Auto merge of #13068 - rust-lang:renovate/crate-openssl-vulnerability, r=weihanglo

chore(deps): update rust crate openssl to 0.10.60 [security]

[![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [openssl](https://togithub.com/sfackler/rust-openssl) | workspace.dependencies | patch | `0.10.57` -> `0.10.60` |

### GitHub Vulnerability Alerts

#### [GHSA-xphf-cx8h-7q9g](https://togithub.com/sfackler/rust-openssl/issues/2096)

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with `X509StoreRef::all_certificates`.

---

### Release Notes

<details>
<summary>sfackler/rust-openssl (openssl)</summary>

### [`v0.10.60`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.60)

[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60)

#### What's Changed

-   Correct off-by-one in minimum output buffer size computation by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2088](https://togithub.com/sfackler/rust-openssl/pull/2088)
-   Expose a few more (bad) ciphers in cipher::Cipher by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2084](https://togithub.com/sfackler/rust-openssl/pull/2084)
-   add temp key bindings by [`@&#8203;jmayclin](https://togithub.com/jmayclin)` in [https://github.com/sfackler/rust-openssl/pull/2076](https://togithub.com/sfackler/rust-openssl/pull/2076)
-   Expose ChaCha20 on LibreSSL by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2093](https://togithub.com/sfackler/rust-openssl/pull/2093)
-   Revert "Correct off-by-one in minimum output buffer size computation" by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2090](https://togithub.com/sfackler/rust-openssl/pull/2090)
-   Added `update_unchecked` to `symm::Crypter` by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2100](https://togithub.com/sfackler/rust-openssl/pull/2100)
-   fixes [#&#8203;2096](https://togithub.com/sfackler/rust-openssl/issues/2096) -- deprecate `X509StoreRef::objects`, it is unsound by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2099](https://togithub.com/sfackler/rust-openssl/pull/2099)
-   Don't leak when overwriting ex data by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2102](https://togithub.com/sfackler/rust-openssl/pull/2102)
-   Release openssl v0.10.60 and openssl-sys v0.9.96 by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2104](https://togithub.com/sfackler/rust-openssl/pull/2104)

**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60

### [`v0.10.59`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.59)

[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59)

#### What's Changed

-   Add binding to NID of Chacha20-Poly1305 cipher by [`@&#8203;Arnavion](https://togithub.com/Arnavion)` in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081)
-   Fixed cfg for RSA_PSS by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2079](https://togithub.com/sfackler/rust-openssl/pull/2079)
-   fixes [#&#8203;2050](https://togithub.com/sfackler/rust-openssl/issues/2050) -- build and test on libressl 3.8.2 by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2082](https://togithub.com/sfackler/rust-openssl/pull/2082)
-   Release openssl v0.10.59 and openssl-sys v0.9.95 by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2083](https://togithub.com/sfackler/rust-openssl/pull/2083)

#### New Contributors

-   [`@&#8203;Arnavion](https://togithub.com/Arnavion)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2081](https://togithub.com/sfackler/rust-openssl/pull/2081)

**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59

### [`v0.10.58`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.58)

[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58)

#### What's Changed

-   LibreSSL 3.8.1 support by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2035](https://togithub.com/sfackler/rust-openssl/pull/2035)
-   Update vendored version to openssl 3 by [`@&#8203;amousset](https://togithub.com/amousset)` in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925)
-   Test against 3.2.0-alpha1 by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2037](https://togithub.com/sfackler/rust-openssl/pull/2037)
-   Removed reference to non-existent method by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2039](https://togithub.com/sfackler/rust-openssl/pull/2039)
-   Bump CI to 1.1.1w by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2040](https://togithub.com/sfackler/rust-openssl/pull/2040)
-   \[openssl-sys] Add X509\_check\_{host,email,ip,ip_asc} fns by [`@&#8203;jgallagher](https://togithub.com/jgallagher)` in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042)
-   Expose CBC mode for several more (bad) ciphers by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2045](https://togithub.com/sfackler/rust-openssl/pull/2045)
-   Expose two additional Pkey IDs by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2046](https://togithub.com/sfackler/rust-openssl/pull/2046)
-   Add support for CRL extensions and the Authority Information Access e… by [`@&#8203;AdmiralGT](https://togithub.com/AdmiralGT)` in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003)
-   Fix clippy warnings produced by newer Rust by [`@&#8203;wiktor-k](https://togithub.com/wiktor-k)` in [https://github.com/sfackler/rust-openssl/pull/2052](https://togithub.com/sfackler/rust-openssl/pull/2052)
-   Use osslconf on BoringSSL by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2056](https://togithub.com/sfackler/rust-openssl/pull/2056)
-   Make X509\_ALGOR opaque for LibreSSL by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060)
-   Don't ignore ECDSA tests without GF2m support by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2061](https://togithub.com/sfackler/rust-openssl/pull/2061)
-   Clarify 'possible LibreSSL bug' by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2062](https://togithub.com/sfackler/rust-openssl/pull/2062)
-   Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2063](https://togithub.com/sfackler/rust-openssl/pull/2063)
-   Enable SHA-3 for LibreSSL 3.8.0 by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2064](https://togithub.com/sfackler/rust-openssl/pull/2064)
-   Remove DH_generate_parameters for LibreSSL 3.8.2 by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2065](https://togithub.com/sfackler/rust-openssl/pull/2065)
-   Use EVP_MD_CTX\_{new,free}() in LibreSSL 3.8.2 by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2067](https://togithub.com/sfackler/rust-openssl/pull/2067)
-   Enable HKDF support for LibreSSL >= 3.6.0 by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2066](https://togithub.com/sfackler/rust-openssl/pull/2066)
-   Two build script fixes for LibreSSL by [`@&#8203;botovq](https://togithub.com/botovq)` in [https://github.com/sfackler/rust-openssl/pull/2068](https://togithub.com/sfackler/rust-openssl/pull/2068)
-   Respect OPENSSL_NO_OCB on AES functions by [`@&#8203;GuyLewin](https://togithub.com/GuyLewin)` in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070)
-   Support OPENSSL_NO_SCRYPT by [`@&#8203;GuyLewin](https://togithub.com/GuyLewin)` in [https://github.com/sfackler/rust-openssl/pull/2071](https://togithub.com/sfackler/rust-openssl/pull/2071)
-   Bump 3.2.0 beta by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [https://github.com/sfackler/rust-openssl/pull/2073](https://togithub.com/sfackler/rust-openssl/pull/2073)
-   add security level bindings by [`@&#8203;jmayclin](https://togithub.com/jmayclin)` in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074)
-   Release openssl v0.10.58 and openssl-sys v0.9.94 by [`@&#8203;alex](https://togithub.com/alex)` in [https://github.com/sfackler/rust-openssl/pull/2078](https://togithub.com/sfackler/rust-openssl/pull/2078)

#### New Contributors

-   [`@&#8203;amousset](https://togithub.com/amousset)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/1925](https://togithub.com/sfackler/rust-openssl/pull/1925)
-   [`@&#8203;jgallagher](https://togithub.com/jgallagher)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2042](https://togithub.com/sfackler/rust-openssl/pull/2042)
-   [`@&#8203;AdmiralGT](https://togithub.com/AdmiralGT)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2003](https://togithub.com/sfackler/rust-openssl/pull/2003)
-   [`@&#8203;botovq](https://togithub.com/botovq)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2060](https://togithub.com/sfackler/rust-openssl/pull/2060)
-   [`@&#8203;GuyLewin](https://togithub.com/GuyLewin)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2070](https://togithub.com/sfackler/rust-openssl/pull/2070)
-   [`@&#8203;jmayclin](https://togithub.com/jmayclin)` made their first contribution in [https://github.com/sfackler/rust-openssl/pull/2074](https://togithub.com/sfackler/rust-openssl/pull/2074)

**Full Changelog**: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/rust-lang/cargo).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->

Cargo.lock

@@ -2336,9 +2336,9 @@ dependencies = [
 
 [[package]]
 name = "openssl"
-version = "0.10.57"
+version = "0.10.60"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c"
+checksum = "79a4c6c3a2b158f7f8f2a2fc5a969fa3a068df6fc9dbb4a43845436e3af7c800"
 dependencies = [
  "bitflags 2.4.0",
  "cfg-if",
@@ -2368,18 +2368,18 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
 [[package]]
 name = "openssl-src"
-version = "111.26.0+1.1.1u"
+version = "300.1.6+3.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efc62c9f12b22b8f5208c23a7200a442b2e5999f8bdf80233852122b5a4f6f37"
+checksum = "439fac53e092cd7442a3660c85dde4643ab3b5bd39040912388dcdabf6b88085"
 dependencies = [
  "cc",
 ]
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.92"
+version = "0.9.96"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db7e971c2c2bba161b2d2fdf37080177eff520b3bc044787c7f1f5f9e78d869b"
+checksum = "3812c071ba60da8b5677cc12bcb1d42989a65553772897a7e0355545a819838f"
 dependencies = [
  "cc",
  "libc",

Cargo.toml

@@ -63,7 +63,7 @@ libloading = "0.8.1"
 memchr = "2.6.4"
 miow = "0.6.0"
 opener = "0.6.1"
-openssl ="0.10.57"
+openssl ="0.10.60"
 os_info = "3.7.0"
 pasetors = { version = "0.6.7", features = ["v3", "paserk", "std", "serde"] }
 pathdiff = "0.2"