diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 2b98bee6f..6ef2245cf 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -103,6 +103,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
  * \param ctx      The context to use. This must be initialized.
  * \param is224    This determines which function to use. This must be
  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+ *                 If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
  *
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
@@ -171,6 +172,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
  * \param ctx      The context to use. This must be initialized.
  * \param is224    Determines which function to use. This must be
  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+ *                 If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
                                                int is224 );
@@ -239,6 +241,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
  *                 be a writable buffer of length \c 32 Bytes.
  * \param is224    Determines which function to use. This must be
  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+ *                 If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
  */
 int mbedtls_sha256_ret( const unsigned char *input,
                         size_t ilen,
@@ -271,6 +274,7 @@ int mbedtls_sha256_ret( const unsigned char *input,
  *                 a writable buffer of length \c 32 Bytes.
  * \param is224    Determines which function to use. This must be either
  *                 \c 0 for SHA-256, or \c 1 for SHA-224.
+ *                 If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
  */
 MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
                                         size_t ilen,
diff --git a/library/sha256.c b/library/sha256.c
index a141511cd..c576a0346 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -113,12 +113,33 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
 {
     SHA256_VALIDATE_RET( ctx != NULL );
+#if defined(MBEDTLS_SHA256_NO_SHA224)
+    SHA256_VALIDATE_RET( is224 == 0 );
+    (void) is224;
+#else
     SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#endif
 
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
-    if( is224 == 0 )
+#if !defined(MBEDTLS_SHA256_NO_SHA224)
+    ctx->is224 = is224;
+
+    if( is224 == 1 )
+    {
+        /* SHA-224 */
+        ctx->state[0] = 0xC1059ED8;
+        ctx->state[1] = 0x367CD507;
+        ctx->state[2] = 0x3070DD17;
+        ctx->state[3] = 0xF70E5939;
+        ctx->state[4] = 0xFFC00B31;
+        ctx->state[5] = 0x68581511;
+        ctx->state[6] = 0x64F98FA7;
+        ctx->state[7] = 0xBEFA4FA4;
+    }
+    else
+#endif
     {
         /* SHA-256 */
         ctx->state[0] = 0x6A09E667;
@@ -130,26 +151,6 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
         ctx->state[6] = 0x1F83D9AB;
         ctx->state[7] = 0x5BE0CD19;
     }
-    else
-    {
-#if defined(MBEDTLS_SHA256_NO_SHA224)
-        return( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA );
-#else
-        /* SHA-224 */
-        ctx->state[0] = 0xC1059ED8;
-        ctx->state[1] = 0x367CD507;
-        ctx->state[2] = 0x3070DD17;
-        ctx->state[3] = 0xF70E5939;
-        ctx->state[4] = 0xFFC00B31;
-        ctx->state[5] = 0x68581511;
-        ctx->state[6] = 0x64F98FA7;
-        ctx->state[7] = 0xBEFA4FA4;
-#endif
-    }
-
-#if !defined(MBEDTLS_SHA256_NO_SHA224)
-    ctx->is224 = is224;
-#endif
 
     return( 0 );
 }