From 0f2887265c4695c169ae9459cc887ebd3a4c8a74 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Mon, 21 Sep 2020 13:17:12 -0700
Subject: [PATCH 1/6] AES-NI/NEON detection for iOS

Requires 64-bit CPU
---
 node/AES.cpp       |  4 ++++
 node/Constants.hpp |  6 ++++++
 node/Utils.cpp     | 12 ++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/node/AES.cpp b/node/AES.cpp
index 87ca39c83..2a1bac79a 100644
--- a/node/AES.cpp
+++ b/node/AES.cpp
@@ -18,6 +18,10 @@
 #pragma GCC diagnostic ignored "-Wstrict-aliasing"
 #endif
 
+#ifdef __APPLE__
+#include <arm_neon.h>
+#endif
+
 #define Te1_r(x) ZT_ROR32(Te0[x], 8U)
 #define Te2_r(x) ZT_ROR32(Te0[x], 16U)
 #define Te3_r(x) ZT_ROR32(Te0[x], 24U)
diff --git a/node/Constants.hpp b/node/Constants.hpp
index 53b44dd42..660c8772d 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -112,12 +112,18 @@
 #endif
 
 #if (defined(__ARM_NEON) || defined(__ARM_NEON__) || defined(ZT_ARCH_ARM_HAS_NEON))
+#if defined(__APPLE__) && !defined(__LP64__)
+#ifdef ZT_ARCH_ARM_HAS_NEON
+#undef ZT_ARCH_ARM_HAS_NEON
+#endif
+#else
 #ifndef ZT_ARCH_ARM_HAS_NEON
 #define ZT_ARCH_ARM_HAS_NEON 1
 #endif
 #include <arm_neon.h>
 /*#include <arm_acle.h>*/
 #endif
+#endif
 
 // Define ZT_NO_TYPE_PUNNING to disable reckless casts on anything other than x86/x64.
 #if (!(defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || defined(_X86_) || defined(__I86__) || defined(__INTEL__) || defined(__386)))
diff --git a/node/Utils.cpp b/node/Utils.cpp
index 508e553e3..57a3d6612 100644
--- a/node/Utils.cpp
+++ b/node/Utils.cpp
@@ -42,6 +42,10 @@
 #include "Mutex.hpp"
 #include "Salsa20.hpp"
 
+#ifdef __APPLE__
+#include <TargetConditionals.h>
+#endif
+
 namespace ZeroTier {
 
 const uint64_t Utils::ZERO256[4] = {0ULL,0ULL,0ULL,0ULL};
@@ -51,6 +55,13 @@ const char Utils::HEXCHARS[16] = { '0','1','2','3','4','5','6','7','8','9','a','
 #ifdef ZT_ARCH_ARM_HAS_NEON
 Utils::ARMCapabilities::ARMCapabilities() noexcept
 {
+#if TARGET_OS_IPHONE
+    this->aes = true;
+    this->crc32 = true;
+    this->pmull = true;
+    this->sha1 = true;
+    this->sha2 = true;
+#else
 #ifdef HWCAP2_AES
 	if (sizeof(void *) == 4) {
 		const long hwcaps2 = getauxval(AT_HWCAP2);
@@ -70,6 +81,7 @@ Utils::ARMCapabilities::ARMCapabilities() noexcept
 #ifdef HWCAP2_AES
 	}
 #endif
+#endif // TARGET_OS_IPHONE
 }
 
 const Utils::ARMCapabilities Utils::ARMCAP;

From 9e6dba90665f5ad85e8547087e106fde611cc2d6 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Mon, 21 Sep 2020 18:05:25 -0700
Subject: [PATCH 2/6] Enable AES-NI on Android X86-64

Need to find the magic incantation to enable it on ARM64 still
---
 java/jni/Android.mk | 6 ++++++
 node/Constants.hpp  | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/java/jni/Android.mk b/java/jni/Android.mk
index f018950d2..176931551 100644
--- a/java/jni/Android.mk
+++ b/java/jni/Android.mk
@@ -12,9 +12,15 @@ LOCAL_LDLIBS := -llog
 # LOCAL_CFLAGS := -g
 
 LOCAL_CFLAGS := -DZT_USE_MINIUPNPC
+ifeq ($(TARGET_ARCH_ABI),x86_64)
+    LOCAL_CXXFLAGS := -maes -mpclmul -msse4.1
+endif
 
 # ZeroTierOne SDK source files
 LOCAL_SRC_FILES := \
+    $(ZT1)/node/AES.cpp \
+    $(ZT1)/node/Bond.cpp \
+    $(ZT1)/node/BondController.cpp \
     $(ZT1)/node/C25519.cpp \
 	$(ZT1)/node/Capability.cpp \
 	$(ZT1)/node/CertificateOfMembership.cpp \
diff --git a/node/Constants.hpp b/node/Constants.hpp
index 660c8772d..ccb7c4cf8 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -111,8 +111,10 @@
 #include <mmintrin.h>
 #endif
 
+
+
 #if (defined(__ARM_NEON) || defined(__ARM_NEON__) || defined(ZT_ARCH_ARM_HAS_NEON))
-#if defined(__APPLE__) && !defined(__LP64__)
+#if (defined(__APPLE__) && !defined(__LP64__)) || defined(__ANDROID__)
 #ifdef ZT_ARCH_ARM_HAS_NEON
 #undef ZT_ARCH_ARM_HAS_NEON
 #endif

From 81316807354d8d1a765af2d2598182b4bff7eecc Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 22 Sep 2020 08:04:16 -0700
Subject: [PATCH 3/6] AES-NI enabled for Android ARM64

---
 java/jni/Android.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/jni/Android.mk b/java/jni/Android.mk
index 176931551..065416dd1 100644
--- a/java/jni/Android.mk
+++ b/java/jni/Android.mk
@@ -15,6 +15,10 @@ LOCAL_CFLAGS := -DZT_USE_MINIUPNPC
 ifeq ($(TARGET_ARCH_ABI),x86_64)
     LOCAL_CXXFLAGS := -maes -mpclmul -msse4.1
 endif
+ifeq ($(TARGET_ARCH_ABI),arm64-v8a)
+    LOCAL_ARM_NEON := true
+    LOCAL_CXXFLAGS := -mfloat-abi=softfp -mfpu=neon
+endif
 
 # ZeroTierOne SDK source files
 LOCAL_SRC_FILES := \

From 7d8cfb1feed400c87e62a1f55ec2d2611cdb470d Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Tue, 22 Sep 2020 10:28:31 -0700
Subject: [PATCH 4/6] more magic incantations to make crypto extensions work on
 Android/ARM64

---
 java/jni/Android.mk     | 4 +++-
 java/jni/Application.mk | 2 +-
 node/Constants.hpp      | 2 +-
 node/Utils.cpp          | 4 ++++
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/java/jni/Android.mk b/java/jni/Android.mk
index 065416dd1..7aa9f41b7 100644
--- a/java/jni/Android.mk
+++ b/java/jni/Android.mk
@@ -11,13 +11,15 @@ LOCAL_C_INCLUDES := \
 LOCAL_LDLIBS := -llog
 # LOCAL_CFLAGS := -g
 
+APP_UNIFIED_HEADERS := true
+
 LOCAL_CFLAGS := -DZT_USE_MINIUPNPC
 ifeq ($(TARGET_ARCH_ABI),x86_64)
     LOCAL_CXXFLAGS := -maes -mpclmul -msse4.1
 endif
 ifeq ($(TARGET_ARCH_ABI),arm64-v8a)
     LOCAL_ARM_NEON := true
-    LOCAL_CXXFLAGS := -mfloat-abi=softfp -mfpu=neon
+    LOCAL_CXXFLAGS := -march=armv8-a+crypto -mfloat-abi=softfp -mfpu=neon -maes -isystem $NDK/sysroot/usr/include/$TRIPLE
 endif
 
 # ZeroTierOne SDK source files
diff --git a/java/jni/Application.mk b/java/jni/Application.mk
index 4fc50f73d..8613c15ee 100644
--- a/java/jni/Application.mk
+++ b/java/jni/Application.mk
@@ -1,5 +1,5 @@
 # NDK_TOOLCHAIN_VERSION := clang3.5
 APP_STL := c++_static
 APP_CPPFLAGS := -Wall -fstack-protector -fexceptions -fno-strict-aliasing -frtti -Wno-deprecated-register -DZT_NO_TYPE_PUNNING=1
-APP_PLATFORM := android-14
+APP_PLATFORM := android-21
 APP_ABI := all
diff --git a/node/Constants.hpp b/node/Constants.hpp
index ccb7c4cf8..e4d197f41 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -114,7 +114,7 @@
 
 
 #if (defined(__ARM_NEON) || defined(__ARM_NEON__) || defined(ZT_ARCH_ARM_HAS_NEON))
-#if (defined(__APPLE__) && !defined(__LP64__)) || defined(__ANDROID__)
+#if (defined(__APPLE__) && !defined(__LP64__)) || (defined(__ANDROID__) && defined(__arm__))
 #ifdef ZT_ARCH_ARM_HAS_NEON
 #undef ZT_ARCH_ARM_HAS_NEON
 #endif
diff --git a/node/Utils.cpp b/node/Utils.cpp
index 57a3d6612..1acd5e1bf 100644
--- a/node/Utils.cpp
+++ b/node/Utils.cpp
@@ -46,6 +46,10 @@
 #include <TargetConditionals.h>
 #endif
 
+#if defined(__ANDROID__) && defined(__aarch64__)
+#include <asm/hwcap.h>
+#endif
+
 namespace ZeroTier {
 
 const uint64_t Utils::ZERO256[4] = {0ULL,0ULL,0ULL,0ULL};

From ff23d3051ff3bfe540bce3c4a117fd27b9dc6c07 Mon Sep 17 00:00:00 2001
From: Grant Limberg <grant.limberg@zerotier.com>
Date: Wed, 23 Sep 2020 12:16:10 -0700
Subject: [PATCH 5/6] self hosted controller JSON format fix for DNS

---
 controller/EmbeddedNetworkController.cpp | 30 ++++++++++--------------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 3fb39aa3a..1ab48f41b 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1031,25 +1031,21 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
 
 					if (b.count("dns")) {
 						json &dns = b["dns"];
-						if (dns.is_array()) {
-							json nda = json::array();
-							for(unsigned int i=0;i<dns.size();++i) {
-								json &d = dns[i];
-								if (d.is_object()) {
-									json nd = json::object();
-									nd["domain"] = d["domain"];
-									json &srv = d["servers"];
-									if (srv.is_array()) {
-										json ns = json::array();
-										for(unsigned int j=0;j<srv.size();++j) {
-											ns.push_back(srv[i]);
-										}
-										nd["servers"] = ns;
-									}
-									nda.push_back(nd);
+						if (dns.is_object()) {
+							json nd;
+
+							nd["domain"] = dns["domain"];
+
+							json &srv = dns["servers"];
+							if (srv.is_array()) {
+								json ns = json::array();
+								for(unsigned int i=0;i<srv.size();++i) {
+									ns.push_back(srv[i]);
 								}
+								nd["servers"] = ns;
 							}
-							network["dns"] = nda;
+
+							network["dns"] = nd;
 						}
 					}
 

From b3331c5ec2eea2c4396bf528c95df366dcbb7c3d Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Wed, 23 Sep 2020 15:31:20 -0700
Subject: [PATCH 6/6] Fix buffer overflow in windows tap driver

---
 windows/TapDriver6/adapter.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/TapDriver6/adapter.c b/windows/TapDriver6/adapter.c
index 7ce4b310c..c170e2215 100644
--- a/windows/TapDriver6/adapter.c
+++ b/windows/TapDriver6/adapter.c
@@ -272,7 +272,8 @@ tapReadConfiguration(
 
         if (status == NDIS_STATUS_SUCCESS)
         {
-            if (configParameter->ParameterType == NdisParameterString)
+            if (configParameter->ParameterType == NdisParameterString
+                && configParameter->ParameterData.StringData.Length <= sizeof(Adapter->NetCfgInstanceIdBuffer) - sizeof(WCHAR))
             {
                 DEBUGP (("[TAP] NdisReadConfiguration (NetCfgInstanceId=%wZ)\n",
                     &configParameter->ParameterData.StringData ));