diff --git a/changes/hsdescv3_fuzz_more b/changes/hsdescv3_fuzz_more
new file mode 100644
index 0000000000..25626bb9a4
--- /dev/null
+++ b/changes/hsdescv3_fuzz_more
@@ -0,0 +1,3 @@
+  o Minor features (testing):
+    - Our fuzzing tests now test the encrypted portions of the
+      v3 hidden service descriptors.  Implements more of 21509.
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 4bc54bdb2d..a8ff3471c7 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1303,12 +1303,12 @@ encrypted_data_length_is_valid(size_t len)
  *  generate the right decryption keys; set <b>decrypted_out</b> to the
  *  plaintext. If <b>is_superencrypted_layer</b> is set, this is the outter
  *  encrypted layer of the descriptor. */
-static size_t
-decrypt_desc_layer(const hs_descriptor_t *desc,
-                   const uint8_t *encrypted_blob,
-                   size_t encrypted_blob_size,
-                   int is_superencrypted_layer,
-                   char **decrypted_out)
+MOCK_IMPL(STATIC size_t,
+decrypt_desc_layer,(const hs_descriptor_t *desc,
+                    const uint8_t *encrypted_blob,
+                    size_t encrypted_blob_size,
+                    int is_superencrypted_layer,
+                    char **decrypted_out))
 {
   uint8_t *decrypted = NULL;
   uint8_t secret_key[HS_DESC_ENCRYPTED_KEY_LEN], secret_iv[CIPHER_IV_LEN];
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index 971e856647..7730ce09f0 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -261,6 +261,13 @@ STATIC size_t decode_superencrypted(const char *message, size_t message_len,
                                    uint8_t **encrypted_out);
 STATIC void desc_plaintext_data_free_contents(hs_desc_plaintext_data_t *desc);
 
+MOCK_DECL(STATIC size_t, decrypt_desc_layer,(const hs_descriptor_t *desc,
+                                             const uint8_t *encrypted_blob,
+                                             size_t encrypted_blob_size,
+                                             int is_superencrypted_layer,
+                                             char **decrypted_out));
+
+
 #endif /* defined(HS_DESCRIPTOR_PRIVATE) */
 
 #endif /* !defined(TOR_HS_DESCRIPTOR_H) */
diff --git a/src/test/fuzz/fuzz_hsdescv3.c b/src/test/fuzz/fuzz_hsdescv3.c
index 03c509e2e6..30e82c9252 100644
--- a/src/test/fuzz/fuzz_hsdescv3.c
+++ b/src/test/fuzz/fuzz_hsdescv3.c
@@ -35,12 +35,31 @@ mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
   return 0;
 }
 
+static size_t
+mock_decrypt_desc_layer(const hs_descriptor_t *desc,
+                        const uint8_t *encrypted_blob,
+                        size_t encrypted_blob_size,
+                        int is_superencrypted_layer,
+                        char **decrypted_out)
+{
+  (void)is_superencrypted_layer;
+  (void)desc;
+  const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN;
+  if (encrypted_blob_size < overhead)
+    return 0;
+  *decrypted_out = tor_memdup_nulterm(
+                   encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN,
+                   encrypted_blob_size - overhead);
+  return strlen(*decrypted_out);
+}
+
 int
 fuzz_init(void)
 {
   disable_signature_checking();
   MOCK(dump_desc, mock_dump_desc__nodump);
   MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
+  MOCK(decrypt_desc_layer, mock_decrypt_desc_layer);
   ed25519_init();
   return 0;
 }