Add integration script and CI for ruby 3.1 and 3.2 (#1563)

We've finalized our support for Ruby 3.1 and 3.2. This adds the patch
and integration CI to test against it.

Ruby 3.1 patch contents are as following:
1. Slight logic to properly detect AWS-LC in FIPS mode.
2. Differences in emitted error messages
3. During signature verification, an invalid ASN.1 input raises an error
in Ruby/OpenSSL and an actual verification failure returns false. AWS-LC
simply returns false for all cases.
4. OpenSSL allows invalid DH parameters to be parsed successfully and
invalidates it in a subsequent call to `params_ok?`. AWS-LC simply
disallows invalid parameters to be parsed.
5. AWS-LC does not support the serialization of custom/explicit curves.
Explicit curves are highly impractical to validate from a security
standpoint and have been the source of many CVEs. See the following
issues for more details on why explicit curves are discouraged.
    * openssl/openssl#9286
    * openssl/openssl#20119
6. AWS-LC does not support `BN::CONSTTIME`. See 0a211df for more
details.
7. AWS-LC does not support DHE ciphersuites in SSL connections. 5 tests
have been adjusted accordingly.
8. Changes in pkcs12 are pieces of ruby/ruby@63e9eaa in upstream Ruby.
This test was testing with the wrong number of parameters. AWS-LC does
not support the "old MSIE extension" mentioned in the commit.
9. Changes in `test/openssl/test_pkey_rsa.rb` are pieces of
ruby/ruby@2e5680d in upstream Ruby. It accounts for RSA operations
disallowed in FIPS mode in Ruby's RSA tests. The commit diff is a bit too
large to muddle with the changes in this PR. It's also fairly recent and not
directly applicable to Ruby 3.1's version of the file, so I've only taken
pieces that ensure we're not losing coverage.

Ruby 3.2 patch contents are nearly identical to the points mentioned
above. Only additional thing to note is AWS-LC does key checks while
parsing EC Keys and disallows invalid keys to be parsed. This is similar
to the DH params discrepancy described above in point 4.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Author: samuel40791765

.github/workflows/integrations.yml

@@ -257,3 +257,24 @@ jobs:
       - name: Run accp build
         run: |
           ./tests/ci/integration/run_accp_integration.sh
+  ruby-releases:
+    if: github.repository_owner == 'aws'
+    strategy:
+      fail-fast: false
+      matrix:
+        fips:
+          - "0"
+          - "1"
+    runs-on: ubuntu-latest
+    name: Ruby releases (FIPS=${{ matrix.fips}})
+    steps:
+      - name: Install OS Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make autoconf ruby libyaml-dev
+      - uses: actions/checkout@v3
+      - name: Build AWS-LC, build ruby, run tests
+        run: |
+          ./tests/ci/integration/run_ruby_integration.sh ruby_3_2 ruby_3_1
+        env:
+          FIPS: ${{ matrix.fips }}

tests/ci/common_posix_setup.sh

@@ -166,7 +166,6 @@ function aws_lc_build() {
   ${CMAKE_COMMAND} ${AWS_LC_DIR} -GNinja "-B${BUILD_FOLDER}" "-DCMAKE_INSTALL_PREFIX=${INSTALL_FOLDER}" "${@:4}"
   ${CMAKE_COMMAND} --build ${BUILD_FOLDER} -- install
   ls -R ${INSTALL_FOLDER}
-  rm -rf "${BUILD_FOLDER:?}"/*
 }
 
 function print_executable_information {