Stop exporting ssl and NID_secp256k1 in bitcoin.core.key

Internal details of the OpenSSL implementation used.

Author: petertodd

bitcoin/core/key.py

@@ -21,10 +21,10 @@
 import hashlib
 import sys
 
-ssl = ctypes.cdll.LoadLibrary(ctypes.util.find_library('ssl') or 'libeay32')
+_ssl = ctypes.cdll.LoadLibrary(ctypes.util.find_library('ssl') or 'libeay32')
 
 # this specifies the curve used with ECDSA.
-NID_secp256k1 = 714 # from openssl/obj_mac.h
+_NID_secp256k1 = 714 # from openssl/obj_mac.h
 
 # Thx to Sam Devlin for the ctypes magic 64-bit fix.
 def _check_result (val, func, args):
@@ -33,8 +33,8 @@ def _check_result (val, func, args):
     else:
         return ctypes.c_void_p(val)
 
-ssl.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
-ssl.EC_KEY_new_by_curve_name.errcheck = _check_result
+_ssl.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
+_ssl.EC_KEY_new_by_curve_name.errcheck = _check_result
 
 class CECKey:
     """Wrapper around OpenSSL's EC_KEY"""
@@ -43,51 +43,51 @@ class CECKey:
     POINT_CONVERSION_UNCOMPRESSED = 4
 
     def __init__(self):
-        self.k = ssl.EC_KEY_new_by_curve_name(NID_secp256k1)
+        self.k = _ssl.EC_KEY_new_by_curve_name(_NID_secp256k1)
 
     def __del__(self):
-        if ssl:
-            ssl.EC_KEY_free(self.k)
+        if _ssl:
+            _ssl.EC_KEY_free(self.k)
         self.k = None
 
     def set_secretbytes(self, secret):
-        priv_key = ssl.BN_bin2bn(secret, 32, ssl.BN_new())
-        group = ssl.EC_KEY_get0_group(self.k)
-        pub_key = ssl.EC_POINT_new(group)
-        ctx = ssl.BN_CTX_new()
-        if not ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx):
+        priv_key = _ssl.BN_bin2bn(secret, 32, _ssl.BN_new())
+        group = _ssl.EC_KEY_get0_group(self.k)
+        pub_key = _ssl.EC_POINT_new(group)
+        ctx = _ssl.BN_CTX_new()
+        if not _ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx):
             raise ValueError("Could not derive public key from the supplied secret.")
-        ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx)
-        ssl.EC_KEY_set_private_key(self.k, priv_key)
-        ssl.EC_KEY_set_public_key(self.k, pub_key)
-        ssl.EC_POINT_free(pub_key)
-        ssl.BN_CTX_free(ctx)
+        _ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx)
+        _ssl.EC_KEY_set_private_key(self.k, priv_key)
+        _ssl.EC_KEY_set_public_key(self.k, pub_key)
+        _ssl.EC_POINT_free(pub_key)
+        _ssl.BN_CTX_free(ctx)
         return self.k
 
     def set_privkey(self, key):
         self.mb = ctypes.create_string_buffer(key)
-        return ssl.d2i_ECPrivateKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))
+        return _ssl.d2i_ECPrivateKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))
 
     def set_pubkey(self, key):
         self.mb = ctypes.create_string_buffer(key)
-        return ssl.o2i_ECPublicKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))
+        return _ssl.o2i_ECPublicKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))
 
     def get_privkey(self):
-        size = ssl.i2d_ECPrivateKey(self.k, 0)
+        size = _ssl.i2d_ECPrivateKey(self.k, 0)
         mb_pri = ctypes.create_string_buffer(size)
-        ssl.i2d_ECPrivateKey(self.k, ctypes.byref(ctypes.pointer(mb_pri)))
+        _ssl.i2d_ECPrivateKey(self.k, ctypes.byref(ctypes.pointer(mb_pri)))
         return mb_pri.raw
 
     def get_pubkey(self):
-        size = ssl.i2o_ECPublicKey(self.k, 0)
+        size = _ssl.i2o_ECPublicKey(self.k, 0)
         mb = ctypes.create_string_buffer(size)
-        ssl.i2o_ECPublicKey(self.k, ctypes.byref(ctypes.pointer(mb)))
+        _ssl.i2o_ECPublicKey(self.k, ctypes.byref(ctypes.pointer(mb)))
         return mb.raw
 
     def get_raw_ecdh_key(self, other_pubkey):
         ecdh_keybuffer = ctypes.create_string_buffer(32)
-        r = ssl.ECDH_compute_key(ctypes.pointer(ecdh_keybuffer), 32,
-                                 ssl.EC_KEY_get0_public_key(other_pubkey.k),
+        r = _ssl.ECDH_compute_key(ctypes.pointer(ecdh_keybuffer), 32,
+                                 _ssl.EC_KEY_get0_public_key(other_pubkey.k),
                                  self.k, 0)
         if r != 32:
             raise Exception('CKey.get_ecdh_key(): ECDH_compute_key() failed')
@@ -106,22 +106,22 @@ def sign(self, hash):
             raise ValueError('Hash must be exactly 32 bytes long')
 
         sig_size0 = ctypes.c_uint32()
-        sig_size0.value = ssl.ECDSA_size(self.k)
+        sig_size0.value = _ssl.ECDSA_size(self.k)
         mb_sig = ctypes.create_string_buffer(sig_size0.value)
-        result = ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k)
+        result = _ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k)
         assert 1 == result
         return mb_sig.raw[:sig_size0.value]
 
     def verify(self, hash, sig):
         """Verify a DER signature"""
-        return ssl.ECDSA_verify(0, hash, len(hash), sig, len(sig), self.k) == 1
+        return _ssl.ECDSA_verify(0, hash, len(hash), sig, len(sig), self.k) == 1
 
     def set_compressed(self, compressed):
         if compressed:
             form = self.POINT_CONVERSION_COMPRESSED
         else:
             form = self.POINT_CONVERSION_UNCOMPRESSED
-        ssl.EC_KEY_set_conv_form(self.k, form)
+        _ssl.EC_KEY_set_conv_form(self.k, form)
 
 
 class CPubKey(bytes):