Added documentation to note rfc 4493
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 0692492..4137ad1 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -1254,7 +1254,6 @@
@utils.register_interface(interfaces.CMACContext)
class _CMACContext(object):
def __init__(self, backend, algorithm, ctx=None):
-
if not backend.cmac_algorithm_supported(algorithm):
raise UnsupportedAlgorithm("This backend does not support CMAC")
@@ -1317,7 +1316,7 @@
res = self._backend._lib.CMAC_CTX_copy(
copied_ctx, self._ctx
)
- assert res != 0
+ assert res == 0
return _CMACContext(
self._backend, self.algorithm, ctx=copied_ctx
)
diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst
index be35014..8b88a3c 100644
--- a/docs/hazmat/primitives/mac/cmac.rst
+++ b/docs/hazmat/primitives/mac/cmac.rst
@@ -15,6 +15,8 @@
secret key. You can use an CMAC to verify both the integrity and authenticity
of a message.
+A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`.
+
.. class:: CMAC(algorithm, backend)
CMAC objects take a