diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 1577dee5b0b..22d1939c7aa 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -82,17 +82,29 @@ NTSTATUS smb2_signing_sign_pdu(DATA_BLOB signing_key,
 
 		ZERO_ARRAY(key);
 	} else {
-		struct HMACSHA256Context m;
-		uint8_t digest[SHA256_DIGEST_LENGTH];
+		gnutls_hmac_hd_t hmac_hnd = NULL;
+		uint8_t digest[gnutls_hmac_get_len(GNUTLS_MAC_SHA256)];
+		int rc;
 
-		ZERO_STRUCT(m);
-		hmac_sha256_init(signing_key.data, MIN(signing_key.length, 16), &m);
-		for (i=0; i < count; i++) {
-			hmac_sha256_update((const uint8_t *)vector[i].iov_base,
-					   vector[i].iov_len, &m);
+		rc = gnutls_hmac_init(&hmac_hnd,
+				      GNUTLS_MAC_SHA256,
+				      signing_key.data,
+				      MIN(signing_key.length, 16));
+		if (rc < 0) {
+			return NT_STATUS_NO_MEMORY;
 		}
-		hmac_sha256_final(digest, &m);
-		memcpy(res, digest, 16);
+
+		for (i = 0; i < count; i++) {
+			rc = gnutls_hmac(hmac_hnd,
+					 vector[i].iov_base,
+					 vector[i].iov_len);
+			if (rc < 0) {
+				gnutls_hmac_deinit(hmac_hnd, NULL);
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+		gnutls_hmac_deinit(hmac_hnd, digest);
+		memcpy(res, digest, sizeof(res));
 	}
 	DEBUG(5,("signed SMB2 message\n"));