X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fuzz%2FREADME.md;h=138af0d5d0287cfddc93db59f30c3c2f5f190563;hp=948590df938368e5799cd12e53f1c873282aef16;hb=255af26c5d8039ee009a0ee718fbdc4023d045ec;hpb=c38bb72797916f2a0ab9906aad29162ca8d53546;ds=sidebyside

diff --git a/fuzz/README.md b/fuzz/README.md
index 948590df93..138af0d5d0 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -1,6 +1,9 @@
 # I Can Haz Fuzz?
 
-Or, how to fuzz OpenSSL with libfuzzer.
+LibFuzzer
+=========
+
+Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
 
 Starting from a vanilla+OpenSSH server Ubuntu install.
 
@@ -32,16 +35,32 @@ https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
 
 Configure for fuzzing:
 
-    $ CC=clang ./config enable-fuzz enable-asan enable-ubsan no-shared
+    $ CC=clang ./config enable-fuzz-libfuzzer \
+            --with-fuzzer-include=../../svn-work/Fuzzer \
+            --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
+            -DPEDANTIC enable-asan enable-ubsan no-shared
     $ sudo apt-get install make
     $ LDCMD=clang++ make -j
-    $ fuzz/helper.py <fuzzer> <arguments>
+    $ fuzz/helper.py $FUZZER
 
-Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
-need any command line arguments, but, for example, `asn1` needs the name of a
-data type.
+Where $FUZZER is one of the executables in `fuzz/`.
 
 If you get a crash, you should find a corresponding input file in
-`fuzz/corpora/<fuzzer>-crash/`. You can reproduce the crash with
+`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with
+
+    $ fuzz/$FUZZER <crashfile>
+
+AFL
+===
+
+Configure for fuzzing:
+
+    $ sudo apt-get install afl-clang
+    $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
+    $ make
+
+Run one of the fuzzers:
+
+    $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
 
-    $ fuzz/<fuzzer> <crashfile>
+Where $FUZZER is one of the executables in `fuzz/`.