static-build: bump the OpenSSL library version to 3.2.1

Bump the OpenSSL library version to 3.2.1 and remove OpenSSL patches which
are already present in the updated library version.

Disable modules in OpenSSL configuration to make sure the OpenSSL 3.0
legacy provider is compiled into the library.

Closes #7502

NO_DOC=<dependency bump>
NO_TEST=<dependency bump>

Co-authored-by: Sergey Bronnikov <sergeyb@tarantool.org>
(cherry picked from commit 8de22969)

changelogs/unreleased/gh-7502-bump-openssl.md

+## feature/build
+
+* Updated OpenSSL to version 3.2.1 (gh-7502).

cmake/BuildOpenSSL.cmake

-set(OPENSSL_VERSION 1.1.1q)
-set(OPENSSL_HASH c685d239b6a6e1bd78be45624c092f51)
+set(OPENSSL_VERSION 3.2.1)
+set(OPENSSL_HASH c239213887804ba00654884918b37441)
 set(OPENSSL_PATCHES_DIR ${PROJECT_SOURCE_DIR}/patches)
 set(OPENSSL_INSTALL_DIR ${BUNDLED_LIBS_INSTALL_DIR}/openssl-prefix)
 set(OPENSSL_INCLUDE_DIR ${OPENSSL_INSTALL_DIR}/include)
@@ -31,11 +31,8 @@ ExternalProject_Add(bundled-openssl-project
         --prefix=<INSTALL_DIR>
         --libdir=lib
         no-shared
+        no-module
     INSTALL_COMMAND ${CMAKE_MAKE_PROGRAM} install_sw
-    PATCH_COMMAND patch -d <SOURCE_DIR> -p1 -i "${OPENSSL_PATCHES_DIR}/openssl-111q-gh-18720.patch"
-    COMMAND       patch -d <SOURCE_DIR> -p1 -i "${OPENSSL_PATCHES_DIR}/openssl-tarantool-security-27.patch"
-    COMMAND       patch -d <SOURCE_DIR> -p1 -i "${OPENSSL_PATCHES_DIR}/openssl-tarantool-security-54.patch"
-    COMMAND       patch -d <SOURCE_DIR> -p1 -i "${OPENSSL_PATCHES_DIR}/openssl-tarantool-security-90.patch"
     BUILD_BYPRODUCTS ${OPENSSL_CRYPTO_LIBRARY} ${OPENSSL_SSL_LIBRARY}
 )
 

patches/openssl-111q-gh-18720.patch

-diff -ru a/test/v3ext.c b/test/v3ext.c
---- a/test/v3ext.c	2022-07-05 12:08:33.000000000 +0300
-+++ b/test/v3ext.c	2022-07-14 21:07:10.586081541 +0300
-@@ -8,6 +8,7 @@
-  */
- 
- #include <stdio.h>
-+#include <string.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
- #include <openssl/pem.h>

patches/openssl-tarantool-security-27.patch

-diff -ru a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
---- a/ssl/statem/statem_clnt.c	2023-02-10 11:02:21.000000000 +0300
-+++ b/ssl/statem/statem_clnt.c	2023-02-10 11:02:55.000000000 +0300
-@@ -1375,7 +1375,7 @@
-              * In TLSv1.3 it is valid for the server to select a different
-              * ciphersuite as long as the hash is the same.
-              */
--            if (ssl_md(c->algorithm2)
-+            if (s->session->cipher == NULL || ssl_md(c->algorithm2)
-                     != ssl_md(s->session->cipher->algorithm2)) {
-                 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
-                          SSL_F_SET_CLIENT_CIPHERSUITE,

patches/openssl-tarantool-security-54.patch

---- openssl.old/ssl/statem/extensions_clnt.c	2023-02-09 16:18:41.231053686 +0300
-+++ openssl/ssl/statem/extensions_clnt.c	2023-02-09 17:33:09.257282077 +0300
-@@ -266,6 +266,7 @@
-         return EXT_RETURN_NOT_SENT;
- 
-     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
-+            || !s->session 
-             || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                  SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);

patches/openssl-tarantool-security-90.patch

---- openssl.old/ssl/record/ssl3_record.c	2023-02-17 11:10:19.399907899 +0300
-+++ openssl/ssl/record/ssl3_record.c	2023-02-17 11:12:52.921915746 +0300
-@@ -1201,7 +1201,7 @@
-     }
- 
-     t = EVP_MD_CTX_size(hash);
--    if (t < 0)
-+    if (t <= 0)
-         return 0;
-     md_size = t;
-     npad = (48 / md_size) * md_size;