Replace OPENSSL_STATIC_ASSERT with static_assert.

The C11 change has survived for three months now. Let's start freely
using static_assert. In C files, we need to include <assert.h> because
it is a macro. In C++ files, it is a keyword and we can just use it. (In
MSVC C, it is actually also a keyword as in C++, but close enough.)

I moved one assert from ssl3.h to ssl_lib.cc. We haven't yet required
C11 in our public headers, just our internal files.

Change-Id: Ic59978be43b699f2c997858179a9691606784ea5
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53665
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

crypto/asn1/a_int.c

@@ -56,13 +56,13 @@
 
 #include <openssl/asn1.h>
 
+#include <assert.h>
 #include <limits.h>
 #include <string.h>
 
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 #include "../internal.h"
 
@@ -353,7 +353,7 @@ static long asn1_string_get_long(const ASN1_STRING *a, int type) {
     i64 = (int64_t)v;
     fits_in_i64 = i64 >= 0;
   }
-  OPENSSL_STATIC_ASSERT(sizeof(long) <= sizeof(int64_t), "long is too big");
+  static_assert(sizeof(long) <= sizeof(int64_t), "long is too big");
 
   if (fits_in_i64 && LONG_MIN <= i64 && i64 <= LONG_MAX) {
     return (long)i64;

crypto/base64/base64.c

@@ -60,8 +60,6 @@
 #include <limits.h>
 #include <string.h>
 
-#include <openssl/type_check.h>
-
 #include "../internal.h"
 
 
@@ -98,8 +96,8 @@ static uint8_t conv_bin2ascii(uint8_t a) {
   return ret;
 }
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
-                      "data length must be a multiple of base64 chunk size");
+static_assert(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
+              "data length must be a multiple of base64 chunk size");
 
 int EVP_EncodedLength(size_t *out_len, size_t len) {
   if (len + 2 < len) {

crypto/blake2/blake2.c

@@ -14,7 +14,7 @@
 
 #include <openssl/blake2.h>
 
-#include <openssl/type_check.h>
+#include <assert.h>
 
 #include "../internal.h"
 
@@ -61,7 +61,7 @@ static void blake2b_transform(
     size_t num_bytes, int is_final_block) {
   // https://tools.ietf.org/html/rfc7693#section-3.2
   uint64_t v[16];
-  OPENSSL_STATIC_ASSERT(sizeof(v) == sizeof(b2b->h) + sizeof(kIV), "");
+  static_assert(sizeof(v) == sizeof(b2b->h) + sizeof(kIV), "");
   OPENSSL_memcpy(v, b2b->h, sizeof(b2b->h));
   OPENSSL_memcpy(&v[8], kIV, sizeof(kIV));
 
@@ -97,7 +97,7 @@ static void blake2b_transform(
 void BLAKE2B256_Init(BLAKE2B_CTX *b2b) {
   OPENSSL_memset(b2b, 0, sizeof(BLAKE2B_CTX));
 
-  OPENSSL_STATIC_ASSERT(sizeof(kIV) == sizeof(b2b->h), "");
+  static_assert(sizeof(kIV) == sizeof(b2b->h), "");
   OPENSSL_memcpy(&b2b->h, kIV, sizeof(kIV));
 
   // https://tools.ietf.org/html/rfc7693#section-2.5
@@ -143,7 +143,7 @@ void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH], BLAKE2B_CTX *b2b) {
                  sizeof(b2b->block.bytes) - b2b->block_used);
   blake2b_transform(b2b, b2b->block.words, b2b->block_used,
                     /*is_final_block=*/1);
-  OPENSSL_STATIC_ASSERT(BLAKE2B256_DIGEST_LENGTH <= sizeof(b2b->h), "");
+  static_assert(BLAKE2B256_DIGEST_LENGTH <= sizeof(b2b->h), "");
   memcpy(out, b2b->h, BLAKE2B256_DIGEST_LENGTH);
 }
 

crypto/cipher_extra/e_aesctrhmac.c

@@ -13,6 +13,9 @@
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
 #include <openssl/aead.h>
+
+#include <assert.h>
+
 #include <openssl/cipher.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
@@ -35,12 +38,12 @@ struct aead_aes_ctr_hmac_sha256_ctx {
   SHA256_CTX outer_init_state;
 };
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_aes_ctr_hmac_sha256_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_aes_ctr_hmac_sha256_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_aes_ctr_hmac_sha256_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_aes_ctr_hmac_sha256_ctx),
+              "AEAD state has insufficient alignment");
 
 static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
                       const uint8_t hmac_key[32]) {

crypto/cipher_extra/e_aesgcmsiv.c

@@ -42,11 +42,11 @@ struct aead_aes_gcm_siv_asm_ctx {
 
 // The assembly code assumes 8-byte alignment of the EVP_AEAD_CTX's state, and
 // aligns to 16 bytes itself.
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) + 8 >=
-                          sizeof(struct aead_aes_gcm_siv_asm_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >= 8,
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) + 8 >=
+                  sizeof(struct aead_aes_gcm_siv_asm_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >= 8,
+              "AEAD state has insufficient alignment");
 
 // asm_ctx_from_ctx returns a 16-byte aligned context pointer from |ctx|.
 static struct aead_aes_gcm_siv_asm_ctx *asm_ctx_from_ctx(
@@ -550,12 +550,12 @@ struct aead_aes_gcm_siv_ctx {
   unsigned is_256:1;
 };
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_aes_gcm_siv_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_aes_gcm_siv_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_aes_gcm_siv_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_aes_gcm_siv_ctx),
+              "AEAD state has insufficient alignment");
 
 static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                  size_t key_len, size_t tag_len) {

crypto/cipher_extra/e_chacha20poly1305.c

@@ -14,6 +14,7 @@
 
 #include <openssl/aead.h>
 
+#include <assert.h>
 #include <string.h>
 
 #include <openssl/chacha.h>
@@ -21,7 +22,6 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/poly1305.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 #include "../chacha/internal.h"
@@ -32,12 +32,12 @@ struct aead_chacha20_poly1305_ctx {
   uint8_t key[32];
 };
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_chacha20_poly1305_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_chacha20_poly1305_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_chacha20_poly1305_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_chacha20_poly1305_ctx),
+              "AEAD state has insufficient alignment");
 
 static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                        size_t key_len, size_t tag_len) {

crypto/cipher_extra/e_tls.c

@@ -23,7 +23,6 @@
 #include <openssl/md5.h>
 #include <openssl/mem.h>
 #include <openssl/sha.h>
-#include <openssl/type_check.h>
 
 #include "../fipsmodule/cipher/internal.h"
 #include "../internal.h"
@@ -42,15 +41,12 @@ typedef struct {
   char implicit_iv;
 } AEAD_TLS_CTX;
 
-OPENSSL_STATIC_ASSERT(EVP_MAX_MD_SIZE < 256,
-                      "mac_key_len does not fit in uint8_t");
+static_assert(EVP_MAX_MD_SIZE < 256, "mac_key_len does not fit in uint8_t");
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(AEAD_TLS_CTX),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(AEAD_TLS_CTX),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >= sizeof(AEAD_TLS_CTX),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >= alignof(AEAD_TLS_CTX),
+              "AEAD state has insufficient alignment");
 
 static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) {
   AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;

crypto/cipher_extra/internal.h

@@ -57,10 +57,10 @@
 #ifndef OPENSSL_HEADER_CIPHER_EXTRA_INTERNAL_H
 #define OPENSSL_HEADER_CIPHER_EXTRA_INTERNAL_H
 
+#include <assert.h>
 #include <stdlib.h>
 
 #include <openssl/base.h>
-#include <openssl/type_check.h>
 
 #include "../internal.h"
 
@@ -166,10 +166,10 @@ union chacha20_poly1305_seal_data {
 #if (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) &&  \
     !defined(OPENSSL_NO_ASM)
 
-OPENSSL_STATIC_ASSERT(sizeof(union chacha20_poly1305_open_data) == 48,
-                      "wrong chacha20_poly1305_open_data size");
-OPENSSL_STATIC_ASSERT(sizeof(union chacha20_poly1305_seal_data) == 48 + 8 + 8,
-                      "wrong chacha20_poly1305_seal_data size");
+static_assert(sizeof(union chacha20_poly1305_open_data) == 48,
+              "wrong chacha20_poly1305_open_data size");
+static_assert(sizeof(union chacha20_poly1305_seal_data) == 48 + 8 + 8,
+              "wrong chacha20_poly1305_seal_data size");
 
 OPENSSL_INLINE int chacha20_poly1305_asm_capable(void) {
 #if defined(OPENSSL_X86_64)

crypto/curve25519/curve25519.c

@@ -27,7 +27,6 @@
 #include <openssl/mem.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 #include "../internal.h"
@@ -151,8 +150,8 @@ typedef uint32_t fe_limb_t;
 
 #endif  // BORINGSSL_CURVE25519_64BIT
 
-OPENSSL_STATIC_ASSERT(sizeof(fe) == sizeof(fe_limb_t) * FE_NUM_LIMBS,
-                      "fe_limb_t[FE_NUM_LIMBS] is inconsistent with fe");
+static_assert(sizeof(fe) == sizeof(fe_limb_t) * FE_NUM_LIMBS,
+              "fe_limb_t[FE_NUM_LIMBS] is inconsistent with fe");
 
 static void fe_frombytes_strict(fe *h, const uint8_t s[32]) {
   // |fiat_25519_from_bytes| requires the top-most bit be clear.
@@ -315,8 +314,7 @@ static void fe_copy(fe *h, const fe *f) {
 }
 
 static void fe_copy_lt(fe_loose *h, const fe *f) {
-  OPENSSL_STATIC_ASSERT(sizeof(fe_loose) == sizeof(fe),
-                        "fe and fe_loose mismatch");
+  static_assert(sizeof(fe_loose) == sizeof(fe), "fe and fe_loose mismatch");
   OPENSSL_memmove(h, f, sizeof(fe));
 }
 #if !defined(OPENSSL_SMALL)

crypto/ec_extra/hash_to_curve.c

@@ -17,7 +17,6 @@
 #include <openssl/digest.h>
 #include <openssl/err.h>
 #include <openssl/nid.h>
-#include <openssl/type_check.h>
 
 #include <assert.h>
 
@@ -61,7 +60,7 @@ static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len,
   EVP_MD_CTX_init(&ctx);
 
   // Long DSTs are hashed down to size. See section 5.3.3.
-  OPENSSL_STATIC_ASSERT(EVP_MAX_MD_SIZE < 256, "hashed DST still too large");
+  static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large");
   uint8_t dst_buf[EVP_MAX_MD_SIZE];
   if (dst_len >= 256) {
     static const char kPrefix[] = "H2C-OVERSIZE-DST-";

crypto/err/err_data_generate.go

@@ -270,15 +270,15 @@ func main() {
 
 #include <openssl/base.h>
 #include <openssl/err.h>
-#include <openssl/type_check.h>
 
+#include <assert.h>
 
 `)
 
 	for i, name := range libraryNames {
-		fmt.Fprintf(out, "OPENSSL_STATIC_ASSERT(ERR_LIB_%s == %d, \"library value changed\");\n", name, i+1)
+		fmt.Fprintf(out, "static_assert(ERR_LIB_%s == %d, \"library value changed\");\n", name, i+1)
 	}
-	fmt.Fprintf(out, "OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == %d, \"number of libraries changed\");\n", len(libraryNames)+1)
+	fmt.Fprintf(out, "static_assert(ERR_NUM_LIBS == %d, \"number of libraries changed\");\n", len(libraryNames)+1)
 	out.WriteString("\n")
 
 	e.reasons.WriteTo(out, "Reason")

crypto/evp/scrypt.c

@@ -13,7 +13,6 @@
 
 #include <openssl/err.h>
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 #include "../internal.h"
 
@@ -30,7 +29,7 @@
 // A block_t is a Salsa20 block.
 typedef struct { uint32_t words[16]; } block_t;
 
-OPENSSL_STATIC_ASSERT(sizeof(block_t) == 64, "block_t has padding");
+static_assert(sizeof(block_t) == 64, "block_t has padding");
 
 // salsa208_word_specification implements the Salsa20/8 core function, also
 // described in RFC 7914, section 3. It modifies the block at |inout|
@@ -171,7 +170,7 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
 
   // Allocate and divide up the scratch space. |max_mem| fits in a size_t, which
   // is no bigger than uint64_t, so none of these operations may overflow.
-  OPENSSL_STATIC_ASSERT(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
+  static_assert(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
   size_t B_blocks = p * 2 * r;
   size_t B_bytes = B_blocks * sizeof(block_t);
   size_t T_blocks = 2 * r;

crypto/fipsmodule/aes/aes_nohw.c

@@ -152,10 +152,10 @@ static inline aes_word_t aes_nohw_shift_right(aes_word_t a, aes_word_t i) {
 }
 #endif  // OPENSSL_SSE2
 
-OPENSSL_STATIC_ASSERT(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
-                      "batch size does not match word size");
-OPENSSL_STATIC_ASSERT(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
-                      "AES_NOHW_WORD_SIZE is incorrect");
+static_assert(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
+              "batch size does not match word size");
+static_assert(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
+              "AES_NOHW_WORD_SIZE is incorrect");
 
 
 // Block representations.

crypto/fipsmodule/bn/bn.c

@@ -56,6 +56,7 @@
 
 #include <openssl/bn.h>
 
+#include <assert.h>
 #include <limits.h>
 #include <string.h>
 
@@ -416,8 +417,8 @@ int bn_resize_words(BIGNUM *bn, size_t words) {
 void bn_select_words(BN_ULONG *r, BN_ULONG mask, const BN_ULONG *a,
                      const BN_ULONG *b, size_t num) {
   for (size_t i = 0; i < num; i++) {
-    OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                          "crypto_word_t is too small");
+    static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                  "crypto_word_t is too small");
     r[i] = constant_time_select_w(mask, a[i], b[i]);
   }
 }

crypto/fipsmodule/bn/cmp.c

@@ -56,8 +56,9 @@
 
 #include <openssl/bn.h>
 
+#include <assert.h>
+
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 #include "../../internal.h"
@@ -65,8 +66,8 @@
 
 static int bn_cmp_words_consttime(const BN_ULONG *a, size_t a_len,
                                   const BN_ULONG *b, size_t b_len) {
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
+  static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
   int ret = 0;
   // Process the common words in little-endian order.
   size_t min = a_len < b_len ? a_len : b_len;

crypto/fipsmodule/bn/montgomery.c

@@ -116,7 +116,6 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/thread.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 #include "../../internal.h"
@@ -190,11 +189,10 @@ static int bn_mont_ctx_set_N_and_n0(BN_MONT_CTX *mont, const BIGNUM *mod) {
   // others, we could use a shorter R value and use faster |BN_ULONG|-based
   // math instead of |uint64_t|-based math, which would be double-precision.
   // However, currently only the assembler files know which is which.
-  OPENSSL_STATIC_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
-                        "BN_MONT_CTX_N0_LIMBS value is invalid");
-  OPENSSL_STATIC_ASSERT(
-      sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t),
-      "uint64_t is insufficient precision for n0");
+  static_assert(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
+                "BN_MONT_CTX_N0_LIMBS value is invalid");
+  static_assert(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t),
+                "uint64_t is insufficient precision for n0");
   uint64_t n0 = bn_mont_n0(&mont->N);
   mont->n0[0] = (BN_ULONG)n0;
 #if BN_MONT_CTX_N0_LIMBS == 2

crypto/fipsmodule/bn/montgomery_inv.c

@@ -22,11 +22,10 @@
 
 static uint64_t bn_neg_inv_mod_r_u64(uint64_t n);
 
-OPENSSL_STATIC_ASSERT(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
-                      "BN_MONT_CTX_N0_LIMBS value is invalid");
-OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS ==
-                          sizeof(uint64_t),
-                      "uint64_t is insufficient precision for n0");
+static_assert(BN_MONT_CTX_N0_LIMBS == 1 || BN_MONT_CTX_N0_LIMBS == 2,
+              "BN_MONT_CTX_N0_LIMBS value is invalid");
+static_assert(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t),
+              "uint64_t is insufficient precision for n0");
 
 // LG_LITTLE_R is log_2(r).
 #define LG_LITTLE_R (BN_MONT_CTX_N0_LIMBS * BN_BITS2)

crypto/fipsmodule/bn/mul.c

@@ -62,7 +62,6 @@
 
 #include <openssl/err.h>
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 #include "../../internal.h"
@@ -281,8 +280,8 @@ static void bn_mul_recursive(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
   BN_ULONG c_neg = c - bn_sub_words(&t[n2 * 2], t, &t[n2], n2);
   BN_ULONG c_pos = c + bn_add_words(&t[n2], t, &t[n2], n2);
   bn_select_words(&t[n2], neg, &t[n2 * 2], &t[n2], n2);
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
+  static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
   c = constant_time_select_w(neg, c_neg, c_pos);
 
   // We now have our three components. Add them together.
@@ -395,8 +394,8 @@ static void bn_mul_part_recursive(BN_ULONG *r, const BN_ULONG *a,
   BN_ULONG c_neg = c - bn_sub_words(&t[n2 * 2], t, &t[n2], n2);
   BN_ULONG c_pos = c + bn_add_words(&t[n2], t, &t[n2], n2);
   bn_select_words(&t[n2], neg, &t[n2 * 2], &t[n2], n2);
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
+  static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
   c = constant_time_select_w(neg, c_neg, c_pos);
 
   // We now have our three components. Add them together.

crypto/fipsmodule/bn/random.c

@@ -108,12 +108,12 @@
 
 #include <openssl/bn.h>
 
+#include <assert.h>
 #include <limits.h>
 #include <string.h>
 
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#include <openssl/type_check.h>
 
 #include "../../internal.h"
 #include "../rand/internal.h"
@@ -199,8 +199,8 @@ static crypto_word_t bn_less_than_word_mask(const BN_ULONG *a, size_t len,
   }
 
   // |a| < |b| iff a[1..len-1] are all zero and a[0] < b.
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
+  static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
   crypto_word_t mask = 0;
   for (size_t i = 1; i < len; i++) {
     mask |= a[i];

crypto/fipsmodule/bn/rsaz_exp.c

@@ -18,6 +18,8 @@
 
 #include <openssl/mem.h>
 
+#include <assert.h>
+
 #include "internal.h"
 #include "../../internal.h"
 
@@ -38,8 +40,8 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
                             const BN_ULONG m_norm[16], const BN_ULONG RR[16],
                             BN_ULONG k0,
                             BN_ULONG storage[MOD_EXP_CTIME_STORAGE_LEN]) {
-  OPENSSL_STATIC_ASSERT(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH % 64 == 0,
-                        "MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH is too small");
+  static_assert(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH % 64 == 0,
+                "MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH is too small");
   assert((uintptr_t)storage % 64 == 0);
 
   BN_ULONG *a_inv, *m, *result, *table_s = storage + 40 * 3, *R2 = table_s;

crypto/fipsmodule/bn/shift.c

@@ -56,10 +56,10 @@
 
 #include <openssl/bn.h>
 
+#include <assert.h>
 #include <string.h>
 
 #include <openssl/err.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 
@@ -296,15 +296,14 @@ int BN_mask_bits(BIGNUM *a, int n) {
 }
 
 static int bn_count_low_zero_bits_word(BN_ULONG l) {
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
-  OPENSSL_STATIC_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
-  OPENSSL_STATIC_ASSERT(BN_BITS2 == sizeof(BN_ULONG) * 8,
-                        "BN_ULONG has padding bits");
+  static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
+  static_assert(sizeof(int) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
+  static_assert(BN_BITS2 == sizeof(BN_ULONG) * 8, "BN_ULONG has padding bits");
   // C has very bizarre rules for types smaller than an int.
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) >= sizeof(int),
-                        "BN_ULONG gets promoted to int");
+  static_assert(sizeof(BN_ULONG) >= sizeof(int),
+                "BN_ULONG gets promoted to int");
 
   crypto_word_t mask;
   int bits = 0;
@@ -342,10 +341,10 @@ static int bn_count_low_zero_bits_word(BN_ULONG l) {
 }
 
 int BN_count_low_zero_bits(const BIGNUM *bn) {
-  OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
-  OPENSSL_STATIC_ASSERT(sizeof(int) <= sizeof(crypto_word_t),
-                        "crypto_word_t is too small");
+  static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
+  static_assert(sizeof(int) <= sizeof(crypto_word_t),
+                "crypto_word_t is too small");
 
   int ret = 0;
   crypto_word_t saw_nonzero = 0;

crypto/fipsmodule/cipher/e_aes.c

@@ -335,7 +335,7 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
 #endif
 
 static EVP_AES_GCM_CTX *aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx) {
-  OPENSSL_STATIC_ASSERT(
+  static_assert(
       alignof(EVP_AES_GCM_CTX) <= 16,
       "EVP_AES_GCM_CTX needs more alignment than this function provides");
 
@@ -921,12 +921,12 @@ static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx,
   return 1;
 }
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_aes_gcm_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_aes_gcm_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_aes_gcm_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_aes_gcm_ctx),
+              "AEAD state has insufficient alignment");
 
 static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                              size_t key_len, size_t requested_tag_len) {
@@ -1259,12 +1259,12 @@ struct aead_aes_gcm_tls12_ctx {
   uint64_t min_next_nonce;
 };
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_aes_gcm_tls12_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_aes_gcm_tls12_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_aes_gcm_tls12_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_aes_gcm_tls12_ctx),
+              "AEAD state has insufficient alignment");
 
 static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                    size_t key_len, size_t requested_tag_len) {
@@ -1353,12 +1353,12 @@ struct aead_aes_gcm_tls13_ctx {
   uint8_t first;
 };
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_aes_gcm_tls13_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_aes_gcm_tls13_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_aes_gcm_tls13_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_aes_gcm_tls13_ctx),
+              "AEAD state has insufficient alignment");
 
 static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                    size_t key_len, size_t requested_tag_len) {

crypto/fipsmodule/cipher/e_aesccm.c

@@ -276,12 +276,12 @@ struct aead_aes_ccm_ctx {
   struct ccm128_context ccm;
 };
 
-OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
-                          sizeof(struct aead_aes_ccm_ctx),
-                      "AEAD state is too small");
-OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
-                          alignof(struct aead_aes_ccm_ctx),
-                      "AEAD state has insufficient alignment");
+static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                  sizeof(struct aead_aes_ccm_ctx),
+              "AEAD state is too small");
+static_assert(alignof(union evp_aead_ctx_st_state) >=
+                  alignof(struct aead_aes_ccm_ctx),
+              "AEAD state has insufficient alignment");
 
 static int aead_aes_ccm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                              size_t key_len, size_t tag_len, unsigned M,

crypto/fipsmodule/ec/ec.c

@@ -1155,8 +1155,8 @@ void ec_affine_select(const EC_GROUP *group, EC_AFFINE *out, BN_ULONG mask,
 
 void ec_precomp_select(const EC_GROUP *group, EC_PRECOMP *out, BN_ULONG mask,
                        const EC_PRECOMP *a, const EC_PRECOMP *b) {
-  OPENSSL_STATIC_ASSERT(sizeof(out->comb) == sizeof(*out),
-                        "out->comb does not span the entire structure");
+  static_assert(sizeof(out->comb) == sizeof(*out),
+                "out->comb does not span the entire structure");
   for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(out->comb); i++) {
     ec_affine_select(group, &out->comb[i], mask, &a->comb[i], &b->comb[i]);
   }

crypto/fipsmodule/ec/internal.h

@@ -70,10 +70,11 @@
 
 #include <openssl/base.h>
 
+#include <assert.h>
+
 #include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/ex_data.h>
-#include <openssl/type_check.h>
 
 #include "../bn/internal.h"
 
@@ -91,8 +92,8 @@ extern "C" {
 #define EC_MAX_BYTES 66
 #define EC_MAX_WORDS ((EC_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
 
-OPENSSL_STATIC_ASSERT(EC_MAX_WORDS <= BN_SMALL_MAX_WORDS,
-                      "bn_*_small functions not usable");
+static_assert(EC_MAX_WORDS <= BN_SMALL_MAX_WORDS,
+              "bn_*_small functions not usable");
 
 
 // Scalars.

crypto/fipsmodule/ec/p256.c

@@ -22,7 +22,6 @@
 #include <openssl/ec.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 #include <assert.h>
 #include <string.h>

crypto/fipsmodule/ec/simple_mul.c

@@ -202,9 +202,8 @@ int ec_GFp_mont_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
 
   // Store the comb in affine coordinates to shrink the table. (This reduces
   // cache pressure and makes the constant-time selects faster.)
-  OPENSSL_STATIC_ASSERT(
-      OPENSSL_ARRAY_SIZE(comb) == OPENSSL_ARRAY_SIZE(out->comb),
-      "comb sizes did not match");
+  static_assert(OPENSSL_ARRAY_SIZE(comb) == OPENSSL_ARRAY_SIZE(out->comb),
+                "comb sizes did not match");
   return ec_jacobian_to_affine_batch(group, out->comb, comb,
                                      OPENSSL_ARRAY_SIZE(comb));
 }

crypto/fipsmodule/ecdsa/ecdsa.c

@@ -59,7 +59,6 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/sha.h>
-#include <openssl/type_check.h>
 
 #include "../../internal.h"
 #include "../bn/internal.h"
@@ -322,8 +321,8 @@ ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, size_t digest_len,
 
   // Pass a SHA512 hash of the private key and digest as additional data
   // into the RBG. This is a hardening measure against entropy failure.
-  OPENSSL_STATIC_ASSERT(SHA512_DIGEST_LENGTH >= 32,
-                        "additional_data is too large for SHA-512");
+  static_assert(SHA512_DIGEST_LENGTH >= 32,
+                "additional_data is too large for SHA-512");
 
   FIPS_service_indicator_lock_state();
 

crypto/fipsmodule/modes/cbc.c

@@ -49,8 +49,6 @@
 #include <assert.h>
 #include <string.h>
 
-#include <openssl/type_check.h>
-
 #include "internal.h"
 #include "../../internal.h"
 
@@ -120,8 +118,8 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
   if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
     // If |out| is at least two blocks behind |in| or completely disjoint, there
     // is no need to decrypt to a temporary block.
-    OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
-                          "block cannot be evenly divided into words");
+    static_assert(16 % sizeof(crypto_word_t) == 0,
+                  "block cannot be evenly divided into words");
     const uint8_t *iv = ivec;
     while (len >= 16) {
       (*block)(in, out, key);
@@ -136,8 +134,8 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
     }
     OPENSSL_memcpy(ivec, iv, 16);
   } else {
-    OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
-                          "block cannot be evenly divided into words");
+    static_assert(16 % sizeof(crypto_word_t) == 0,
+                  "block cannot be evenly divided into words");
 
     while (len >= 16) {
       (*block)(in, tmp, key);

crypto/fipsmodule/modes/cfb.c

@@ -46,16 +46,13 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
 
-#include <openssl/type_check.h>
-
 #include <assert.h>
 #include <string.h>
 
 #include "internal.h"
 
 
-OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
-                      "block cannot be divided into size_t");
+static_assert(16 % sizeof(size_t) == 0, "block cannot be divided into size_t");
 
 void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                            const AES_KEY *key, uint8_t ivec[16], unsigned *num,

crypto/fipsmodule/modes/ctr.c

@@ -46,8 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
 
-#include <openssl/type_check.h>
-
 #include <assert.h>
 #include <string.h>
 
@@ -70,8 +68,8 @@ static void ctr128_inc(uint8_t *counter) {
   } while (n);
 }
 
-OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
-                      "block cannot be divided into crypto_word_t");
+static_assert(16 % sizeof(crypto_word_t) == 0,
+              "block cannot be divided into crypto_word_t");
 
 // The input encrypted as though 128bit counter mode is being used.  The extra
 // state information to record how much of the 128bit block we have used is

crypto/fipsmodule/modes/ofb.c

@@ -46,16 +46,13 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
 
-#include <openssl/type_check.h>
-
 #include <assert.h>
 #include <string.h>
 
 #include "internal.h"
 
 
-OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
-                      "block cannot be divided into size_t");
+static_assert(16 % sizeof(size_t) == 0, "block cannot be divided into size_t");
 
 void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                            const AES_KEY *key, uint8_t ivec[16], unsigned *num,

crypto/fipsmodule/rand/ctrdrbg.c

@@ -14,7 +14,8 @@
 
 #include <openssl/ctrdrbg.h>
 
-#include <openssl/type_check.h>
+#include <assert.h>
+
 #include <openssl/mem.h>
 
 #include "internal.h"
@@ -80,8 +81,8 @@ int CTR_DRBG_init(CTR_DRBG_STATE *drbg,
   return 1;
 }
 
-OPENSSL_STATIC_ASSERT(CTR_DRBG_ENTROPY_LEN % AES_BLOCK_SIZE == 0,
-                      "not a multiple of AES block size");
+static_assert(CTR_DRBG_ENTROPY_LEN % AES_BLOCK_SIZE == 0,
+              "not a multiple of AES block size");
 
 // ctr_inc adds |n| to the last four bytes of |drbg->counter|, treated as a
 // big-endian number.

crypto/fipsmodule/rand/fork_detect.c

@@ -21,18 +21,17 @@
 #include "fork_detect.h"
 
 #if defined(OPENSSL_LINUX)
+#include <assert.h>
 #include <sys/mman.h>
 #include <unistd.h>
 #include <stdlib.h>
 
-#include <openssl/type_check.h>
-
 #include "../delocate.h"
 #include "../../internal.h"
 
 
 #if defined(MADV_WIPEONFORK)
-OPENSSL_STATIC_ASSERT(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
+static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
 #else
 #define MADV_WIPEONFORK 18
 #endif

crypto/fipsmodule/rand/rand.c

@@ -25,7 +25,6 @@
 #include <openssl/chacha.h>
 #include <openssl/ctrdrbg.h>
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 #include "internal.h"
 #include "fork_detect.h"

crypto/fipsmodule/rsa/rsa_impl.c

@@ -64,7 +64,6 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/thread.h>
-#include <openssl/type_check.h>
 
 #include "../../internal.h"
 #include "../bn/internal.h"
@@ -406,8 +405,8 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
   }
 
   // Double the length of the cache.
-  OPENSSL_STATIC_ASSERT(MAX_BLINDINGS_PER_RSA < UINT_MAX / 2,
-                        "MAX_BLINDINGS_PER_RSA too large");
+  static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / 2,
+                "MAX_BLINDINGS_PER_RSA too large");
   unsigned new_num_blindings = rsa->num_blindings * 2;
   if (new_num_blindings == 0) {
     new_num_blindings = 1;
@@ -417,9 +416,8 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
   }
   assert(new_num_blindings > rsa->num_blindings);
 
-  OPENSSL_STATIC_ASSERT(
-      MAX_BLINDINGS_PER_RSA < UINT_MAX / sizeof(BN_BLINDING *),
-      "MAX_BLINDINGS_PER_RSA too large");
+  static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / sizeof(BN_BLINDING *),
+                "MAX_BLINDINGS_PER_RSA too large");
   BN_BLINDING **new_blindings =
       OPENSSL_malloc(sizeof(BN_BLINDING *) * new_num_blindings);
   uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings);

crypto/hrss/hrss.c

@@ -1226,10 +1226,10 @@ static void poly_mul_vec_aux(vec_t *restrict out, vec_t *restrict scratch,
 // poly_mul_vec sets |*out| to |x|×|y| mod (𝑥^n - 1).
 static void poly_mul_vec(struct POLY_MUL_SCRATCH *scratch, struct poly *out,
                          const struct poly *x, const struct poly *y) {
-  OPENSSL_STATIC_ASSERT(sizeof(out->v) == sizeof(vec_t) * VECS_PER_POLY,
-                        "struct poly is the wrong size");
-  OPENSSL_STATIC_ASSERT(alignof(struct poly) == alignof(vec_t),
-                        "struct poly has incorrect alignment");
+  static_assert(sizeof(out->v) == sizeof(vec_t) * VECS_PER_POLY,
+                "struct poly is the wrong size");
+  static_assert(alignof(struct poly) == alignof(vec_t),
+                "struct poly has incorrect alignment");
   poly_assert_normalized(x);
   poly_assert_normalized(y);
 
@@ -1751,8 +1751,7 @@ static void poly_marshal_mod3(uint8_t out[HRSS_POLY3_BYTES],
 // function uses that freedom to implement a flatter distribution of values.
 static void poly_short_sample(struct poly *out,
                               const uint8_t in[HRSS_SAMPLE_BYTES]) {
-  OPENSSL_STATIC_ASSERT(HRSS_SAMPLE_BYTES == N - 1,
-                        "HRSS_SAMPLE_BYTES incorrect");
+  static_assert(HRSS_SAMPLE_BYTES == N - 1, "HRSS_SAMPLE_BYTES incorrect");
   for (size_t i = 0; i < N - 1; i++) {
     uint16_t v = mod3(in[i]);
     // Map {0, 1, 2} -> {0, 1, 0xffff}
@@ -1921,7 +1920,7 @@ struct private_key {
 // that up.)
 static struct public_key *public_key_from_external(
     struct HRSS_public_key *ext) {
-  OPENSSL_STATIC_ASSERT(
+  static_assert(
       sizeof(struct HRSS_public_key) >= sizeof(struct public_key) + 15,
       "HRSS public key too small");
 
@@ -1933,7 +1932,7 @@ static struct public_key *public_key_from_external(
 // issues.
 static struct private_key *private_key_from_external(
     struct HRSS_private_key *ext) {
-  OPENSSL_STATIC_ASSERT(
+  static_assert(
       sizeof(struct HRSS_private_key) >= sizeof(struct private_key) + 15,
       "HRSS private key too small");
 
@@ -2110,8 +2109,8 @@ int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
   // This is HMAC, expanded inline rather than using the |HMAC| function so that
   // we can avoid dealing with possible allocation failures and so keep this
   // function infallible.
-  OPENSSL_STATIC_ASSERT(sizeof(priv->hmac_key) <= sizeof(vars->masked_key),
-                        "HRSS HMAC key larger than SHA-256 block size");
+  static_assert(sizeof(priv->hmac_key) <= sizeof(vars->masked_key),
+                "HRSS HMAC key larger than SHA-256 block size");
   for (size_t i = 0; i < sizeof(priv->hmac_key); i++) {
     vars->masked_key[i] = priv->hmac_key[i] ^ 0x36;
   }
@@ -2133,8 +2132,8 @@ int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
   SHA256_Init(&vars->hash_ctx);
   SHA256_Update(&vars->hash_ctx, vars->masked_key, sizeof(vars->masked_key));
   SHA256_Update(&vars->hash_ctx, inner_digest, sizeof(inner_digest));
-  OPENSSL_STATIC_ASSERT(HRSS_KEY_BYTES == SHA256_DIGEST_LENGTH,
-                        "HRSS shared key length incorrect");
+  static_assert(HRSS_KEY_BYTES == SHA256_DIGEST_LENGTH,
+                "HRSS shared key length incorrect");
   SHA256_Final(out_shared_key, &vars->hash_ctx);
 
   // If the ciphertext is publicly invalid then a random shared key is still
@@ -2187,8 +2186,8 @@ int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
   // The |poly_marshal| here then is just confirming that |poly_unmarshal| is
   // strict and could be omitted.
 
-  OPENSSL_STATIC_ASSERT(HRSS_CIPHERTEXT_BYTES == POLY_BYTES,
-                        "ciphertext is the wrong size");
+  static_assert(HRSS_CIPHERTEXT_BYTES == POLY_BYTES,
+                "ciphertext is the wrong size");
   assert(ciphertext_len == sizeof(vars->expected_ciphertext));
   poly_marshal(vars->expected_ciphertext, &vars->c);
 

crypto/hrss/hrss_test.cc

@@ -490,7 +490,7 @@ TEST(HRSS, ABI) {
   alignas(16) uint16_t b[N + 3] = {0};
 
   uint8_t kCanary[256];
-  OPENSSL_STATIC_ASSERT(sizeof(kCanary) % 32 == 0, "needed for alignment");
+  static_assert(sizeof(kCanary) % 32 == 0, "needed for alignment");
   memset(kCanary, 42, sizeof(kCanary));
   alignas(32) uint8_t
       scratch[sizeof(kCanary) + POLY_MUL_RQ_SCRATCH_SPACE + sizeof(kCanary)];

crypto/mem.c

@@ -72,8 +72,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
 
 
 #define OPENSSL_MALLOC_PREFIX 8
-OPENSSL_STATIC_ASSERT(OPENSSL_MALLOC_PREFIX >= sizeof(size_t),
-                      "size_t too large");
+static_assert(OPENSSL_MALLOC_PREFIX >= sizeof(size_t), "size_t too large");
 
 #if defined(OPENSSL_ASAN)
 void __asan_poison_memory_region(const volatile void *addr, size_t size);

crypto/poly1305/poly1305.c

@@ -18,6 +18,7 @@
 
 #include <openssl/poly1305.h>
 
+#include <assert.h>
 #include <string.h>
 
 #include "internal.h"
@@ -48,7 +49,7 @@ struct poly1305_state_st {
   uint8_t key[16];
 };
 
-OPENSSL_STATIC_ASSERT(
+static_assert(
     sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
     "poly1305_state isn't large enough to hold aligned poly1305_state_st");
 

crypto/poly1305/poly1305_arm.c

@@ -17,6 +17,7 @@
 
 #include <openssl/poly1305.h>
 
+#include <assert.h>
 #include <string.h>
 
 #include "../internal.h"
@@ -183,7 +184,7 @@ struct poly1305_state_st {
   uint8_t key[16];
 };
 
-OPENSSL_STATIC_ASSERT(
+static_assert(
     sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
     "poly1305_state isn't large enough to hold aligned poly1305_state_st.");
 

crypto/poly1305/poly1305_vec.c

@@ -20,6 +20,8 @@
 
 #include <openssl/poly1305.h>
 
+#include <assert.h>
+
 #include "../internal.h"
 
 
@@ -76,9 +78,10 @@ typedef struct poly1305_state_internal_t {
 } poly1305_state_internal; /* 448 bytes total + 63 bytes for
                               alignment = 511 bytes raw */
 
-OPENSSL_STATIC_ASSERT(
-    sizeof(struct poly1305_state_internal_t) + 63 <= sizeof(poly1305_state),
-    "poly1305_state isn't large enough to hold aligned poly1305_state_internal_t");
+static_assert(sizeof(struct poly1305_state_internal_t) + 63 <=
+                  sizeof(poly1305_state),
+              "poly1305_state isn't large enough to hold aligned "
+              "poly1305_state_internal_t");
 
 static inline poly1305_state_internal *poly1305_aligned_state(
     poly1305_state *state) {

crypto/refcount_c11.c

@@ -22,8 +22,6 @@
 #include <stdatomic.h>
 #include <stdlib.h>
 
-#include <openssl/type_check.h>
-
 
 // See comment above the typedef of CRYPTO_refcount_t about these tests.
 static_assert(alignof(CRYPTO_refcount_t) == alignof(_Atomic CRYPTO_refcount_t),

crypto/refcount_lock.c

@@ -14,15 +14,14 @@
 
 #include "internal.h"
 
+#include <assert.h>
 #include <stdlib.h>
 
-#include <openssl/type_check.h>
-
 
 #if !defined(OPENSSL_C11_ATOMIC)
 
-OPENSSL_STATIC_ASSERT((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
-                      "CRYPTO_REFCOUNT_MAX is incorrect");
+static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
+              "CRYPTO_REFCOUNT_MAX is incorrect");
 
 static struct CRYPTO_STATIC_MUTEX g_refcount_lock = CRYPTO_STATIC_MUTEX_INIT;
 

crypto/thread_pthread.c

@@ -16,18 +16,18 @@
 
 #if defined(OPENSSL_PTHREADS)
 
+#include <assert.h>
 #include <pthread.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 
-OPENSSL_STATIC_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(pthread_rwlock_t),
-                      "CRYPTO_MUTEX is too small");
-OPENSSL_STATIC_ASSERT(alignof(CRYPTO_MUTEX) >= alignof(pthread_rwlock_t),
-                      "CRYPTO_MUTEX has insufficient alignment");
+static_assert(sizeof(CRYPTO_MUTEX) >= sizeof(pthread_rwlock_t),
+              "CRYPTO_MUTEX is too small");
+static_assert(alignof(CRYPTO_MUTEX) >= alignof(pthread_rwlock_t),
+              "CRYPTO_MUTEX has insufficient alignment");
 
 void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) {
   if (pthread_rwlock_init((pthread_rwlock_t *) lock, NULL) != 0) {

crypto/thread_win.c

@@ -20,17 +20,17 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 #include <windows.h>
 OPENSSL_MSVC_PRAGMA(warning(pop))
 
+#include <assert.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include <openssl/mem.h>
-#include <openssl/type_check.h>
 
 
-OPENSSL_STATIC_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(SRWLOCK),
-                      "CRYPTO_MUTEX is too small");
-OPENSSL_STATIC_ASSERT(alignof(CRYPTO_MUTEX) >= alignof(SRWLOCK),
-                      "CRYPTO_MUTEX has insufficient alignment");
+static_assert(sizeof(CRYPTO_MUTEX) >= sizeof(SRWLOCK),
+              "CRYPTO_MUTEX is too small");
+static_assert(alignof(CRYPTO_MUTEX) >= alignof(SRWLOCK),
+              "CRYPTO_MUTEX has insufficient alignment");
 
 static BOOL CALLBACK call_once_init(INIT_ONCE *once, void *arg, void **out) {
   void (**init)(void) = (void (**)(void))arg;

include/openssl/ssl3.h

@@ -118,7 +118,6 @@
 #define OPENSSL_HEADER_SSL3_H
 
 #include <openssl/aead.h>
-#include <openssl/type_check.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -251,10 +250,6 @@ extern "C" {
 #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
     (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
 
-OPENSSL_STATIC_ASSERT(SSL3_RT_MAX_ENCRYPTED_OVERHEAD >=
-                          SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
-                      "max overheads are inconsistent");
-
 // SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
 // |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
 // compression overhead.

include/openssl/stack.h

@@ -59,8 +59,6 @@
 
 #include <openssl/base.h>
 
-#include <openssl/type_check.h>
-
 #if defined(__cplusplus)
 extern "C" {
 #endif

include/openssl/type_check.h

@@ -64,22 +64,6 @@ extern "C" {
 #endif
 
 
-#if defined(__cplusplus) || (defined(_MSC_VER) && !defined(__clang__))
-// In C++ and non-clang MSVC, |static_assert| is a keyword.
-#define OPENSSL_STATIC_ASSERT(cond, msg) static_assert(cond, msg)
-#else
-// C11 defines the |_Static_assert| keyword and the |static_assert| macro in
-// assert.h. While the former is available at all versions in Clang and GCC, the
-// later depends on libc and, in glibc, depends on being built in C11 mode. We
-// require C11 mode to build the library but, for now, do not require it in
-// public headers. Use |_Static_assert| directly.
-//
-// TODO(davidben): In July 2022, if the C11 change has not been reverted, switch
-// all uses of this macro within the library to C11 |static_assert|. This macro
-// will only be necessary in public headers.
-#define OPENSSL_STATIC_ASSERT(cond, msg) _Static_assert(cond, msg)
-#endif
-
 // CHECKED_CAST casts |p| from type |from| to type |to|.
 //
 // TODO(davidben): Although this macro is not public API and is unused in

rust/wrapper.h

@@ -70,7 +70,6 @@
 #include "../include/openssl/thread.h"
 #include "../include/openssl/tls1.h"
 #include "../include/openssl/trust_token.h"
-#include "../include/openssl/type_check.h"
 #include "../include/openssl/x509.h"
 #include "../include/openssl/x509_vfy.h"
 #include "../include/openssl/x509v3.h"

ssl/ssl_lib.cc

@@ -166,6 +166,10 @@
 
 BSSL_NAMESPACE_BEGIN
 
+static_assert(SSL3_RT_MAX_ENCRYPTED_OVERHEAD >=
+                  SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
+              "max overheads are inconsistent");
+
 // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
 // to avoid downstream churn.
 OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)