Move subsection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 8a121fe..0c7be30 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -284,6 +284,19 @@
- The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules
were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead.
+### Remove the mode parameter from RSA functions
+
+This affects all users who use the RSA encryption, decryption, sign and
+verify APIs.
+
+The RSA module no longer supports private-key operations with the public key or
+vice versa. As a consequence, RSA operation functions no longer have a mode
+parameter. If you were calling RSA operations with the normal mode (public key
+for verification or encryption, private key for signature or decryption), remove
+the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling
+RSA operations with the wrong mode, which rarely makes sense from a security
+perspective, this is no longer supported.
+
## High-level crypto
@@ -305,19 +318,6 @@
implementations of the underlying primitives are in use, or with future
versions of the library.
-### Remove the mode parameter from RSA functions
-
-This affects all users who use the RSA encryption, decryption, sign and
-verify APIs.
-
-The RSA module no longer supports private-key operations with the public key or
-vice versa. As a consequence, RSA operation functions no longer have a mode
-parameter. If you were calling RSA operations with the normal mode (public key
-for verification or encryption, private key for signature or decryption), remove
-the `MBEDTLS_MODE_PUBLIC` or `MBEDTLS_MODE_PRIVATE` argument. If you were calling
-RSA operations with the wrong mode, which rarely makes sense from a security
-perspective, this is no longer supported.
-
### Remove the RNG parameter from RSA verify functions
RSA verification functions also no longer take random generator arguments (this
