Completely ignore is224 if SHA-224 is disabled
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 2b98bee..6ef2245 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -103,6 +103,7 @@
* \param ctx The context to use. This must be initialized.
* \param is224 This determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
+ * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*
* \return \c 0 on success.
* \return A negative error code on failure.
@@ -171,6 +172,7 @@
* \param ctx The context to use. This must be initialized.
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
+ * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
int is224 );
@@ -239,6 +241,7 @@
* be a writable buffer of length \c 32 Bytes.
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
+ * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*/
int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen,
@@ -271,6 +274,7 @@
* a writable buffer of length \c 32 Bytes.
* \param is224 Determines which function to use. This must be either
* \c 0 for SHA-256, or \c 1 for SHA-224.
+ * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0.
*/
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
size_t ilen,
diff --git a/library/sha256.c b/library/sha256.c
index a141511..c576a03 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -113,12 +113,33 @@
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
{
SHA256_VALIDATE_RET( ctx != NULL );
+#if defined(MBEDTLS_SHA256_NO_SHA224)
+ SHA256_VALIDATE_RET( is224 == 0 );
+ (void) is224;
+#else
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#endif
ctx->total[0] = 0;
ctx->total[1] = 0;
- if( is224 == 0 )
+#if !defined(MBEDTLS_SHA256_NO_SHA224)
+ ctx->is224 = is224;
+
+ if( is224 == 1 )
+ {
+ /* SHA-224 */
+ ctx->state[0] = 0xC1059ED8;
+ ctx->state[1] = 0x367CD507;
+ ctx->state[2] = 0x3070DD17;
+ ctx->state[3] = 0xF70E5939;
+ ctx->state[4] = 0xFFC00B31;
+ ctx->state[5] = 0x68581511;
+ ctx->state[6] = 0x64F98FA7;
+ ctx->state[7] = 0xBEFA4FA4;
+ }
+ else
+#endif
{
/* SHA-256 */
ctx->state[0] = 0x6A09E667;
@@ -130,26 +151,6 @@
ctx->state[6] = 0x1F83D9AB;
ctx->state[7] = 0x5BE0CD19;
}
- else
- {
-#if defined(MBEDTLS_SHA256_NO_SHA224)
- return( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA );
-#else
- /* SHA-224 */
- ctx->state[0] = 0xC1059ED8;
- ctx->state[1] = 0x367CD507;
- ctx->state[2] = 0x3070DD17;
- ctx->state[3] = 0xF70E5939;
- ctx->state[4] = 0xFFC00B31;
- ctx->state[5] = 0x68581511;
- ctx->state[6] = 0x64F98FA7;
- ctx->state[7] = 0xBEFA4FA4;
-#endif
- }
-
-#if !defined(MBEDTLS_SHA256_NO_SHA224)
- ctx->is224 = is224;
-#endif
return( 0 );
}