RubyGems - net-ssh - Versions diffs - 5.0.0.beta1 → 5.0.0.beta2 - Mend

net-ssh 5.0.0.beta1 → 5.0.0.beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.rubocop_todo.yml +98 -258
data/CHANGES.txt +8 -0
data/Gemfile +1 -3
data/Rakefile +37 -39
data/lib/net/ssh.rb +26 -25
data/lib/net/ssh/authentication/agent.rb +228 -225
data/lib/net/ssh/authentication/certificate.rb +166 -164
data/lib/net/ssh/authentication/constants.rb +17 -14
data/lib/net/ssh/authentication/ed25519.rb +107 -104
data/lib/net/ssh/authentication/ed25519_loader.rb +32 -28
data/lib/net/ssh/authentication/key_manager.rb +5 -3
data/lib/net/ssh/authentication/methods/abstract.rb +53 -47
data/lib/net/ssh/authentication/methods/hostbased.rb +32 -33
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +2 -4
data/lib/net/ssh/authentication/methods/none.rb +10 -10
data/lib/net/ssh/authentication/methods/password.rb +13 -13
data/lib/net/ssh/authentication/methods/publickey.rb +54 -55
data/lib/net/ssh/authentication/pageant.rb +468 -465
data/lib/net/ssh/authentication/pub_key_fingerprint.rb +44 -0
data/lib/net/ssh/authentication/session.rb +127 -123
data/lib/net/ssh/buffer.rb +305 -303
data/lib/net/ssh/buffered_io.rb +163 -162
data/lib/net/ssh/config.rb +230 -227
data/lib/net/ssh/connection/channel.rb +659 -654
data/lib/net/ssh/connection/constants.rb +30 -26
data/lib/net/ssh/connection/event_loop.rb +108 -104
data/lib/net/ssh/connection/keepalive.rb +54 -50
data/lib/net/ssh/connection/session.rb +677 -678
data/lib/net/ssh/connection/term.rb +180 -176
data/lib/net/ssh/errors.rb +101 -99
data/lib/net/ssh/key_factory.rb +108 -108
data/lib/net/ssh/known_hosts.rb +148 -154
data/lib/net/ssh/loggable.rb +56 -54
data/lib/net/ssh/packet.rb +82 -78
data/lib/net/ssh/prompt.rb +55 -53
data/lib/net/ssh/proxy/command.rb +103 -102
data/lib/net/ssh/proxy/errors.rb +12 -8
data/lib/net/ssh/proxy/http.rb +92 -91
data/lib/net/ssh/proxy/https.rb +42 -39
data/lib/net/ssh/proxy/jump.rb +50 -47
data/lib/net/ssh/proxy/socks4.rb +0 -2
data/lib/net/ssh/proxy/socks5.rb +11 -11
data/lib/net/ssh/ruby_compat.rb +1 -0
data/lib/net/ssh/service/forward.rb +364 -362
data/lib/net/ssh/test.rb +85 -83
data/lib/net/ssh/test/channel.rb +146 -142
data/lib/net/ssh/test/extensions.rb +148 -146
data/lib/net/ssh/test/kex.rb +35 -31
data/lib/net/ssh/test/local_packet.rb +48 -44
data/lib/net/ssh/test/packet.rb +87 -84
data/lib/net/ssh/test/remote_packet.rb +35 -31
data/lib/net/ssh/test/script.rb +173 -171
data/lib/net/ssh/test/socket.rb +59 -55
data/lib/net/ssh/transport/algorithms.rb +413 -412
data/lib/net/ssh/transport/cipher_factory.rb +108 -105
data/lib/net/ssh/transport/constants.rb +35 -31
data/lib/net/ssh/transport/ctr.rb +1 -1
data/lib/net/ssh/transport/hmac.rb +1 -1
data/lib/net/ssh/transport/hmac/abstract.rb +67 -64
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +1 -1
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +1 -1
data/lib/net/ssh/transport/identity_cipher.rb +55 -51
data/lib/net/ssh/transport/kex.rb +2 -4
data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +47 -40
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +201 -197
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +53 -56
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +94 -87
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +17 -10
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +17 -10
data/lib/net/ssh/transport/key_expander.rb +29 -25
data/lib/net/ssh/transport/openssl.rb +17 -30
data/lib/net/ssh/transport/packet_stream.rb +193 -192
data/lib/net/ssh/transport/server_version.rb +64 -66
data/lib/net/ssh/transport/session.rb +286 -284
data/lib/net/ssh/transport/state.rb +198 -196
data/lib/net/ssh/verifiers/lenient.rb +29 -25
data/lib/net/ssh/verifiers/null.rb +13 -9
data/lib/net/ssh/verifiers/secure.rb +45 -45
data/lib/net/ssh/verifiers/strict.rb +20 -16
data/lib/net/ssh/version.rb +55 -53
data/net-ssh.gemspec +4 -4
data/support/ssh_tunnel_bug.rb +2 -2
metadata +25 -24
metadata.gz.sig +0 -0

data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb CHANGED

@@ -17,66 +17,63 @@ module Net::SSH::Transport::Kex
     private
-      # Compute the number of bits needed for the given number of bytes.
-      def compute_need_bits
+    # Compute the number of bits needed for the given number of bytes.
+    def compute_need_bits
+      # for Compatibility: OpenSSH requires (need_bits * 2 + 1) length of parameter
+      need_bits = data[:need_bytes] * 8 * 2 + 1
-        # for Compatibility: OpenSSH requires (need_bits * 2 + 1) length of parameter
-        need_bits = data[:need_bytes] * 8 * 2 + 1
+      data[:minimum_dh_bits] ||= MINIMUM_BITS
-        data[:minimum_dh_bits] ||= MINIMUM_BITS
-        if need_bits < data[:minimum_dh_bits]
-          need_bits = data[:minimum_dh_bits]
-        elsif need_bits > MAXIMUM_BITS
-          need_bits = MAXIMUM_BITS
-        end
-        data[:need_bits ] = need_bits
-        data[:need_bytes] = need_bits / 8
+      if need_bits < data[:minimum_dh_bits]
+        need_bits = data[:minimum_dh_bits]
+      elsif need_bits > MAXIMUM_BITS
+        need_bits = MAXIMUM_BITS
       end
-      # Returns the DH key parameters for the given session.
-      def get_parameters
-        compute_need_bits
-        # request the DH key parameters for the given number of bits.
-        buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, data[:minimum_dh_bits],
-          :long, data[:need_bits], :long, MAXIMUM_BITS)
-        connection.send_message(buffer)
-        buffer = connection.next_message
-        unless buffer.type == KEXDH_GEX_GROUP
-          raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}"
-        end
-        p = buffer.read_bignum
-        g = buffer.read_bignum
-        [p, g]
-      end
-      # Returns the INIT/REPLY constants used by this algorithm.
-      def get_message_types
-        [KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
-      end
-      # Build the signature buffer to use when verifying a signature from
-      # the server.
-      def build_signature_buffer(result)
-        response = Net::SSH::Buffer.new
-        response.write_string data[:client_version_string],
-                              data[:server_version_string],
-                              data[:client_algorithm_packet],
-                              data[:server_algorithm_packet],
-                              result[:key_blob]
-        response.write_long MINIMUM_BITS,
-                            data[:need_bits],
-                            MAXIMUM_BITS
-        response.write_bignum dh.p, dh.g, dh.pub_key,
-                              result[:server_dh_pubkey],
-                              result[:shared_secret]
-        response
-      end
+      data[:need_bits] = need_bits
+      data[:need_bytes] = need_bits / 8
+    end
+    # Returns the DH key parameters for the given session.
+    def get_parameters
+      compute_need_bits
+      # request the DH key parameters for the given number of bits.
+      buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, data[:minimum_dh_bits],
+        :long, data[:need_bits], :long, MAXIMUM_BITS)
+      connection.send_message(buffer)
+      buffer = connection.next_message
+      raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}" unless buffer.type == KEXDH_GEX_GROUP
+      p = buffer.read_bignum
+      g = buffer.read_bignum
+      [p, g]
+    end
+    # Returns the INIT/REPLY constants used by this algorithm.
+    def get_message_types
+      [KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
+    end
+    # Build the signature buffer to use when verifying a signature from
+    # the server.
+    def build_signature_buffer(result)
+      response = Net::SSH::Buffer.new
+      response.write_string data[:client_version_string],
+                            data[:server_version_string],
+                            data[:client_algorithm_packet],
+                            data[:server_algorithm_packet],
+                            result[:key_blob]
+      response.write_long MINIMUM_BITS,
+                          data[:need_bits],
+                          MAXIMUM_BITS
+      response.write_bignum dh.p, dh.g, dh.pub_key,
+                            result[:server_dh_pubkey],
+                            result[:shared_secret]
+      response
+    end
   end
 end

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb CHANGED

@@ -1,93 +1,100 @@
 require 'net/ssh/transport/constants'
 require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
-module Net; module SSH; module Transport; module Kex
-  # A key-exchange service implementing the "ecdh-sha2-nistp256"
-  # key-exchange algorithm. (defined in RFC 5656)
-  class EcdhSHA2NistP256 < DiffieHellmanGroup1SHA1
-    include Constants, Loggable
-    attr_reader :ecdh
-    def digester
-      OpenSSL::Digest::SHA256
-    end
-    def curve_name
-      OpenSSL::PKey::EC::CurveNameAlias['nistp256']
-    end
-    def initialize(algorithms, connection, data)
-      @algorithms = algorithms
-      @connection = connection
-      @digester = digester
-      @data = data.dup
-      @ecdh = generate_key
-      @logger = @data.delete(:logger)
-    end
-    private
-    def get_message_types
-      [KEXECDH_INIT, KEXECDH_REPLY]
-    end
-    def build_signature_buffer(result)
-      response = Net::SSH::Buffer.new
-      response.write_string data[:client_version_string],
-                            data[:server_version_string],
-                            data[:client_algorithm_packet],
-                            data[:server_algorithm_packet],
-                            result[:key_blob],
-                            ecdh.public_key.to_bn.to_s(2),
-                            result[:server_ecdh_pubkey]
-      response.write_bignum result[:shared_secret]
-      response
-    end
-    def generate_key #:nodoc:
-      OpenSSL::PKey::EC.new(curve_name).generate_key
-    end
-    def send_kexinit #:nodoc:
-      init, reply = get_message_types
-      # send the KEXECDH_INIT message
-      ## byte     SSH_MSG_KEX_ECDH_INIT
-      ## string   Q_C, client's ephemeral public key octet string
-      buffer = Net::SSH::Buffer.from(:byte, init, :mstring, ecdh.public_key.to_bn.to_s(2))
-      connection.send_message(buffer)
-      # expect the following KEXECDH_REPLY message
-      ## byte     SSH_MSG_KEX_ECDH_REPLY
-      ## string   K_S, server's public host key
-      ## string   Q_S, server's ephemeral public key octet string
-      ## string   the signature on the exchange hash
-      buffer = connection.next_message
-      raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
-      result = Hash.new
-      result[:key_blob] = buffer.read_string
-      result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
-      result[:server_ecdh_pubkey] = buffer.read_string
-      # compute shared secret from server's public key and client's private key
-      pk = OpenSSL::PKey::EC::Point.new(OpenSSL::PKey::EC.new(curve_name).group,
-                                        OpenSSL::BN.new(result[:server_ecdh_pubkey], 2))
-      result[:shared_secret] = OpenSSL::BN.new(ecdh.dh_compute_key(pk), 2)
-      sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
-      sig_type = sig_buffer.read_string
-      if sig_type != algorithms.host_key
-        raise Net::SSH::Exception,
-        "host key algorithm mismatch for signature " +
-          "'#{sig_type}' != '#{algorithms.host_key}'"
+module Net
+  module SSH
+    module Transport
+      module Kex
+        # A key-exchange service implementing the "ecdh-sha2-nistp256"
+        # key-exchange algorithm. (defined in RFC 5656)
+        class EcdhSHA2NistP256 < DiffieHellmanGroup1SHA1
+          include Loggable
+          include Constants
+          attr_reader :ecdh
+          def digester
+            OpenSSL::Digest::SHA256
+          end
+          def curve_name
+            OpenSSL::PKey::EC::CurveNameAlias['nistp256']
+          end
+          def initialize(algorithms, connection, data)
+            @algorithms = algorithms
+            @connection = connection
+            @digester = digester
+            @data = data.dup
+            @ecdh = generate_key
+            @logger = @data.delete(:logger)
+          end
+          private
+          def get_message_types
+            [KEXECDH_INIT, KEXECDH_REPLY]
+          end
+          def build_signature_buffer(result)
+            response = Net::SSH::Buffer.new
+            response.write_string data[:client_version_string],
+                                  data[:server_version_string],
+                                  data[:client_algorithm_packet],
+                                  data[:server_algorithm_packet],
+                                  result[:key_blob],
+                                  ecdh.public_key.to_bn.to_s(2),
+                                  result[:server_ecdh_pubkey]
+            response.write_bignum result[:shared_secret]
+            response
+          end
+          def generate_key #:nodoc:
+            OpenSSL::PKey::EC.new(curve_name).generate_key
+          end
+          def send_kexinit #:nodoc:
+            init, reply = get_message_types
+            # send the KEXECDH_INIT message
+            ## byte     SSH_MSG_KEX_ECDH_INIT
+            ## string   Q_C, client's ephemeral public key octet string
+            buffer = Net::SSH::Buffer.from(:byte, init, :mstring, ecdh.public_key.to_bn.to_s(2))
+            connection.send_message(buffer)
+            # expect the following KEXECDH_REPLY message
+            ## byte     SSH_MSG_KEX_ECDH_REPLY
+            ## string   K_S, server's public host key
+            ## string   Q_S, server's ephemeral public key octet string
+            ## string   the signature on the exchange hash
+            buffer = connection.next_message
+            raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
+            result = Hash.new
+            result[:key_blob] = buffer.read_string
+            result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
+            result[:server_ecdh_pubkey] = buffer.read_string
+            # compute shared secret from server's public key and client's private key
+            pk = OpenSSL::PKey::EC::Point.new(OpenSSL::PKey::EC.new(curve_name).group,
+                                              OpenSSL::BN.new(result[:server_ecdh_pubkey], 2))
+            result[:shared_secret] = OpenSSL::BN.new(ecdh.dh_compute_key(pk), 2)
+            sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
+            sig_type = sig_buffer.read_string
+            if sig_type != algorithms.host_key
+              raise Net::SSH::Exception,
+              "host key algorithm mismatch for signature " +
+                "'#{sig_type}' != '#{algorithms.host_key}'"
+            end
+            result[:server_sig] = sig_buffer.read_string
+            return result
+          end
+        end
       end
-      result[:server_sig] = sig_buffer.read_string
-      return result
     end
   end
-end; end; end; end
+end

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb CHANGED

@@ -1,13 +1,20 @@
-module Net; module SSH; module Transport; module Kex
+module Net
+  module SSH
+    module Transport
+      module Kex
-  # A key-exchange service implementing the "ecdh-sha2-nistp256"
-  # key-exchange algorithm. (defined in RFC 5656)
-  class EcdhSHA2NistP384 < EcdhSHA2NistP256
-    def digester
-      OpenSSL::Digest::SHA384
-    end
-    def curve_name
-      OpenSSL::PKey::EC::CurveNameAlias['nistp384']
+        # A key-exchange service implementing the "ecdh-sha2-nistp256"
+        # key-exchange algorithm. (defined in RFC 5656)
+        class EcdhSHA2NistP384 < EcdhSHA2NistP256
+          def digester
+            OpenSSL::Digest::SHA384
+          end
+          def curve_name
+            OpenSSL::PKey::EC::CurveNameAlias['nistp384']
+          end
+        end
+      end
     end
   end
-end; end; end; end
+end

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb CHANGED

@@ -1,13 +1,20 @@
-module Net; module SSH; module Transport; module Kex
+module Net
+  module SSH
+    module Transport
+      module Kex
-  # A key-exchange service implementing the "ecdh-sha2-nistp521"
-  # key-exchange algorithm. (defined in RFC 5656)
-  class EcdhSHA2NistP521 < EcdhSHA2NistP256
-    def digester
-      OpenSSL::Digest::SHA512
-    end
-    def curve_name
-      OpenSSL::PKey::EC::CurveNameAlias['nistp521']
+        # A key-exchange service implementing the "ecdh-sha2-nistp521"
+        # key-exchange algorithm. (defined in RFC 5656)
+        class EcdhSHA2NistP521 < EcdhSHA2NistP256
+          def digester
+            OpenSSL::Digest::SHA512
+          end
+          def curve_name
+            OpenSSL::PKey::EC::CurveNameAlias['nistp521']
+          end
+        end
+      end
     end
   end
-end; end; end; end
+end

data/lib/net/ssh/transport/key_expander.rb CHANGED

@@ -1,27 +1,31 @@
-module Net; module SSH; module Transport
-  module KeyExpander
-  # Generate a key value in accordance with the SSH2 specification.
-  # (RFC4253 7.2. "Output from Key Exchange")
-  def self.expand_key(bytes, start, options={})
-    if bytes == 0
-      return ""
+module Net
+  module SSH
+    module Transport
+      module KeyExpander
+        # Generate a key value in accordance with the SSH2 specification.
+        # (RFC4253 7.2. "Output from Key Exchange")
+        def self.expand_key(bytes, start, options={})
+          if bytes == 0
+            return ""
+          end
+          k = start[0, bytes]
+          return k if k.length >= bytes
+          digester = options[:digester] or raise 'No digester supplied'
+          shared   = options[:shared] or raise 'No shared secret supplied'
+          hash     = options[:hash] or raise 'No hash supplied'
+          while k.length < bytes
+            step = digester.digest(shared + hash + k)
+            bytes_needed = bytes - k.length
+            k << step[0, bytes_needed]
+          end
+          return k
+        end
+      end
     end
-    k = start[0, bytes]
-    return k if k.length >= bytes
-    digester = options[:digester] or raise 'No digester supplied'
-    shared   = options[:shared] or raise 'No shared secret supplied'
-    hash     = options[:hash] or raise 'No hash supplied'
-    while k.length < bytes
-      step = digester.digest(shared + hash + k)
-      bytes_needed = bytes - k.length
-      k << step[0, bytes_needed]
-    end
-    return k
-  end
   end
-end; end; end
+end

data/lib/net/ssh/transport/openssl.rb CHANGED

@@ -1,5 +1,5 @@
-# -*- coding: utf-8 -*-
 require 'openssl'
+require 'net/ssh/authentication/pub_key_fingerprint'
 module OpenSSL
@@ -7,7 +7,6 @@ module OpenSSL
   # have been added to it by the Net::SSH module for convenience in dealing with
   # SSH functionality.
   class BN
     # Converts a BN object to a string. The format used is that which is
     # required by the SSH2 protocol.
     def to_ssh
@@ -16,44 +15,38 @@ module OpenSSL
       else
         buf = to_s(2)
         if buf.getbyte(0)[7] == 1
-          return [buf.length+1, 0, buf].pack("NCA*")
+          return [buf.length + 1, 0, buf].pack("NCA*")
         else
           return [buf.length, buf].pack("NA*")
         end
       end
     end
   end
   module PKey
     class PKey
-      def fingerprint
-        @fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
-      end
+      include Net::SSH::Authentication::PubKeyFingerprint
     end
     # This class is originally defined in the OpenSSL module. As needed, methods
     # have been added to it by the Net::SSH module for convenience in dealing
     # with SSH functionality.
     class DH
       # Determines whether the pub_key for this key is valid. (This algorithm
       # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
       def valid?
         return false if pub_key.nil? || pub_key < 0
         bits_set = 0
         pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
-        return ( bits_set > 1 && pub_key < p )
+        return (bits_set > 1 && pub_key < p)
       end
     end
     # This class is originally defined in the OpenSSL module. As needed, methods
     # have been added to it by the Net::SSH module for convenience in dealing
     # with SSH functionality.
     class RSA
       # Returns "ssh-rsa", which is the description of this key type used by the
       # SSH2 protocol.
       def ssh_type
@@ -84,7 +77,6 @@ module OpenSSL
     # have been added to it by the Net::SSH module for convenience in dealing
     # with SSH functionality.
     class DSA
       # Returns "ssh-dss", which is the description of this key type used by the
       # SSH2 protocol.
       def ssh_type
@@ -114,18 +106,16 @@ module OpenSSL
       # Signs the given data.
       def ssh_do_sign(data)
-        sig = sign( OpenSSL::Digest::SHA1.new, data)
-        a1sig = OpenSSL::ASN1.decode( sig )
+        sig = sign(OpenSSL::Digest::SHA1.new, data)
+        a1sig = OpenSSL::ASN1.decode(sig)
         sig_r = a1sig.value[0].value.to_s(2)
         sig_s = a1sig.value[1].value.to_s(2)
-        if sig_r.length > 20 || sig_s.length > 20
-          raise OpenSSL::PKey::DSAError, "bad sig size"
-        end
+        raise OpenSSL::PKey::DSAError, "bad sig size" if sig_r.length > 20 || sig_s.length > 20
-        sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
-        sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
+        sig_r = "\0" * (20 - sig_r.length) + sig_r if sig_r.length < 20
+        sig_s = "\0" * (20 - sig_s.length) + sig_s if sig_s.length < 20
         return sig_r + sig_s
       end
@@ -139,20 +129,18 @@ module OpenSSL
         CurveNameAlias = {
           "nistp256" => "prime256v1",
           "nistp384" => "secp384r1",
-          "nistp521" => "secp521r1",
+          "nistp521" => "secp521r1"
         }
         CurveNameAliasInv = {
           "prime256v1" => "nistp256",
           "secp384r1" => "nistp384",
-          "secp521r1" => "nistp521",
+          "secp521r1" => "nistp521"
         }
         def self.read_keyblob(curve_name_in_type, buffer)
           curve_name_in_key = buffer.read_string
-          unless curve_name_in_type == curve_name_in_key
-            raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
-          end
+          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')" unless curve_name_in_type == curve_name_in_key
           public_key_oct = buffer.read_string
           begin
             key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
@@ -164,7 +152,6 @@ module OpenSSL
           rescue OpenSSL::PKey::ECError
             raise NotImplementedError, "unsupported key type `#{type}'"
           end
         end
         # Returns the description of this key type used by the
@@ -208,16 +195,16 @@ module OpenSSL
           begin
             sig_r_len = sig[0,4].unpack("H*")[0].to_i(16)
-            sig_l_len = sig[4+sig_r_len,4].unpack("H*")[0].to_i(16)
+            sig_l_len = sig[4 + sig_r_len,4].unpack("H*")[0].to_i(16)
             sig_r = sig[4,sig_r_len].unpack("H*")[0]
-            sig_s = sig[4+sig_r_len+4,sig_l_len].unpack("H*")[0]
+            sig_s = sig[4 + sig_r_len + 4,sig_l_len].unpack("H*")[0]
             a1sig = OpenSSL::ASN1::Sequence([
               OpenSSL::ASN1::Integer(sig_r.to_i(16)),
-              OpenSSL::ASN1::Integer(sig_s.to_i(16)),
+              OpenSSL::ASN1::Integer(sig_s.to_i(16))
             ])
-          rescue
+          rescue StandardError
           end
           if a1sig == nil
@@ -231,7 +218,7 @@ module OpenSSL
         def ssh_do_sign(data)
           digest = digester.digest(data)
           sig = dsa_sign_asn1(digest)
-          a1sig = OpenSSL::ASN1.decode( sig )
+          a1sig = OpenSSL::ASN1.decode(sig)
           sig_r = a1sig.value[0].value
           sig_s = a1sig.value[1].value