From 0d8f3fdb93edd65da28a8a0a6d3a0a5c69a114d5 Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Tue, 24 Oct 2023 16:08:32 +0900
Subject: [PATCH 1/5] clear flowinfo and scope id fields, having junk confuses
 address validation

---
 lib/quicly.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/quicly.c b/lib/quicly.c
index 920d04b8..8e1c03aa 100644
--- a/lib/quicly.c
+++ b/lib/quicly.c
@@ -6842,7 +6842,7 @@ int quicly_decrypt_address_token(ptls_aead_context_t *aead, quicly_address_token
                 portaddr = &plaintext->remote.sin.sin_port;
                 break;
             case 16: /* ipv6 */
-                plaintext->remote.sin6.sin6_family = AF_INET6;
+                plaintext->remote.sin6 = (struct sockaddr_in6){.sin6_family = AF_INET6};
                 memcpy(&plaintext->remote.sin6.sin6_addr, src, 16);
                 portaddr = &plaintext->remote.sin6.sin6_port;
                 break;

From 99a2122b99034b88c5106cc9c2075b1b5d9f412d Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Tue, 24 Oct 2023 16:10:34 +0900
Subject: [PATCH 2/5] retain scope_id in the retry token, otherwise we cannot
 disambiguate link-local addresses on different ifs

---
 lib/quicly.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/quicly.c b/lib/quicly.c
index 8e1c03aa..d7bad119 100644
--- a/lib/quicly.c
+++ b/lib/quicly.c
@@ -6744,6 +6744,7 @@ int quicly_encrypt_address_token(void (*random_bytes)(void *, size_t), ptls_aead
                 break;
             case AF_INET6:
                 ptls_buffer_pushv(buf, &plaintext->remote.sin6.sin6_addr, 16);
+                ptls_buffer_push32(buf, plaintext->remote.sin6.sin6_scope_id);
                 port = ntohs(plaintext->remote.sin6.sin6_port);
                 break;
             default:
@@ -6841,9 +6842,11 @@ int quicly_decrypt_address_token(ptls_aead_context_t *aead, quicly_address_token
                 memcpy(&plaintext->remote.sin.sin_addr.s_addr, src, 4);
                 portaddr = &plaintext->remote.sin.sin_port;
                 break;
-            case 16: /* ipv6 */
+            case 20: /* ipv6 */
                 plaintext->remote.sin6 = (struct sockaddr_in6){.sin6_family = AF_INET6};
                 memcpy(&plaintext->remote.sin6.sin6_addr, src, 16);
+                if ((ret = ptls_decode32(&plaintext->remote.sin6.sin6_scope_id, &src, end)) != 0)
+                    goto Exit;
                 portaddr = &plaintext->remote.sin6.sin6_port;
                 break;
             default:

From 38993ef7406050f1a24954b37e7b1770c7d0cf9e Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Tue, 24 Oct 2023 16:14:20 +0900
Subject: [PATCH 3/5] flowinfo is not part of an address

---
 lib/quicly.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/quicly.c b/lib/quicly.c
index d7bad119..085157a9 100644
--- a/lib/quicly.c
+++ b/lib/quicly.c
@@ -5696,7 +5696,6 @@ static int compare_socket_address(struct sockaddr *x, struct sockaddr *y)
         if (r != 0)
             return r;
         CMP(ntohs(xin6->sin6_port), ntohs(yin6->sin6_port));
-        CMP(xin6->sin6_flowinfo, yin6->sin6_flowinfo);
         CMP(xin6->sin6_scope_id, yin6->sin6_scope_id);
     } else if (x->sa_family == AF_UNSPEC) {
         return 1;

From 386428d3b7a43bc977ab0209cd7cc8087b077560 Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Mon, 30 Oct 2023 16:36:59 +0900
Subject: [PATCH 4/5] update picotls

---
 deps/picotls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deps/picotls b/deps/picotls
index 3b3a910c..73d64a3c 160000
--- a/deps/picotls
+++ b/deps/picotls
@@ -1 +1 @@
-Subproject commit 3b3a910c5cad139e3ac3ebca1a4b93604263e6c8
+Subproject commit 73d64a3c5df2699ff1ecd30b9d15d37d098397a0

From 7d6a9d2bd76b023e795e0a3ffa8eb8f976a048ad Mon Sep 17 00:00:00 2001
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Mon, 30 Oct 2023 16:38:17 +0900
Subject: [PATCH 5/5] rely on picotls to check availability of fusion

---
 CMakeLists.txt | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d9948535..13156275 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,6 +7,7 @@ INCLUDE(CMakePushCheckState)
 INCLUDE(CheckCSourceCompiles)
 INCLUDE(deps/picotls/cmake/boringssl-adjust.cmake)
 INCLUDE(deps/picotls/cmake/dtrace-utils.cmake)
+INCLUDE(deps/picotls/cmake/fusion.cmake)
 
 FIND_PACKAGE(OpenSSL REQUIRED)
 BORINGSSL_ADJUST()
@@ -20,15 +21,7 @@ IF (WITH_DTRACE)
     MESSAGE(STATUS "Enabling USDT support")
 ENDIF ()
 
-CMAKE_PUSH_CHECK_STATE()
-SET(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -mavx2 -maes -mpclmul -mvaes -mvpclmulqdq")
-CHECK_C_SOURCE_COMPILES("int main(void) {}" CC_HAS_AESNI256)
-CMAKE_POP_CHECK_STATE()
-IF (CC_HAS_AESNI256)
-    SET(WITH_FUSION_DEFAULT "ON")
-ELSE ()
-    SET(WITH_FUSION_DEFAULT "OFF")
-ENDIF ()
+CHECK_FUSION_PREREQUISITES()
 OPTION(WITH_FUSION "whether or not to use the Fusion AES-GCM engine in the cli binary" ${WITH_FUSION_DEFAULT})
 
 # CMake defaults to a Debug build, whereas quicly defaults to an optimized (Release) build