Explore the benefits of fuzzing for testing

[vanitasvitae]

Incorporating a fuzzing framework into the testing workflow might help reveal parser bugs or all kinds of unwanted behavior, not only for PGPainless, but also BouncyCastle.

[vanitasvitae]

A popular fuzzing framework appears to be Jazzer, so this might be a good candidate to look into.

[vanitasvitae]

Apparently Jazzer has been integrated into oss-fuzz?
Not sure which interface is easier to use?

[vanitasvitae]

Some thoughts from a discussion with the Sequoia Team:

• You probably want to fuzz the packet parser
• For this you want to eliminate the crypto layer
• Therefore you want to have a null-backend to swap the crypto layer with
• The null-backends crypto operations are just the identity function
• Now you can round-trip "encrypted" and "signed" packets without the crypto getting into the way of the fuzzer.