From 5ec0e3a890d6b45859750316eae0522148cb2571 Mon Sep 17 00:00:00 2001
From: Joakim Andersson <joakim.andersson@nordicsemi.no>
Date: Wed, 21 Jun 2023 12:56:03 +0200
Subject: [PATCH] nrf_security: Re-order legacy cmake configuration
 force-enabling

Re-order legacy cmake configuration force-enabling.
This fixes the issue where PSA_WANT_ALG_SHA_256 enables MBEDTLS_SHA256
without enabling MBEDTLS_SHA224.
This could otherwise lead to an error in check_config.h

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
---
 subsys/nrf_security/cmake/legacy_crypto_config.cmake | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/subsys/nrf_security/cmake/legacy_crypto_config.cmake b/subsys/nrf_security/cmake/legacy_crypto_config.cmake
index 4f950847fd2..da7d5412ee6 100644
--- a/subsys/nrf_security/cmake/legacy_crypto_config.cmake
+++ b/subsys/nrf_security/cmake/legacy_crypto_config.cmake
@@ -189,11 +189,6 @@ if (CONFIG_CC3XX_BACKEND)
   endif()
 endif()
 
-# Ensure that MBEDTLS_SHA224_C is set if MBEDTLS_SHA256_C
-# to prevent build errors.
-kconfig_check_and_set_base_depends(MBEDTLS_SHA224_C
-  MBEDTLS_SHA256_C
-)
 
 # Convert defines required even in PSA mode
 kconfig_check_and_set_base_depends(MBEDTLS_SHA1_C
@@ -281,6 +276,11 @@ Kconfig_check_and_set_base_depends(MBEDTLS_ECP_DP_CURVE448_ENABLED
   PSA_WANT_ECC_MONTGOMERY_448
 )
 
+# Ensure that MBEDTLS_SHA224_C is set if MBEDTLS_SHA256_C
+# to prevent build errors.
+kconfig_check_and_set_base_depends(MBEDTLS_SHA224_C
+  MBEDTLS_SHA256_C
+)
 
 if(CONFIG_GENERATE_MBEDTLS_CFG_FILE)
   # Generate the mbed TLS config file (default nrf-config.h)