Bump openssl from 0.10.72 to 0.10.78

[dependabot]

Bumps openssl from 0.10.72 to 0.10.78.

Release notes

Sourced from openssl's releases.

openssl-v0.10.78

What's Changed

• Fix Suite B flag assignments in verify.rs by @​alex in rust-openssl/rust-openssl#2592
• Use cvt_p for OPENSSL_malloc error handling by @​alex in rust-openssl/rust-openssl#2593
• Mark BIO_get_mem_data on AWS-LC to be unsafe by @​alex in rust-openssl/rust-openssl#2594
• Set timeout for package installation step by @​alex in rust-openssl/rust-openssl#2595
• Panic in Crypter::new when IV is required but not provided by @​alex in rust-openssl/rust-openssl#2596
• openssl 4 support by @​reaperhulk in rust-openssl/rust-openssl#2591
• Avoid panic for overlong OIDs by @​botovq in rust-openssl/rust-openssl#2598
• Fix dangling stack pointer in custom extension add callback by @​alex in rust-openssl/rust-openssl#2599
• Add support for LibreSSL 4.3.x by @​botovq in rust-openssl/rust-openssl#2603
• fix inverted bounds assertion in AES key unwrap by @​reaperhulk in rust-openssl/rust-openssl#2604
• Reject oversized length returns from password callback trampoline by @​alex in rust-openssl/rust-openssl#2605
• Validate callback-returned lengths in PSK and cookie trampolines by @​alex in rust-openssl/rust-openssl#2607
• Error for short out in MdCtxRef::digest_final() by @​botovq in rust-openssl/rust-openssl#2608
• Check derive output buffer length on OpenSSL 1.1.x by @​alex in rust-openssl/rust-openssl#2606
• Release openssl v0.10.78 and openssl-sys v0.9.114 by @​alex in rust-openssl/rust-openssl#2609

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.77...openssl-v0.10.78

openssl-v0.10.77

What's Changed

• CI: Hash-pin all action usage, avoid credential persistence in actions/checkout by @​woodruffw in rust-openssl/rust-openssl#2587
• Bump aws-lc-sys to 0.39 by @​goffrie in rust-openssl/rust-openssl#2588
• md_ctx: enable sign/verify/reset on BoringSSL, LibreSSL, and AWS-LC by @​alex in rust-openssl/rust-openssl#2589
• Release openssl v0.10.77 and openssl-sys v0.9.113 by @​alex in rust-openssl/rust-openssl#2590

New Contributors

• @​woodruffw made their first contribution in rust-openssl/rust-openssl#2587

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.76...openssl-v0.10.77

openssl-v0.10.76

What's Changed

• feat: New methods EVP_PKEY_new_raw_*_key_ex and EVP_PKEY_is_a by @​FinnRG in rust-openssl/rust-openssl#2521
• Fix invalid value parsing of OCSP revocation reason by @​danpashin in rust-openssl/rust-openssl#2523
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in rust-openssl/rust-openssl#2524
• Bump aws-lc-sys from 0.27 to 0.34 by @​goffrie in rust-openssl/rust-openssl#2526
• Expose X509_NAME_dup on all versions of OpenSSL by @​alex in rust-openssl/rust-openssl#2529
• Unconditionally expose some *_dup() functions by @​botovq in rust-openssl/rust-openssl#2530
• reintroduce dir_name support for subject_alt_names by @​mqqz in rust-openssl/rust-openssl#2528
• Fix cipher comparison with NID instead of pointers by @​lwestlund in rust-openssl/rust-openssl#2531
• Remove ASN1_STRING_data for LibreSSL 4.3.0 by @​botovq in rust-openssl/rust-openssl#2534
• drop openssl 1.0.2 by @​alex in rust-openssl/rust-openssl#2545
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in rust-openssl/rust-openssl#2542
• Add Debug implementation for EcdsaSig{,Ref} by @​buytenh in rust-openssl/rust-openssl#2540
• Add HKDF support by @​Zenkibou in rust-openssl/rust-openssl#2543
• Enhance Debug implementation for Nid by @​buytenh in rust-openssl/rust-openssl#2547
• Remove X509_VERIFY_PARAM_ID for LibreSSL 4.3.0 by @​botovq in rust-openssl/rust-openssl#2549

... (truncated)

Commits

• a6debf5 Release openssl v0.10.78 and openssl-sys v0.9.114 (#2609)
• 09b425e Check derive output buffer length on OpenSSL 1.1.x (#2606)
• 826c388 Error for short out in MdCtxRef::digest_final() (#2608)
• 1d10902 Validate callback-returned lengths in PSK and cookie trampolines (#2607)
• 5af6895 Reject oversized length returns from password callback trampoline (#2605)
• 718d07f fix inverted bounds assertion in AES key unwrap (#2604)
• 53cc69d Add support for LibreSSL 4.3.x (#2603)
• 0b41e79 Fix dangling stack pointer in custom extension add callback (#2599)
• cbdedf8 Avoid panic for overlong OIDs (#2598)
• 1fc51ef openssl 4 support (#2591)
• Additional commits viewable in compare view

---

Note

Medium Risk
Lockfile-only change, but it updates crypto/TLS bindings (openssl/openssl-sys), which can affect security behavior and native linking across platforms.

Overview
Updates the Rust openssl dependency in Cargo.lock from 0.10.72 to 0.10.78, along with the corresponding openssl-sys bump from 0.9.107 to 0.9.114 (checksum updates only).

^{Reviewed by Cursor Bugbot for commit 057866e. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coveralls-official]

Coverage Report for CI Build 24848502304

Coverage remained the same at 87.497%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	8542
Covered Lines:	7474
Line Coverage:	87.5%
Coverage Strength:	30888543.99 hits per line

---

💛 - Coveralls

[dependabot]

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.

[emlowe]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.