Corrections of the migration guide from the code review.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
index 8791649..b18b310 100644
--- a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
+++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
@@ -1,9 +1,16 @@
Deprecated functions were removed from AES
------------------------------------------
-The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were removed.
-Please use `mbedtls_internal_aes_encrypt()` and `mbedtls_internal_aes_decrypt()`
-respectively.
+The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were
+removed.
+
+If you're simply using the AES module, you should be calling the higher-level
+functions `mbedtls_aes_crypt_xxx()`.
+
+If you're providing an alternative implementation using
+`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be
+replacing the removed functions with `mbedtls_internal_aes_encrypt()` and
+`mbedtls_internal_aes_decrypt()` respectively.
Deprecated functions were removed from bignum
---------------------------------------------
@@ -20,7 +27,7 @@
`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()`
respectively which additionally support key wrapping algorithms such as
NIST_KW.
-
+
Deprecated functions were removed from DRBGs
--------------------------------------------
@@ -39,11 +46,11 @@
Deprecated functions were removed from SSL
------------------------------------------
-The functions `mbedtls_ssl_conf_dh_param()` and
-`mbedtls_ssl_get_max_frag_len()` were removed. Please use
-`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` and
-`mbedtls_ssl_get_output_max_frag_len()` instead.
+The function `mbedtls_ssl_conf_dh_param()` was removed. Please use
+`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
+The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
+`mbedtls_ssl_get_output_max_frag_len()` instead.
Deprecated hex-encoded primes were removed from DHM
---------------------------------------------------
@@ -52,13 +59,14 @@
`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`,
`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`,
`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were
-removed. The hex-encoded primes from RFC 5114 are deprecated because their
-derivation is not documented and therefore their usage constitutes a security
-risk. They are removed from the library without replacement.
+removed. The primes from RFC 5114 are deprecated because their derivation is not
+documented and therefore their usage constitutes a security risk; they are fully
+removed from the library. Please use parameters from RFC3526 (still in the
+library, only in binary form) or RFC 7919 (also available in the library) or
+other trusted sources instead.
Deprecated net.h file was removed
---------------------------------
The file `include/mbedtls/net.h` was removed because its only function was to
include `mbedtls/net_sockets.h` which now should be included directly.
-