doc/, CHANGES, NEWS: add missing entries and fix existing ones when which CMP feature was added

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26908)

CHANGES.md

@@ -402,7 +402,9 @@ OpenSSL 3.4
 
    *Rajeev Ranjan*
 
- * Added support for requesting CRL in CMP.
+ * Added support for retrieving certificate request templates and CRLs in CMP,
+   with the respective CLI options `-template`,
+   `-crlcert`, `-oldcrl`, `-crlout`, `-crlform>`, and `-rsp_crl`.
 
    This work was sponsored by Siemens AG.
 
@@ -608,6 +610,8 @@ OpenSSL 3.3
    - `certProfile` request message header and respective `-profile` CLI option
    - support for delayed delivery of all types of response messages
 
+   This work was sponsored by Siemens AG.
+
    *David von Oheimb*
 
  * The build of exporters (such as `.pc` files for pkg-config) cleaned up to
@@ -913,11 +917,6 @@ OpenSSL 3.2
 
    *Fergus Dall*
 
- * Added support for securely getting root CA certificate update in
-   CMP.
-
-   *David von Oheimb*
-
  * Improved contention on global write locks by using more read locks where
    appropriate.
 
@@ -1183,8 +1182,11 @@ OpenSSL 3.2
    *David von Oheimb*
 
  * Various fixes and extensions to the CMP+CRMF implementation and the `cmp` app
-   in particular supporting requests for central key generation, generalized
-   polling, and various types of genm/genp exchanges defined in CMP Updates.
+   in particular supporting various types of genm/genp exchanges such as getting
+   CA certificates and root CA cert updates defined in CMP Updates [RFC 9480],
+   as well as the `-srvcertout` and `-serial` CLI options.
+
+   This work was sponsored by Siemens AG.
 
    *David von Oheimb*
 

NEWS.md

@@ -46,6 +46,8 @@ This release adds the following new features:
     FIPS compliance can be claimed.  Enable this using the configuration
     option `enable-fips-jitter`.
 
+  * Support for central key generation in CMP
+
 OpenSSL 3.4
 -----------
 
@@ -115,7 +117,7 @@ This release adds the following new features:
   * Support for integrity-only cipher suites TLS_SHA256_SHA256 and
     TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150
 
-  * Support for requesting CRL in CMP
+  * Support for retrieving certificate request templates and CRLs in CMP
 
   * Support for additional X.509v3 extensions related to Attribute Certificates
 
@@ -227,6 +229,8 @@ This release adds the following new features:
   * Added X509_STORE_get1_objects to avoid issues with the existing
     X509_STORE_get0_objects API in multi-threaded applications.
 
+  * Support for using certificate profiles and extened delayed delivery in CMP
+
 This release incorporates the following potentially significant or incompatible
 changes:
 

doc/man1/openssl-cmp.pod.in

@@ -1517,9 +1517,15 @@ The B<cmp> application was added in OpenSSL 3.0.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
-The B<-profile> option was added in OpenSSL 3.3.
+The B<-oldwithold>, B<-newwithnew>, B<-newwithold>, B<-oldwithnew>,
+The B<-srvcertout>, and B<-serial> option were added in OpenSSL 3.2, as well
+as an extension of B<-cacertsout> to use when getting CA certificates.
+Since then, the B<-issuer> may be used also for certificates to be revoked.
 
-B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform>
+The B<-profile> and B<-no_cache_extracerts> options were added in OpenSSL 3.3,
+as well as support for delayed delivery of all types of response messages.
+
+The B<-template>, B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform>
 and B<-rsp_crl> options were added in OpenSSL 3.4.
 
 B<-centralkeygen>, b<-newkeyout>, B<-rsp_key> and

doc/man3/OSSL_CMP_CTX_new.pod

@@ -879,6 +879,9 @@ OSSL_CMP_CTX_get0_validatedSrvCert() were added in OpenSSL 3.2.
 
 OSSL_CMP_CTX_get0_geninfo_ITAVs() was added in OpenSSL 3.3.
 
+Support for central key generation, requested via B<OSSL_CRMF_POPO_NONE>,
+was added in OpenSSL 3.5.
+
 =head1 COPYRIGHT
 
 Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.