Ensure there is a blank line before headers (markdown portability)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md
index 040194b..16328ad 100644
--- a/docs/4.0-migration-guide.md
+++ b/docs/4.0-migration-guide.md
@@ -211,6 +211,7 @@
- The PSA driver wrapper is now generated in TF-PSA-Crypto.
- Platform-specific configuration are now handled in `crypto_config.h`.
- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto.
+
## Compile-time configuration
### Configuration file split
@@ -255,6 +256,7 @@
#### Removal of backward compatibility options
The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now.
+
## PSA as the only cryptography API
The PSA API is now the only API for cryptographic primitives.
@@ -278,6 +280,7 @@
### Impact on the library configuration
Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto.
+
## Private declarations
Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice.
@@ -311,6 +314,7 @@
may not compile or work with future minor releases. If there's something you
want to do that you feel can only be achieved by using one of these two macros,
please reach out on github or the mailing list.
+
## Error codes
### Unified error code space
@@ -348,6 +352,7 @@
| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` |
See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.
+
## Removal of deprecated functions
### Removal of deprecated X.509 functions
@@ -362,6 +367,7 @@
### Removal of `compat-2.x.h`
The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed.
+
## Removed features
### Removal of obsolete key exchanges methods in (D)TLS 1.2
@@ -514,6 +520,7 @@
The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead.
The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead.
+
## Function prototype changes
A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API.
@@ -603,6 +610,7 @@
psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
uint32_t lifetime);
```
+
## OID module
The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data.