Improve Open SSL includes (#6240)

MiguelCompany · MiguelCompany · commit bedecec7a175 · 2026-01-12T08:04:33.000+01:00
Signed-off-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 338f840)
diff --git a/src/cpp/security/OpenSSLInit.hpp b/src/cpp/security/OpenSSLInit.hpp
@@ -12,12 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+#include <cstdint>
 #include <memory>
 
-#include <openssl/evp.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
+#include <openssl/crypto.h>
 
 namespace eprosima {
 namespace fastdds {
diff --git a/src/cpp/security/artifact_providers/FileProvider.cpp b/src/cpp/security/artifact_providers/FileProvider.cpp
@@ -18,6 +18,9 @@
 
 #include <security/artifact_providers/FileProvider.hpp>
 
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
 #include <cassert>
 #include <cstring>
 #include <iostream>
diff --git a/src/cpp/security/artifact_providers/FileProvider.hpp b/src/cpp/security/artifact_providers/FileProvider.hpp
@@ -20,14 +20,12 @@
 #define _SECURITY_ARTIFACTPROVIDERS_FILEPROVIDER_HPP_
 
 #include <functional>
+#include <string>
 
-#include <openssl/engine.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
+#include <openssl/types.h>
 
 #include <rtps/security/exceptions/SecurityException.h>
 
-
 namespace eprosima {
 namespace fastdds {
 namespace rtps {
@@ -63,10 +61,10 @@ class FileProvider
 
 };
 
-} // namespace detail
-} //namespace security
-} //namespace rtps
-} //namespace fastdds
-} //namespace eprosima
+}  // namespace detail
+}  // namespace security
+}  // namespace rtps
+}  // namespace fastdds
+}  // namespace eprosima
 
 #endif  // _SECURITY_ARTIFACTPROVIDERS_FILEPROVIDER_HPP_
diff --git a/src/cpp/security/artifact_providers/Pkcs11Provider.cpp b/src/cpp/security/artifact_providers/Pkcs11Provider.cpp
@@ -26,6 +26,17 @@
 #include <security/artifact_providers/Pkcs11Provider.hpp>
 
 #include <iostream>
+#include <string>
+
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/types.h>
+
+#if !defined(OPENSSL_NO_ENGINE)
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+#endif // !defined(OPENSSL_NO_ENGINE)
 
 #include <fastdds/dds/log/Log.hpp>
 #include <utils/SystemInfo.hpp>
@@ -42,6 +53,8 @@ namespace rtps {
 namespace security {
 namespace detail {
 
+#if !defined(OPENSSL_NO_ENGINE)
+
 constexpr const char* FASTDDS_PKCS11_PIN = "FASTDDS_PKCS11_PIN";
 constexpr const char* PKCS11_ENGINE_ID = "pkcs11";
 
@@ -79,8 +92,15 @@ static int ui_close(
     return UI_method_get_closer(UI_OpenSSL())(ui);
 }
 
+#endif  // !defined(OPENSSL_NO_ENGINE)
+
 Pkcs11Provider::Pkcs11Provider()
 {
+#if defined(OPENSSL_NO_ENGINE)
+    has_initialization_error_ = true;
+    initialization_exception_ =
+            _SecurityException_(std::string("Cannot retrieve 'pkcs11' engine because 'OPENSSL_NO_ENGINE' is defined"));
+#else
     SSL_load_error_strings();                /* readable error messages */
     SSL_library_init();                      /* initialize library */
 
@@ -123,17 +143,20 @@ Pkcs11Provider::Pkcs11Provider()
         ENGINE_free(pkcs11_);
         return;
     }
+#endif // defined(OPENSSL_NO_ENGINE)
 }
 
 Pkcs11Provider::~Pkcs11Provider()
 {
+#if !defined(OPENSSL_NO_ENGINE)
     ENGINE_finish(pkcs11_);
     ENGINE_free(pkcs11_);
 
     if (ui_method_)
     {
         UI_destroy_method(ui_method_);
     }
+#endif  // !defined(OPENSSL_NO_ENGINE)
 }
 
 EVP_PKEY* Pkcs11Provider::load_private_key(
@@ -142,6 +165,12 @@ EVP_PKEY* Pkcs11Provider::load_private_key(
         const std::string& /*password*/,
         SecurityException& exception)
 {
+#if defined(OPENSSL_NO_ENGINE)
+    static_cast<void>(certificate);
+    static_cast<void>(pkey);
+    exception = initialization_exception_;
+    return nullptr;
+#else
     if (has_initialization_error_)
     {
         exception = initialization_exception_;
@@ -165,6 +194,7 @@ EVP_PKEY* Pkcs11Provider::load_private_key(
     }
 
     return returnedValue;
+#endif  // defined(OPENSSL_NO_ENGINE)
 }
 
 } // namespace detail
diff --git a/src/cpp/security/artifact_providers/Pkcs11Provider.hpp b/src/cpp/security/artifact_providers/Pkcs11Provider.hpp
@@ -19,9 +19,9 @@
 #ifndef _SECURITY_ARTIFACTPROVIDERS_PKCS11PROVIDER_HPP_
 #define _SECURITY_ARTIFACTPROVIDERS_PKCS11PROVIDER_HPP_
 
-#include <openssl/engine.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
+#include <string>
+
+#include <openssl/types.h>
 
 #include <rtps/security/exceptions/SecurityException.h>
 
@@ -48,16 +48,13 @@ class Pkcs11Provider
 
 private:
 
-    EVP_PKEY* load_private_key_impl(
-            X509* certificate,
-            const std::string& file,
-            const std::string& password,
-            SecurityException& exception);
-
     SecurityException initialization_exception_;
     bool has_initialization_error_ = false;
+
+#if !defined(OPENSSL_NO_ENGINE)
     ENGINE* pkcs11_ = nullptr;
     UI_METHOD* ui_method_ = nullptr;
+#endif // !defined(OPENSSL_NO_ENGINE)
 };
 
 } // namespace detail
