diff --git a/.gitignore b/.gitignore
index e927ae87..fb40cc00 100644
--- a/.gitignore
+++ b/.gitignore
@@ -210,3 +210,5 @@ embedded/tls-sock-server-ca
 embedded/tls-sock-threaded
 embedded/tls-threaded
 server-tls-verifycallback
+
+hash/sha256-hash
diff --git a/hash/Makefile b/hash/Makefile
new file mode 100644
index 00000000..d4366780
--- /dev/null
+++ b/hash/Makefile
@@ -0,0 +1,37 @@
+CC := gcc -fsanitize=address
+program_NAME := sha256-hash
+program_C_SRCS := $(wildcard *.c)
+program_CXX_SRCS := $(wildcard *.cpp)
+program_C_OBJS := ${program_C_SRCS:.c=.o}
+program_CXX_OBJS := ${program_CXX_SRCS:.cpp=.o}
+program_OBJS := $(program_C_OBJS) $(program_CXX_OBJS)
+program_INCLUDE_DIRS :=
+program_LIBRARY_DIRS :=
+program_LIBRARIES :=
+
+WOLF_INSTALL_DIR := /usr/local
+program_INCLUDE_DIRS += $(WOLF_INSTALL_DIR)/include
+program_INCLUDE_DIRS += ./include
+program_LIBRARY_DIRS += $(WOLF_INSTALL_DIR)/lib
+program_LIBRARIES += wolfssl
+
+CPPFLAGS += $(foreach includedir,$(program_INCLUDE_DIRS),-I$(includedir))
+#CPPFLAGS += -Werror
+#CPPFLAGS += -Weverything
+#CPPFLAGS += -Wsign-conversion
+#CPPFLAGS += -Wshorten-64-to-32 #NOTE: Not supported on most linux distros.
+LDFLAGS += $(foreach librarydir,$(program_LIBRARY_DIRS),-L$(librarydir))
+LDFLAGS += $(foreach library,$(program_LIBRARIES),-l$(library))
+
+.PHONY: all clean distclean
+
+all: $(program_NAME)
+
+$(program_NAME): $(program_OBJS)
+	$(CC) $(CPPFLAGS) $(program_OBJS) -o $(program_NAME) $(LDFLAGS) 
+
+clean:
+	@- $(RM) $(program_NAME)
+	@- $(RM) $(program_OBJS)
+
+distclean: clean
diff --git a/hash/sha256-hash.c b/hash/sha256-hash.c
new file mode 100644
index 00000000..3c501f85
--- /dev/null
+++ b/hash/sha256-hash.c
@@ -0,0 +1,116 @@
+/* sha256-hash.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_USER_SETTINGS
+#include <wolfssl/options.h>
+#endif
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifndef CHUNK_SIZE
+#define CHUNK_SIZE 1024
+#endif
+
+#ifndef NO_SHA256
+void usage(void)
+{
+    printf("./sha256-hash <file to hash>\n");
+    exit(-99);
+}
+#endif
+
+int main(int argc, char** argv)
+{
+    int ret = -1;
+#ifndef NO_SHA256
+    wc_Sha256 sha256;
+    byte  hash[WC_SHA256_DIGEST_SIZE];
+    byte  rawInput[CHUNK_SIZE];
+    FILE* inputStream;
+    char* fName = NULL;
+    int fileLength = 0;
+    int i, chunkSz;
+
+    if (argc < 2)
+        usage();
+    fName = argv[1];
+    printf("Hash input file %s\n", fName);
+
+    inputStream = fopen(fName, "rb");
+    if (inputStream == NULL) {
+        printf("ERROR: Unable to open file\n");
+        return -1;
+    }
+
+    /* find length of the file */
+    fseek(inputStream, 0, SEEK_END);
+    fileLength = (int) ftell(inputStream);
+    fseek(inputStream, 0, SEEK_SET);
+
+    ret = wc_InitSha256(&sha256);
+    if (ret != 0) {
+        printf("Failed to initialize sha structure\n");
+        fclose(inputStream);
+    }
+
+    /* Loop reading a block at a time, finishing with any excess */
+    for (i = 0; i < fileLength; i += CHUNK_SIZE) {
+        chunkSz = CHUNK_SIZE;
+        if (chunkSz > fileLength - i)
+            chunkSz = fileLength - i;
+
+        ret = fread(rawInput, 1, chunkSz, inputStream);
+        if (ret != chunkSz) {
+            printf("ERROR: Failed to read the appropriate amount\n");
+            ret = -1;
+            break;
+        }
+
+        ret = wc_Sha256Update(&sha256, rawInput, chunkSz);
+        if (ret != 0) {
+            printf("Failed to update the hash\n");
+            break;
+        }
+    }
+
+    if (ret == 0) {
+        ret = wc_Sha256Final(&sha256, hash);
+    }
+    if (ret != 0) {
+        printf("ERROR: Hash operation failed");
+    }
+    else {
+        printf("Hash result is: ");
+        for (i = 0; i < WC_SHA256_DIGEST_SIZE; i++)
+            printf("%02x", hash[i]);
+        printf("\n");
+    }
+
+    fclose(inputStream);
+    wc_Sha256Free(&sha256);
+#else
+    printf("Please enable sha256 (--enable-sha256) in wolfCrypt\n");
+#endif
+    return ret;
+}