net-ssh 6.3.0.beta1 → 7.0.0.beta1

data/lib/net/ssh/test/extensions.rb

@@ -38,7 +38,7 @@ module Net
         module PacketStream
           include BufferedIo # make sure we get the extensions here, too
 
-          def self.included(base) #:nodoc:
+          def self.included(base) # :nodoc:
             base.send :alias_method, :real_available_for_read?, :available_for_read?
             base.send :alias_method, :available_for_read?, :test_available_for_read?
 
@@ -93,7 +93,7 @@ module Net
 
         # An extension to Net::SSH::Connection::Channel. Facilitates unit testing.
         module Channel
-          def self.included(base) #:nodoc:
+          def self.included(base) # :nodoc:
             base.send :alias_method, :send_data_for_real, :send_data
             base.send :alias_method, :send_data, :send_data_for_test
           end
@@ -111,7 +111,7 @@ module Net
         # An extension to the built-in ::IO class. Simply redefines IO.select
         # so that it can be scripted in Net::SSH unit tests.
         module IO
-          def self.included(base) #:nodoc:
+          def self.included(base) # :nodoc:
             base.extend(ClassMethods)
           end
 
@@ -132,8 +132,8 @@ module Net
           end
 
           module ClassMethods
-            def self.extended(obj) #:nodoc:
-              class <<obj
+            def self.extended(obj) # :nodoc:
+              class << obj
                 alias_method :select_for_real, :select
                 alias_method :select, :select_for_test
               end
@@ -142,7 +142,7 @@ module Net
             # The testing version of ::IO.select. Assumes that all readers,
             # writers, and errors arrays are either nil, or contain only objects
             # that mix in Net::SSH::Test::Extensions::BufferedIo.
-            def select_for_test(readers=nil, writers=nil, errors=nil, wait=nil)
+            def select_for_test(readers = nil, writers = nil, errors = nil, wait = nil)
               return select_for_real(readers, writers, errors, wait) unless Net::SSH::Test::Extensions::IO.extension_enabled?
 
               ready_readers = Array(readers).select { |r| r.select_for_read? }

data/lib/net/ssh/test/packet.rb

@@ -82,7 +82,7 @@ module Net
                      when CHANNEL_REQUEST
                        parts = %i[long string bool]
                        case @data[1]
-                       when "exec", "subsystem","shell" then parts << :string
+                       when "exec", "subsystem", "shell" then parts << :string
                        when "exit-status" then parts << :long
                        when "pty-req" then parts.concat(%i[string long long long long string])
                        when "env" then parts.contact(%i[string string])

data/lib/net/ssh/test/script.rb

@@ -33,7 +33,7 @@ module Net
         #
         # A new Net::SSH::Test::Channel instance is returned, which can be used
         # to script additional channel operations.
-        def opens_channel(confirm=true)
+        def opens_channel(confirm = true)
           channel = Channel.new(self)
           channel.remote_id = 5555
 
@@ -70,7 +70,7 @@ module Net
         #
         # This will typically be called via Net::SSH::Test::Channel#sends_exec or
         # Net::SSH::Test::Channel#sends_subsystem.
-        def sends_channel_request(channel, request, reply, data, success=true)
+        def sends_channel_request(channel, request, reply, data, success = true)
           if data.is_a? Array
             events << LocalPacket.new(:channel_request, channel.remote_id, request, reply, *data)
           else
@@ -163,7 +163,7 @@ module Net
         #
         #   # peek at the next event
         #   event = script.next(:first)
-        def next(mode=:shift)
+        def next(mode = :shift)
           events.send(mode)
         end
 

data/lib/net/ssh/test/socket.rb

@@ -40,7 +40,7 @@ module Net
 
         # Allows the socket to also mimic a socket factory, simply returning
         # +self+.
-        def open(host, port, options={})
+        def open(host, port, options = {})
           @host, @port = host, port
           self
         end

data/lib/net/ssh/test.rb

@@ -56,21 +56,21 @@ module Net
 
       # Returns the test socket instance to use for these tests (see
       # Net::SSH::Test::Socket).
-      def socket(options={})
+      def socket(options = {})
         @socket ||= Net::SSH::Test::Socket.new
       end
 
       # Returns the connection session (Net::SSH::Connection::Session) for use
       # in these tests. It is a fully functional SSH session, operating over
       # a mock socket (#socket).
-      def connection(options={})
+      def connection(options = {})
         @connection ||= Net::SSH::Connection::Session.new(transport(options), options)
       end
 
       # Returns the transport session (Net::SSH::Transport::Session) for use
       # in these tests. It is a fully functional SSH transport session, operating
       # over a mock socket (#socket).
-      def transport(options={})
+      def transport(options = {})
         @transport ||= Net::SSH::Transport::Session.new(
           options[:host] || "localhost",
           options.merge(kex: "test", host_key: "ssh-rsa", append_all_supported_algorithms: true, verify_host_key: :never, proxy: socket(options))

data/lib/net/ssh/transport/algorithms.rb

@@ -146,7 +146,7 @@ module Net
 
         # Instantiates a new Algorithms object, and prepares the hash of preferred
         # algorithms based on the options parameter and the ALGORITHMS constant.
-        def initialize(session, options={})
+        def initialize(session, options = {})
           @session = session
           @logger = session.logger
           @options = options
@@ -369,10 +369,10 @@ module Net
           language    = algorithms[:language].join(",")
 
           Net::SSH::Buffer.from(:byte, KEXINIT,
-            :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
-            :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
-            :mstring, [compression, compression, language, language],
-            :bool, false, :long, 0)
+                                :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
+                                :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
+                                :mstring, [compression, compression, language, language],
+                                :bool, false, :long, 0)
         end
 
         # Given the parsed server KEX packet, and the client's preferred algorithm
@@ -438,13 +438,13 @@ module Net
           debug { "exchanging keys" }
 
           algorithm = Kex::MAP[kex].new(self, session,
-            client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
-            server_version_string: session.server_version.version,
-            server_algorithm_packet: @server_packet,
-            client_algorithm_packet: @client_packet,
-            need_bytes: kex_byte_requirement,
-            minimum_dh_bits: options[:minimum_dh_bits],
-            logger: logger)
+                                        client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
+                                        server_version_string: session.server_version.version,
+                                        server_algorithm_packet: @server_packet,
+                                        client_algorithm_packet: @client_packet,
+                                        need_bytes: kex_byte_requirement,
+                                        minimum_dh_bits: options[:minimum_dh_bits],
+                                        logger: logger)
           result = algorithm.exchange_keys
 
           secret   = result[:shared_secret].to_ssh

data/lib/net/ssh/transport/cipher_factory.rb

@@ -10,23 +10,23 @@ module Net
       class CipherFactory
         # Maps the SSH name of a cipher to it's corresponding OpenSSL name
         SSH_TO_OSSL = {
-          "3des-cbc"                    => "des-ede3-cbc",
-          "blowfish-cbc"                => "bf-cbc",
-          "aes256-cbc"                  => "aes-256-cbc",
-          "aes192-cbc"                  => "aes-192-cbc",
-          "aes128-cbc"                  => "aes-128-cbc",
-          "idea-cbc"                    => "idea-cbc",
-          "cast128-cbc"                 => "cast-cbc",
+          "3des-cbc" => "des-ede3-cbc",
+          "blowfish-cbc" => "bf-cbc",
+          "aes256-cbc" => "aes-256-cbc",
+          "aes192-cbc" => "aes-192-cbc",
+          "aes128-cbc" => "aes-128-cbc",
+          "idea-cbc" => "idea-cbc",
+          "cast128-cbc" => "cast-cbc",
           "rijndael-cbc@lysator.liu.se" => "aes-256-cbc",
-          "3des-ctr"                    => "des-ede3",
-          "blowfish-ctr"                => "bf-ecb",
+          "3des-ctr" => "des-ede3",
+          "blowfish-ctr" => "bf-ecb",
 
-          "aes256-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-256-ctr") ? "aes-256-ctr" : "aes-256-ecb",
-          "aes192-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-192-ctr") ? "aes-192-ctr" : "aes-192-ecb",
-          "aes128-ctr"                  => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",
-          'cast128-ctr'                 => 'cast5-ecb',
+          "aes256-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-256-ctr") ? "aes-256-ctr" : "aes-256-ecb",
+          "aes192-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-192-ctr") ? "aes-192-ctr" : "aes-192-ecb",
+          "aes128-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",
+          'cast128-ctr' => 'cast5-ecb',
 
-          'none'                        => 'none'
+          'none' => 'none'
         }
 
         # Returns true if the underlying OpenSSL library supports the given cipher,
@@ -43,7 +43,7 @@ module Net
         # iv, key, shared, hash and digester values. Additionally, the
         # cipher will be put into encryption or decryption mode, based on the
         # value of the +encrypt+ parameter.
-        def self.get(name, options={})
+        def self.get(name, options = {})
           ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
           return IdentityCipher if ossl_name == "none"
 

data/lib/net/ssh/transport/ctr.rb

@@ -2,7 +2,7 @@ require 'openssl'
 require 'delegate'
 
 module Net::SSH::Transport
-  #:nodoc:
+  # :nodoc:
   class OpenSSLAESCTR < SimpleDelegator
     def initialize(original)
       super
@@ -26,7 +26,7 @@ module Net::SSH::Transport
     end
   end
 
-  #:nodoc:
+  # :nodoc:
   # Pure-Ruby implementation of Stateful Decryption Counter(SDCTR) Mode
   # for Block Ciphers. See RFC4344 for detail.
   module CTR
@@ -95,7 +95,7 @@ module Net::SSH::Transport
 
         def xor!(s1, s2)
           s = []
-          s1.unpack('Q*').zip(s2.unpack('Q*')) {|a,b| s.push(a ^ b) }
+          s1.unpack('Q*').zip(s2.unpack('Q*')) {|a, b| s.push(a ^ b) }
           s.pack('Q*')
         end
         singleton_class.send(:private, :xor!)

data/lib/net/ssh/transport/hmac/abstract.rb

@@ -7,7 +7,7 @@ module Net
       module HMAC
         # The base class of all OpenSSL-based HMAC algorithm wrappers.
         class Abstract
-          class <<self
+          class << self
             def etm(*v)
               @etm = false if !defined?(@etm)
               if v.empty?
@@ -76,19 +76,19 @@ module Net
           # The key in use for this instance.
           attr_reader :key
 
-          def initialize(key=nil)
+          def initialize(key = nil)
             self.key = key
           end
 
           # Sets the key to the given value, truncating it so that it is the correct
           # length.
           def key=(value)
-            @key = value ? value.to_s[0,key_length] : nil
+            @key = value ? value.to_s[0, key_length] : nil
           end
 
           # Compute the HMAC digest for the given data string.
           def digest(data)
-            OpenSSL::HMAC.digest(digest_class.new, key, data)[0,mac_length]
+            OpenSSL::HMAC.digest(digest_class.new, key, data)[0, mac_length]
           end
         end
       end

data/lib/net/ssh/transport/hmac.rb

@@ -17,24 +17,24 @@ require 'net/ssh/transport/hmac/none'
 module Net::SSH::Transport::HMAC
   # The mapping of SSH hmac algorithms to their implementations
   MAP = {
-    'hmac-md5'                      => MD5,
-    'hmac-md5-96'                   => MD5_96,
-    'hmac-sha1'                     => SHA1,
-    'hmac-sha1-96'                  => SHA1_96,
-    'hmac-sha2-256'                 => SHA2_256,
-    'hmac-sha2-256-96'              => SHA2_256_96,
-    'hmac-sha2-512'                 => SHA2_512,
-    'hmac-sha2-512-96'              => SHA2_512_96,
+    'hmac-md5' => MD5,
+    'hmac-md5-96' => MD5_96,
+    'hmac-sha1' => SHA1,
+    'hmac-sha1-96' => SHA1_96,
+    'hmac-sha2-256' => SHA2_256,
+    'hmac-sha2-256-96' => SHA2_256_96,
+    'hmac-sha2-512' => SHA2_512,
+    'hmac-sha2-512-96' => SHA2_512_96,
     'hmac-sha2-256-etm@openssh.com' => SHA2_256_Etm,
     'hmac-sha2-512-etm@openssh.com' => SHA2_512_Etm,
-    'hmac-ripemd160'                => RIPEMD160,
-    'hmac-ripemd160@openssh.com'    => RIPEMD160,
-    'none'                          => None
+    'hmac-ripemd160' => RIPEMD160,
+    'hmac-ripemd160@openssh.com' => RIPEMD160,
+    'none' => None
   }
 
   # Retrieves a new hmac instance of the given SSH type (+name+). If +key+ is
   # given, the new instance will be initialized with that key.
-  def self.get(name, key="", parameters = {})
+  def self.get(name, key = "", parameters = {})
     impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
     impl.new(Net::SSH::Transport::KeyExpander.expand_key(impl.key_length, key, parameters))
   end

data/lib/net/ssh/transport/identity_cipher.rb

@@ -5,7 +5,7 @@ module Net
       # keeps things in the code nice and clean when a cipher has not yet been
       # determined (i.e., during key exchange).
       class IdentityCipher
-        class <<self
+        class << self
           # A default block size of 8 is required by the SSH2 protocol.
           def block_size
             8

data/lib/net/ssh/transport/kex/abstract.rb

@@ -72,7 +72,7 @@ module Net
           # Verify that the given key is of the expected type, and that it
           # really is the key for the session's host. Raise Net::SSH::Exception
           # if it is not.
-          def verify_server_key(key) #:nodoc:
+          def verify_server_key(key) # :nodoc:
             unless matching?(key.ssh_type, algorithms.host_key)
               raise Net::SSH::Exception, "host key algorithm mismatch '#{key.ssh_type}' != '#{algorithms.host_key}'"
             end
@@ -97,7 +97,7 @@ module Net
           # Verify the signature that was received. Raise Net::SSH::Exception
           # if the signature could not be verified. Otherwise, return the new
           # session-id.
-          def verify_signature(result) #:nodoc:
+          def verify_signature(result) # :nodoc:
             response = build_signature_buffer(result)
 
             hash = digester.digest(response.to_s)
@@ -113,7 +113,7 @@ module Net
 
           # Send the NEWKEYS message, and expect the NEWKEYS message in
           # reply.
-          def confirm_newkeys #:nodoc:
+          def confirm_newkeys # :nodoc:
             # send own NEWKEYS message first (the wodSSHServer won't send first)
             response = Net::SSH::Buffer.new
             response.write_byte(NEWKEYS)

data/lib/net/ssh/transport/kex/abstract5656.rb

@@ -32,7 +32,7 @@ module Net
             response
           end
 
-          def send_kexinit #:nodoc:
+          def send_kexinit # :nodoc:
             init, reply = get_message_types
 
             # send the KEXECDH_INIT message

data/lib/net/ssh/transport/kex/curve25519_sha256.rb

@@ -18,7 +18,7 @@ module Net
 
           private
 
-          def generate_key #:nodoc:
+          def generate_key # :nodoc:
             ::X25519::Scalar.generate
           end
 

data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb

@@ -59,26 +59,26 @@ module Net
 
           # Generate a DH key with a private key consisting of the given
           # number of bytes.
-          def generate_key #:nodoc:
-            dh = OpenSSL::PKey::DH.new
-
-            if dh.respond_to?(:set_pqg)
-              p, g = get_parameters
-              dh.set_pqg(p, nil, g)
+          def generate_key # :nodoc:
+            p, g = get_parameters
+
+            asn1 = OpenSSL::ASN1::Sequence(
+              [
+                OpenSSL::ASN1::Integer(p),
+                OpenSSL::ASN1::Integer(g)
+              ]
+            )
+
+            dh_params = OpenSSL::PKey::DH.new(asn1.to_der)
+            # XXX No private key size check! In theory the latter call should work but fails on OpenSSL 3.0 as
+            # dh_paramgen_subprime_len is now reserved for DHX algorithm
+            # key = OpenSSL::PKey.generate_key(dh_params, "dh_paramgen_subprime_len" => data[:need_bytes]/8)
+            if OpenSSL::PKey.respond_to?(:generate_key)
+              OpenSSL::PKey.generate_key(dh_params)
             else
-              dh.p, dh.g = get_parameters
-            end
-
-            dh.generate_key!
-            until dh.valid? && dh.priv_key.num_bytes == data[:need_bytes]
-              if dh.respond_to?(:set_key)
-                dh.set_key(nil, OpenSSL::BN.rand(data[:need_bytes] * 8))
-              else
-                dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
-              end
-              dh.generate_key!
+              dh_params.generate_key!
+              dh_params
             end
-            dh
           end
 
           # Send the KEXDH_INIT message, and expect the KEXDH_REPLY. Return the
@@ -86,7 +86,7 @@ module Net
           #
           # Parse the buffer from a KEXDH_REPLY message, returning a hash of
           # the extracted values.
-          def send_kexinit #:nodoc:
+          def send_kexinit # :nodoc:
             init, reply = get_message_types
 
             # send the KEXDH_INIT message
@@ -108,8 +108,8 @@ module Net
             sig_type = sig_buffer.read_string
             if sig_type != algorithms.host_key_format
               raise Net::SSH::Exception,
-                "host key algorithm mismatch for signature " +
-                "'#{sig_type}' != '#{algorithms.host_key_format}'"
+                    "host key algorithm mismatch for signature " +
+                    "'#{sig_type}' != '#{algorithms.host_key_format}'"
             end
             result[:server_sig] = sig_buffer.read_string
 

data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb

@@ -34,7 +34,7 @@ module Net::SSH::Transport::Kex
 
       # request the DH key parameters for the given number of bits.
       buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, data[:minimum_dh_bits],
-        :long, data[:need_bits], :long, MAXIMUM_BITS)
+                                     :long, data[:need_bits], :long, MAXIMUM_BITS)
       connection.send_message(buffer)
 
       buffer = connection.next_message

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb

@@ -17,8 +17,8 @@ module Net
 
           private
 
-          def generate_key #:nodoc:
-            OpenSSL::PKey::EC.new(curve_name).generate_key
+          def generate_key # :nodoc:
+            OpenSSL::PKey::EC.generate(curve_name)
           end
 
           # compute shared secret from server's public key and client's private key

data/lib/net/ssh/transport/kex.rb

@@ -13,14 +13,14 @@ module Net::SSH::Transport
     # Maps the supported key-exchange algorithms as named by the SSH protocol
     # to their corresponding implementors.
     MAP = {
-      'diffie-hellman-group1-sha1'           => DiffieHellmanGroup1SHA1,
-      'diffie-hellman-group14-sha1'          => DiffieHellmanGroup14SHA1,
-      'diffie-hellman-group14-sha256'        => DiffieHellmanGroup14SHA256,
-      'diffie-hellman-group-exchange-sha1'   => DiffieHellmanGroupExchangeSHA1,
+      'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1,
+      'diffie-hellman-group14-sha1' => DiffieHellmanGroup14SHA1,
+      'diffie-hellman-group14-sha256' => DiffieHellmanGroup14SHA256,
+      'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1,
       'diffie-hellman-group-exchange-sha256' => DiffieHellmanGroupExchangeSHA256,
-      'ecdh-sha2-nistp256'                   => EcdhSHA2NistP256,
-      'ecdh-sha2-nistp384'                   => EcdhSHA2NistP384,
-      'ecdh-sha2-nistp521'                   => EcdhSHA2NistP521
+      'ecdh-sha2-nistp256' => EcdhSHA2NistP256,
+      'ecdh-sha2-nistp384' => EcdhSHA2NistP384,
+      'ecdh-sha2-nistp521' => EcdhSHA2NistP521
     }
 
     if Net::SSH::Transport::Kex::Curve25519Sha256Loader::LOADED

data/lib/net/ssh/transport/key_expander.rb

@@ -4,7 +4,7 @@ module Net
       module KeyExpander
         # Generate a key value in accordance with the SSH2 specification.
         # (RFC4253 7.2. "Output from Key Exchange")
-        def self.expand_key(bytes, start, options={})
+        def self.expand_key(bytes, start, options = {})
           if bytes == 0
             return ""
           end

data/lib/net/ssh/transport/openssl.rb

@@ -74,8 +74,16 @@ module OpenSSL
       end
 
       # Returns the signature for the given data.
-      def ssh_do_sign(data)
-        sign(OpenSSL::Digest::SHA1.new, data)
+      def ssh_do_sign(data, sig_alg = nil)
+        digester =
+          if sig_alg == "rsa-sha2-512"
+            OpenSSL::Digest::SHA512.new
+          elsif sig_alg == "rsa-sha2-256"
+            OpenSSL::Digest::SHA256.new
+          else
+            OpenSSL::Digest::SHA1.new
+          end
+        sign(digester, data)
       end
     end
 
@@ -94,13 +102,13 @@ module OpenSSL
       # Converts the key to a blob, according to the SSH2 protocol.
       def to_blob
         @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-          :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
+                                        :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
       end
 
       # Verifies the given signature matches the given data.
       def ssh_do_verify(sig, data, options = {})
-        sig_r = sig[0,20].unpack("H*")[0].to_i(16)
-        sig_s = sig[20,20].unpack("H*")[0].to_i(16)
+        sig_r = sig[0, 20].unpack("H*")[0].to_i(16)
+        sig_s = sig[20, 20].unpack("H*")[0].to_i(16)
         a1sig = OpenSSL::ASN1::Sequence([
                                           OpenSSL::ASN1::Integer(sig_r),
                                           OpenSSL::ASN1::Integer(sig_s)
@@ -109,14 +117,15 @@ module OpenSSL
       end
 
       # Signs the given data.
-      def ssh_do_sign(data)
+      def ssh_do_sign(data, sig_alg = nil)
         sig = sign(OpenSSL::Digest::SHA1.new, data)
         a1sig = OpenSSL::ASN1.decode(sig)
 
         sig_r = a1sig.value[0].value.to_s(2)
         sig_s = a1sig.value[1].value.to_s(2)
 
-        raise OpenSSL::PKey::DSAError, "bad sig size" if sig_r.length > 20 || sig_s.length > 20
+        sig_size = params["q"].num_bits / 8
+        raise OpenSSL::PKey::DSAError, "bad sig size" if sig_r.length > sig_size || sig_s.length > sig_size
 
         sig_r = "\0" * (20 - sig_r.length) + sig_r if sig_r.length < 20
         sig_s = "\0" * (20 - sig_s.length) + sig_s if sig_s.length < 20
@@ -150,10 +159,22 @@ module OpenSSL
 
         public_key_oct = buffer.read_string
         begin
-          key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
-          group = key.group
+          curvename = OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key]
+          group = OpenSSL::PKey::EC::Group.new(curvename)
           point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
-          key.public_key = point
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Sequence(
+                [
+                  OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                  OpenSSL::ASN1::ObjectId(curvename)
+                ]
+              ),
+              OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+            ]
+          )
+
+          key = OpenSSL::PKey::EC.new(asn1.to_der)
 
           return key
         rescue OpenSSL::PKey::ECError
@@ -220,7 +241,7 @@ module OpenSSL
       end
 
       # Returns the signature for the given data.
-      def ssh_do_sign(data)
+      def ssh_do_sign(data, sig_alg = nil)
         digest = digester.digest(data)
         sig = dsa_sign_asn1(digest)
         a1sig = OpenSSL::ASN1.decode(sig)

data/lib/net/ssh/transport/packet_stream.rb

@@ -80,7 +80,7 @@ module Net
         # available or not, and will return nil if there is no packet ready to be
         # returned. If the mode parameter is :block, then this method will block
         # until a packet is available or timeout seconds have passed.
-        def next_packet(mode=:nonblock, timeout=nil)
+        def next_packet(mode = :nonblock, timeout = nil)
           case mode
           when :nonblock then
             packet = poll_next_packet

data/lib/net/ssh/transport/session.rb

@@ -55,7 +55,7 @@ module Net
         # Instantiates a new transport layer abstraction. This will block until
         # the initial key exchange completes, leaving you with a ready-to-use
         # transport session.
-        def initialize(host, options={})
+        def initialize(host, options = {})
           self.logger = options[:logger]
 
           @host = host
@@ -186,7 +186,7 @@ module Net
         # received, it will be enqueued and otherwise ignored. When a key-exchange
         # is not in process, and consume_queue is true, packets will be first
         # read from the queue before the socket is queried.
-        def poll_message(mode=:nonblock, consume_queue=true)
+        def poll_message(mode = :nonblock, consume_queue = true)
           loop do
             return @queue.shift if consume_queue && @queue.any? && algorithms.allow?(@queue.first)
 
@@ -252,27 +252,27 @@ module Net
         # Configure's the packet stream's client state with the given set of
         # options. This is typically used to define the cipher, compression, and
         # hmac algorithms to use when sending packets to the server.
-        def configure_client(options={})
+        def configure_client(options = {})
           socket.client.set(options)
         end
 
         # Configure's the packet stream's server state with the given set of
         # options. This is typically used to define the cipher, compression, and
         # hmac algorithms to use when reading packets from the server.
-        def configure_server(options={})
+        def configure_server(options = {})
           socket.server.set(options)
         end
 
         # Sets a new hint for the packet stream, which the packet stream may use
         # to change its behavior. (See PacketStream#hints).
-        def hint(which, value=true)
+        def hint(which, value = true)
           socket.hints[which] = value
         end
 
         public
 
         # this method is primarily for use in tests
-        attr_reader :queue #:nodoc:
+        attr_reader :queue # :nodoc:
 
         private
 

data/lib/net/ssh/transport/state.rb

@@ -191,7 +191,7 @@ module Net
 
         private
 
-        def update_next_iv(data, reset=false)
+        def update_next_iv(data, reset = false)
           @next_iv << data
           @next_iv = @next_iv[@next_iv.size - cipher.iv_len..-1]