if (!ripemd160_algo) {
 		OSSL_PROVIDER_load(NULL, "legacy");
-		assert(EVP_Digest(data, sizeof(data), openssl_hash, &hash_size,
-				  EVP_ripemd160(), NULL));
+		ripemd160_algo = EVP_MD_fetch(NULL, "RIPEMD-160", NULL);
+		assert(ripemd160_algo);
 	}
+
+	assert(EVP_Digest(data, sizeof(data), openssl_hash, &hash_size,
+			  ripemd160_algo, NULL));
 	assert(hash_size == RIPEMD160_DIGEST_LENGTH);
 }
 
@@ -54,7 +59,7 @@ static void test_vs_openssl(const struct ripemd160 *expected, const u8 *data,
 	u8 openssl_hash[RIPEMD160_DIGEST_LENGTH];
 	unsigned hash_size;
 
-	assert(EVP_Digest(data, size, openssl_hash, &hash_size, EVP_ripemd160(),
+	assert(EVP_Digest(data, size, openssl_hash, &hash_size, ripemd160_algo,
 			  NULL));
 	assert(hash_size == RIPEMD160_DIGEST_LENGTH);
 	assert(memeq(expected, sizeof(*expected), openssl_hash,

diff --git a/tests/fuzz/fuzz-sha256.c b/tests/fuzz/fuzz-sha256.c
@@ -9,7 +9,13 @@
 #include <openssl/sha.h>
 #include <tests/fuzz/libfuzz.h>
 
-void init(int *argc, char ***argv) {}
+static EVP_MD *sha256_algo;
+
+void init(int *argc, char ***argv)
+{
+	sha256_algo = EVP_MD_fetch(NULL, "SHA-256", NULL);
+	assert(sha256_algo);
+}
 
 /* Test that splitting the data and hashing via multiple updates yields the same
  * result as not splitting the data. */
@@ -38,7 +44,7 @@ static void test_vs_openssl(const struct sha256 *expected, const u8 *data,
 	u8 openssl_hash[SHA256_DIGEST_LENGTH];
 	unsigned hash_size;
 
-	assert(EVP_Digest(data, size, openssl_hash, &hash_size, EVP_sha256(),
+	assert(EVP_Digest(data, size, openssl_hash, &hash_size, sha256_algo,
 			  NULL));
 	assert(hash_size == SHA256_DIGEST_LENGTH);
 	assert(memeq(expected, sizeof(*expected), openssl_hash,