There was a need to support thread ID types that couldn't be reliably cast

to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.

doc/crypto/BN_BLINDING_new.pod

@@ -4,7 +4,7 @@
 
 BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, 
 BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, 
-BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags,
+BN_BLINDING_set_thread, BN_BLINDING_cmp_thread, BN_BLINDING_get_flags,
 BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM
 functions.
 
@@ -22,8 +22,10 @@ functions.
 	BN_CTX *ctx);
  int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
 	BN_CTX *ctx);
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+
+ void BN_BLINDING_set_thread(BN_BLINDING *);
+ int BN_BLINDING_cmp_thread(const BN_BLINDING *,
+        const CRYPTO_THREADID *);
  unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
  void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
  BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
@@ -54,11 +56,10 @@ BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper
 functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex()
 with B<r> set to NULL.
 
-BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id()
-set and get the "thread id" value of the B<BN_BLINDING> structure,
-a field provided to users of B<BN_BLINDING> structure to help them
-provide proper locking if needed for multi-threaded use. The 
-"thread id" of a newly allocated B<BN_BLINDING> structure is zero.
+BN_BLINDING_set_thread() and BN_BLINDING_cmp_thread()
+set and compare the "thread id" of the B<BN_BLINDING> structure,
+allowing users of the B<BN_BLINDING> structure to
+provide proper locking if needed for multi-threaded use.
 
 BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently
 there are two supported flags: B<BN_BLINDING_NO_UPDATE> and
@@ -85,6 +86,12 @@ success and 0 if an error occured.
 
 BN_BLINDING_get_thread_id() returns the thread id (a B<unsigned long>
 value) or 0 if not set.
+BN_BLINDING_cmp_thread() returns 0 if the thread id associated with the
+B<BN_BLINDING> structure equals the provided thread id (which can be
+obtained by CRYPTO_THREADID_set()), otherwise it returns -1 or +1
+to indicate the thread ids are different (if the target architecture
+supports ordering of thread ids, this follows the traditional "cmp"
+semantics of memcmp() or strcmp()).
 
 BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
 (a B<unsigned long> value).
@@ -102,6 +109,14 @@ BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id,
 BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags
 and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8
 
+BN_BLINDING_get_thread_idptr, BN_BLINDING_set_thread_idptr were first
+introduced in OpenSSL 0.9.9
+
+BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id,
+BN_BLINDING_get_thread_idptr, BN_BLINDING_set_thread_idptr were all
+deprecated in favour of BN_BLINDING_set_thread, BN_BLINDING_cmp_thread
+which were introduced in OpenSSL 0.9.9
+
 =head1 AUTHOR
 
 Nils Larsch for the OpenSSL project (http://www.openssl.org).

doc/crypto/bn.pod

@@ -131,8 +131,10 @@ bn - multiprecision integer arithmetics
 	BN_CTX *ctx);
  int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
 	BN_CTX *ctx);
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+ void BN_BLINDING_set_thread(BN_BLINDING *);
+ int BN_BLINDING_cmp_thread(const BN_BLINDING *,
+        const CRYPTO_THREADID *);
+
  unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
  void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
  BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,

doc/crypto/threads.pod

@@ -76,9 +76,7 @@ below).
 
 idptr_function(void) is a function that similarly returns a thread ID,
 but of type void *.  This is not needed on platforms where &errno is
-different for each thread.  OpenSSL assumes that it is in the same
-thread iff both the numerical and the pointer thread ID agree, so it
-suffices to define one of these two callback functions appropriately.
+different for each thread.
 
 Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
 of OpenSSL need it for better performance.  To enable this, the following
@@ -166,7 +164,9 @@ There is still the issue of platforms where pthread_self() returns
 something other than an integer.  It is for cases like this that
 CRYPTO_set_idptr_callback() comes in handy.  (E.g., call malloc(1)
 once in each thread, and have idptr_function() return a pointer to
-this object.)
+this object.) Note that if neither id_function() or idptr_function()
+are provided, OpenSSL will use (&errno) as a fallback (as this
+usually returns a unique address for each thread).
 
 =head1 EXAMPLES