From 5e67a87afe60e057749703ccae7c710af8c658e6 Mon Sep 17 00:00:00 2001
From: Matthew Mondor <mmondor@pulsar-zone.net>
Date: Sun, 28 Aug 2016 10:38:16 +0000
Subject: [PATCH] If RC4_MITIGATE is defined, discard the first 3072
 pseudorandom bytes

---
 src/rc4.c | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/rc4.c b/src/rc4.c
index 22bbebf..0eb4873 100644
--- a/src/rc4.c
+++ b/src/rc4.c
@@ -74,7 +74,33 @@ void *rc4_initstate(unsigned char *key, int keylen)
       if(idx1 >= keylen)
 	  idx1 = 0;
    }
-   
+
+#ifdef RC4_MITIGATE
+   /*
+    * Discard the first 3072 pseudorandom bytes to mitigate some arcfour
+    * vulnerabilities related to the weak key scheduling algorithm.
+    * Unfortunately this makes the implementation incompatible with legacy
+    * ones, meaning that all servers of the network should enable this at the
+    * same time.  Ideally, inter-server links should eventually use SSL.
+    */
+   {
+	   RC4BYTE *s = rc4->mstate;
+	   RC4DWORD x, y, a, b;
+
+	   for (x = rc4->x, y = rc4->y, i = 0;
+		i < 3072; i++) {
+		   x = (x + 1) & 0xff;
+		   a = s[x];
+		   y = (y + a) & 0xff;
+		   b = s[y];
+		   s[x] = b;
+		   s[y] = a;
+	   }
+	   rc4->x = (RC4BYTE)x;
+	   rc4->y = (RC4BYTE)y;
+   }
+#endif
+
    return (void *) rc4;
 }
 
-- 
2.9.0