nrf_security: Re-order legacy cmake configuration force-enabling

Re-order legacy cmake configuration force-enabling. This fixes the issue where PSA_WANT_ALG_SHA_256 enables MBEDTLS_SHA256 without enabling MBEDTLS_SHA224. This could otherwise lead to an error in check_config.h Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
robertstypa · Jun 23, 2023 · 5ec0e3a · 5ec0e3a
1 parent e954ddb
commit 5ec0e3a
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/subsys/nrf_security/cmake/legacy_crypto_config.cmake b/subsys/nrf_security/cmake/legacy_crypto_config.cmake
@@ -189,11 +189,6 @@ if (CONFIG_CC3XX_BACKEND)
   endif()
 endif()
 
-# Ensure that MBEDTLS_SHA224_C is set if MBEDTLS_SHA256_C
-# to prevent build errors.
-kconfig_check_and_set_base_depends(MBEDTLS_SHA224_C
-  MBEDTLS_SHA256_C
-)
 
 # Convert defines required even in PSA mode
 kconfig_check_and_set_base_depends(MBEDTLS_SHA1_C
@@ -281,6 +276,11 @@ Kconfig_check_and_set_base_depends(MBEDTLS_ECP_DP_CURVE448_ENABLED
   PSA_WANT_ECC_MONTGOMERY_448
 )
 
+# Ensure that MBEDTLS_SHA224_C is set if MBEDTLS_SHA256_C
+# to prevent build errors.
+kconfig_check_and_set_base_depends(MBEDTLS_SHA224_C
+  MBEDTLS_SHA256_C
+)
 
 if(CONFIG_GENERATE_MBEDTLS_CFG_FILE)
   # Generate the mbed TLS config file (default nrf-config.h)