===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/mac.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- src/usr.bin/ssh/mac.c	2015/01/15 18:32:54	1.32
+++ src/usr.bin/ssh/mac.c	2016/07/08 03:44:42	1.33
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.32 2015/01/15 18:32:54 naddy Exp $ */
+/* $OpenBSD: mac.c,v 1.33 2016/07/08 03:44:42 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -159,7 +159,8 @@
 }
 
 int
-mac_compute(struct sshmac *mac, u_int32_t seqno, const u_char *data, int datalen,
+mac_compute(struct sshmac *mac, u_int32_t seqno,
+    const u_char *data, int datalen,
     u_char *digest, size_t dlen)
 {
 	static union {
@@ -200,6 +201,24 @@
 			dlen = mac->mac_len;
 		memcpy(digest, u.m, dlen);
 	}
+	return 0;
+}
+
+int
+mac_check(struct sshmac *mac, u_int32_t seqno,
+    const u_char *data, size_t dlen,
+    const u_char *theirmac, size_t mlen)
+{
+	u_char ourmac[SSH_DIGEST_MAX_LENGTH];
+	int r;
+
+	if (mac->mac_len > mlen)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if ((r = mac_compute(mac, seqno, data, dlen,
+	    ourmac, sizeof(ourmac))) != 0)
+		return r;
+	if (timingsafe_bcmp(ourmac, theirmac, mac->mac_len) != 0)
+		return SSH_ERR_MAC_INVALID;
 	return 0;
 }