From 1c2d9a3d7437339199b5ce844d8ff6b55b714cdc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 25 Jun 2025 16:00:43 +0200
Subject: [PATCH] Migration guide for OID

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 docs/4.0-migration-guide/oid.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 docs/4.0-migration-guide/oid.md

diff --git a/docs/4.0-migration-guide/oid.md b/docs/4.0-migration-guide/oid.md
new file mode 100644
index 0000000000..875f062155
--- /dev/null
+++ b/docs/4.0-migration-guide/oid.md
@@ -0,0 +1,7 @@
+## OID module
+
+The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data.
+
+Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_<thing>()` and `mbedtls_oid_get_oid_by_<thing>()`).
+
+The header `<mbedtls/oid.h>` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509.