diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index 054054338..cfc0bb210 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -160,4 +160,38 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
 }
 
 
+int wc_AesCmacGenerate(byte* out, word32* outSz,
+                       const byte* in, word32 inSz,
+                       const byte* key, word32 keySz)
+{
+    Cmac cmac;
+
+    wc_InitCmac(&cmac, key, keySz, WC_CMAC_AES, NULL);
+    wc_CmacUpdate(&cmac, in, inSz);
+    wc_CmacFinal(&cmac, out, outSz);
+
+    return 0;
+}
+
+
+int wc_AesCmacVerify(const byte* check, word32 checkSz,
+                     const byte* in, word32 inSz,
+                     const byte* key, word32 keySz)
+{
+    byte a[AES_BLOCK_SIZE];
+    word32 aSz = sizeof(a);
+    int result;
+    int compareRet;
+
+    XMEMSET(a, 0, aSz);
+    result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
+    compareRet = ConstantCompare(check, a, min(checkSz, aSz));
+
+    if (result == 0)
+        result = compareRet ? 1 : 0;
+
+    return result;
+}
+
+
 #endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index bce07bcf1..04f6d9f4e 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -7791,6 +7791,17 @@ int cmac_test(void)
             return -4036;
         if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
             return -4037;
+
+        XMEMSET(tag, 0, sizeof(tag));
+        tagSz = sizeof(tag);
+        if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
+                               tc->k, tc->kSz) != 0)
+            return -4038;
+        if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
+            return -4039;
+        if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
+                             tc->k, tc->kSz) != 0)
+            return -4040;
     }
 
     return 0;
diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h
index 261c6fe3c..9845a43ab 100644
--- a/wolfssl/wolfcrypt/cmac.h
+++ b/wolfssl/wolfcrypt/cmac.h
@@ -59,6 +59,16 @@ WOLFSSL_API
 int wc_CmacFinal(Cmac* cmac,
                  byte* out, word32* outSz);
 
+WOLFSSL_API
+int wc_AesCmacGenerate(byte* out, word32* outSz,
+                       const byte* in, word32 inSz,
+                       const byte* key, word32 keySz);
+
+WOLFSSL_API
+int wc_AesCmacVerify(const byte* check, word32 checkSz,
+                     const byte* in, word32 inSz,
+                     const byte* key, word32 keySz);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif