Auto merge of #13068 - rust-lang:renovate/crate-openssl-vulnerability…

…, r=weihanglo

chore(deps): update rust crate openssl to 0.10.60 [security]

[![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [openssl](https://togithub.com/sfackler/rust-openssl) | workspace.dependencies | patch | `0.10.57` -> `0.10.60` |

### GitHub Vulnerability Alerts

#### [GHSA-xphf-cx8h-7q9g](https://togithub.com/sfackler/rust-openssl/issues/2096)

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with `X509StoreRef::all_certificates`.

---

### Release Notes

<details>
<summary>sfackler/rust-openssl (openssl)</summary>

### [`v0.10.60`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.60)

[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.59...openssl-v0.10.60)

#### What's Changed

-   Correct off-by-one in minimum output buffer size computation by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2088
-   Expose a few more (bad) ciphers in cipher::Cipher by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2084
-   add temp key bindings by [`@&#8203;jmayclin](https://togithub.com/jmayclin)` in [sfackler/rust-openssl#2076
-   Expose ChaCha20 on LibreSSL by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2093
-   Revert "Correct off-by-one in minimum output buffer size computation" by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2090
-   Added `update_unchecked` to `symm::Crypter` by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2100
-   fixes [#&#8203;2096](https://togithub.com/sfackler/rust-openssl/issues/2096) -- deprecate `X509StoreRef::objects`, it is unsound by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2099
-   Don't leak when overwriting ex data by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [sfackler/rust-openssl#2102
-   Release openssl v0.10.60 and openssl-sys v0.9.96 by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2104

**Full Changelog**: sfackler/rust-openssl@openssl-v0.10.59...openssl-v0.10.60

### [`v0.10.59`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.59)

[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.58...openssl-v0.10.59)

#### What's Changed

-   Add binding to NID of Chacha20-Poly1305 cipher by [`@&#8203;Arnavion](https://togithub.com/Arnavion)` in [sfackler/rust-openssl#2081
-   Fixed cfg for RSA_PSS by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2079
-   fixes [#&#8203;2050](https://togithub.com/sfackler/rust-openssl/issues/2050) -- build and test on libressl 3.8.2 by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2082
-   Release openssl v0.10.59 and openssl-sys v0.9.95 by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2083

#### New Contributors

-   [`@&#8203;Arnavion](https://togithub.com/Arnavion)` made their first contribution in [sfackler/rust-openssl#2081

**Full Changelog**: sfackler/rust-openssl@openssl-v0.10.58...openssl-v0.10.59

### [`v0.10.58`](https://togithub.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.58)

[Compare Source](https://togithub.com/sfackler/rust-openssl/compare/openssl-v0.10.57...openssl-v0.10.58)

#### What's Changed

-   LibreSSL 3.8.1 support by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2035
-   Update vendored version to openssl 3 by [`@&#8203;amousset](https://togithub.com/amousset)` in [sfackler/rust-openssl#1925
-   Test against 3.2.0-alpha1 by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [sfackler/rust-openssl#2037
-   Removed reference to non-existent method by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2039
-   Bump CI to 1.1.1w by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [sfackler/rust-openssl#2040
-   \[openssl-sys] Add X509\_check\_{host,email,ip,ip_asc} fns by [`@&#8203;jgallagher](https://togithub.com/jgallagher)` in [sfackler/rust-openssl#2042
-   Expose CBC mode for several more (bad) ciphers by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2045
-   Expose two additional Pkey IDs by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2046
-   Add support for CRL extensions and the Authority Information Access e… by [`@&#8203;AdmiralGT](https://togithub.com/AdmiralGT)` in [sfackler/rust-openssl#2003
-   Fix clippy warnings produced by newer Rust by [`@&#8203;wiktor-k](https://togithub.com/wiktor-k)` in [sfackler/rust-openssl#2052
-   Use osslconf on BoringSSL by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2056
-   Make X509\_ALGOR opaque for LibreSSL by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2060
-   Don't ignore ECDSA tests without GF2m support by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2061
-   Clarify 'possible LibreSSL bug' by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2062
-   Enable BN_mod_sqrt() for upcoming LibreSSL 3.8.2 by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2063
-   Enable SHA-3 for LibreSSL 3.8.0 by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2064
-   Remove DH_generate_parameters for LibreSSL 3.8.2 by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2065
-   Use EVP_MD_CTX\_{new,free}() in LibreSSL 3.8.2 by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2067
-   Enable HKDF support for LibreSSL >= 3.6.0 by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2066
-   Two build script fixes for LibreSSL by [`@&#8203;botovq](https://togithub.com/botovq)` in [sfackler/rust-openssl#2068
-   Respect OPENSSL_NO_OCB on AES functions by [`@&#8203;GuyLewin](https://togithub.com/GuyLewin)` in [sfackler/rust-openssl#2070
-   Support OPENSSL_NO_SCRYPT by [`@&#8203;GuyLewin](https://togithub.com/GuyLewin)` in [sfackler/rust-openssl#2071
-   Bump 3.2.0 beta by [`@&#8203;sfackler](https://togithub.com/sfackler)` in [sfackler/rust-openssl#2073
-   add security level bindings by [`@&#8203;jmayclin](https://togithub.com/jmayclin)` in [sfackler/rust-openssl#2074
-   Release openssl v0.10.58 and openssl-sys v0.9.94 by [`@&#8203;alex](https://togithub.com/alex)` in [sfackler/rust-openssl#2078

#### New Contributors

-   [`@&#8203;amousset](https://togithub.com/amousset)` made their first contribution in [sfackler/rust-openssl#1925
-   [`@&#8203;jgallagher](https://togithub.com/jgallagher)` made their first contribution in [sfackler/rust-openssl#2042
-   [`@&#8203;AdmiralGT](https://togithub.com/AdmiralGT)` made their first contribution in [sfackler/rust-openssl#2003
-   [`@&#8203;botovq](https://togithub.com/botovq)` made their first contribution in [sfackler/rust-openssl#2060
-   [`@&#8203;GuyLewin](https://togithub.com/GuyLewin)` made their first contribution in [sfackler/rust-openssl#2070
-   [`@&#8203;jmayclin](https://togithub.com/jmayclin)` made their first contribution in [sfackler/rust-openssl#2074

**Full Changelog**: sfackler/rust-openssl@openssl-v0.10.57...openssl-v0.10.58

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/rust-lang/cargo).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->

Cargo.toml

@@ -63,7 +63,7 @@ libloading = "0.8.1"
 memchr = "2.6.4"
 miow = "0.6.0"
 opener = "0.6.1"
-openssl ="0.10.57"
+openssl ="0.10.60"
 os_info = "3.7.0"
 pasetors = { version = "0.6.7", features = ["v3", "paserk", "std", "serde"] }
 pathdiff = "0.2"