diff --git a/ChangeLog b/ChangeLog
index de9b4a8d55bf765fd1b6ab99a7511212b84b86cd..58901bd01a69d14a24876d4cf219ecc105b824e2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2003-04-25  Niels M�ller  <niels@s3.kth.se>
+
+	* testsuite/hmac-test.c (test_main): Added tests for hmac-256,
+	from draft-ietf-ipsec-ciph-sha-256-01.txt.
+
+	* hmac-sha256.c (hmac_sha256_digest): New file.
+
 2003-04-22  Niels M�ller  <nisse@cuckoo.hack.org>
 
 	* sha-example.c (display_hex): Simplified by using printf better.
diff --git a/hmac-sha256.c b/hmac-sha256.c
new file mode 100644
index 0000000000000000000000000000000000000000..df285c59ba176b1a5513f4334da4340d73b6c4c5
--- /dev/null
+++ b/hmac-sha256.c
@@ -0,0 +1,47 @@
+/* hmac-sha256.c
+ *
+ * HMAC-SHA256 message authentication code.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2003 Niels M�ller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "hmac.h"
+
+void
+hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
+		    unsigned key_length, const uint8_t *key)
+{
+  HMAC_SET_KEY(ctx, &nettle_sha256, key_length, key);
+}
+
+void
+hmac_sha256_update(struct hmac_sha256_ctx *ctx,
+		   unsigned length, const uint8_t *data)
+{
+  sha256_update(&ctx->state, length, data);
+}
+
+void
+hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
+		   unsigned length, uint8_t *digest)
+{
+  HMAC_DIGEST(ctx, &nettle_sha256, length, digest);
+}