Merge bitcoin/bitcoin#28951: fuzz: BIP324: damage ciphertext/aad in full byte range

fanquake · fanquake · commit 05d3f8e82228 · 2023-11-30T15:03:53.000Z
e67634e fuzz: BIP324: damage ciphertext/aad in full byte range (Sebastian Falbesoner) Pull request description: This PR is a tiny improvement for the `bip324_cipher_roundtrip` fuzz target: currently the damaging of input data for decryption (either ciphertext or aad) only ever happens in the lower nibble within the byte at the damage position, as the bit position for the `damage_val` byte was calculated with `damage_bit & 3` (corresponding to `% 4`) rather than `damage_bit & 7` (corresponding to the expected `% 8`). Noticed while reviewing #28263 which uses similar constructs. ACKs for top commit: stratospher: ACK e67634e. dergoegge: utACK e67634e Tree-SHA512: 1bab4df28708e079874feee939beef45eff235215375c339decc696f4c9aef04e4b417322b045491c8aec6e88ec8ec2db564e27ef1b0be352b6ff4ed38bad49a
diff --git a/src/test/fuzz/bip324.cpp b/src/test/fuzz/bip324.cpp
@@ -98,7 +98,7 @@ FUZZ_TARGET(bip324_cipher_roundtrip, .init=Initialize)
             unsigned damage_bit = provider.ConsumeIntegralInRange<unsigned>(0,
                 (ciphertext.size() + aad.size()) * 8U - 1U);
             unsigned damage_pos = damage_bit >> 3;
-            std::byte damage_val{(uint8_t)(1U << (damage_bit & 3))};
+            std::byte damage_val{(uint8_t)(1U << (damage_bit & 7))};
             if (damage_pos >= ciphertext.size()) {
                 aad[damage_pos - ciphertext.size()] ^= damage_val;
             } else {
