X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=fuzz%2FREADME.md;h=e8596a7b680b36c75e40a575f3bff2532a8dfa2b;hp=9b6d7d7980d756f7df774823feeb93a07462ca7d;hb=49dadc1cb74dd1c83983900b5c4acb22c647af31;hpb=75a112295d615ec6baa9e4da6eb4e82a4ce8b40b;ds=sidebyside

diff --git a/fuzz/README.md b/fuzz/README.md
index 9b6d7d7980..e8596a7b68 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -1,5 +1,8 @@
 # I Can Haz Fuzz?
 
+LibFuzzer
+=========
+
 Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
 
 Starting from a vanilla+OpenSSH server Ubuntu install.
@@ -32,16 +35,32 @@ https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
 
 Configure for fuzzing:
 
-    $ CC=clang ./config enable-fuzz enable-asan enable-ubsan no-shared
+    $ CC=clang ./config enable-fuzz-libfuzzer \
+            --with-fuzzer-include=../../svn-work/Fuzzer \
+            --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
+            enable-asan enable-ubsan no-shared
     $ sudo apt-get install make
     $ LDCMD=clang++ make -j
-    $ fuzz/helper.py <fuzzer> <arguments>
+    $ fuzz/helper.py $FUZZER
 
-Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
-need any command line arguments, but, for example, `asn1` needs the name of a
-data type.
+Where $FUZZER is one of the executables in `fuzz/`.
 
 If you get a crash, you should find a corresponding input file in
-`fuzz/corpora/<fuzzer>-crash/`. You can reproduce the crash with
+`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with
+
+    $ fuzz/$FUZZER <crashfile>
+
+AFL
+===
+
+Configure for fuzzing:
+
+    $ sudo apt-get install afl-clang
+    $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
+    $ make
+
+Run one of the fuzzers:
+
+    $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
 
-    $ fuzz/<fuzzer> <crashfile>
+Where $FUZZER is one of the executables in `fuzz/`.