crypto/tls: don't copy Mutex or Once values

This fixes some 40 warnings from go vet.

Fixes #16134.

Change-Id: Ib9fcba275fe692f027a2a07b581c8cf503b11087
Reviewed-on: https://go-review.googlesource.com/24287
Reviewed-by: Brad Fitzpatrick <[email protected]>
Run-TryBot: Ian Lance Taylor <[email protected]>

Author: ianlancetaylor

src/crypto/tls/common.go

@@ -422,6 +422,33 @@ func ticketKeyFromBytes(b [32]byte) (key ticketKey) {
 	return key
 }
 
+// clone returns a copy of c. Only the exported fields are copied.
+func (c *Config) clone() *Config {
+	return &Config{
+		Rand:                        c.Rand,
+		Time:                        c.Time,
+		Certificates:                c.Certificates,
+		NameToCertificate:           c.NameToCertificate,
+		GetCertificate:              c.GetCertificate,
+		RootCAs:                     c.RootCAs,
+		NextProtos:                  c.NextProtos,
+		ServerName:                  c.ServerName,
+		ClientAuth:                  c.ClientAuth,
+		ClientCAs:                   c.ClientCAs,
+		InsecureSkipVerify:          c.InsecureSkipVerify,
+		CipherSuites:                c.CipherSuites,
+		PreferServerCipherSuites:    c.PreferServerCipherSuites,
+		SessionTicketsDisabled:      c.SessionTicketsDisabled,
+		SessionTicketKey:            c.SessionTicketKey,
+		ClientSessionCache:          c.ClientSessionCache,
+		MinVersion:                  c.MinVersion,
+		MaxVersion:                  c.MaxVersion,
+		CurvePreferences:            c.CurvePreferences,
+		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
+		Renegotiation:               c.Renegotiation,
+	}
+}
+
 func (c *Config) serverInit() {
 	if c.SessionTicketsDisabled {
 		return

src/crypto/tls/conn_test.go

@@ -124,9 +124,9 @@ func TestCertificateSelection(t *testing.T) {
 func runDynamicRecordSizingTest(t *testing.T, config *Config) {
 	clientConn, serverConn := net.Pipe()
 
-	serverConfig := *config
+	serverConfig := config.clone()
 	serverConfig.DynamicRecordSizingDisabled = false
-	tlsConn := Server(serverConn, &serverConfig)
+	tlsConn := Server(serverConn, serverConfig)
 
 	recordSizesChan := make(chan []int, 1)
 	go func() {
@@ -225,19 +225,19 @@ func runDynamicRecordSizingTest(t *testing.T, config *Config) {
 }
 
 func TestDynamicRecordSizingWithStreamCipher(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA}
-	runDynamicRecordSizingTest(t, &config)
+	runDynamicRecordSizingTest(t, config)
 }
 
 func TestDynamicRecordSizingWithCBC(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA}
-	runDynamicRecordSizingTest(t, &config)
+	runDynamicRecordSizingTest(t, config)
 }
 
 func TestDynamicRecordSizingWithAEAD(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
-	runDynamicRecordSizingTest(t, &config)
+	runDynamicRecordSizingTest(t, config)
 }

src/crypto/tls/handshake_client_test.go

@@ -509,14 +509,14 @@ func TestHandshakeClientAES256GCMSHA384(t *testing.T) {
 }
 
 func TestHandshakeClientCertRSA(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM))
 	config.Certificates = []Certificate{cert}
 
 	test := &clientTest{
 		name:    "ClientCert-RSA-RSA",
 		command: []string{"openssl", "s_server", "-cipher", "RC4-SHA", "-verify", "1"},
-		config:  &config,
+		config:  config,
 	}
 
 	runClientTestTLS10(t, test)
@@ -525,7 +525,7 @@ func TestHandshakeClientCertRSA(t *testing.T) {
 	test = &clientTest{
 		name:    "ClientCert-RSA-ECDSA",
 		command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"},
-		config:  &config,
+		config:  config,
 		cert:    testECDSACertificate,
 		key:     testECDSAPrivateKey,
 	}
@@ -536,7 +536,7 @@ func TestHandshakeClientCertRSA(t *testing.T) {
 	test = &clientTest{
 		name:    "ClientCert-RSA-AES256-GCM-SHA384",
 		command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-verify", "1"},
-		config:  &config,
+		config:  config,
 		cert:    testRSACertificate,
 		key:     testRSAPrivateKey,
 	}
@@ -545,14 +545,14 @@ func TestHandshakeClientCertRSA(t *testing.T) {
 }
 
 func TestHandshakeClientCertECDSA(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	cert, _ := X509KeyPair([]byte(clientECDSACertificatePEM), []byte(clientECDSAKeyPEM))
 	config.Certificates = []Certificate{cert}
 
 	test := &clientTest{
 		name:    "ClientCert-ECDSA-RSA",
 		command: []string{"openssl", "s_server", "-cipher", "RC4-SHA", "-verify", "1"},
-		config:  &config,
+		config:  config,
 	}
 
 	runClientTestTLS10(t, test)
@@ -561,7 +561,7 @@ func TestHandshakeClientCertECDSA(t *testing.T) {
 	test = &clientTest{
 		name:    "ClientCert-ECDSA-ECDSA",
 		command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"},
-		config:  &config,
+		config:  config,
 		cert:    testECDSACertificate,
 		key:     testECDSAPrivateKey,
 	}
@@ -691,15 +691,15 @@ func TestLRUClientSessionCache(t *testing.T) {
 }
 
 func TestHandshakeClientALPNMatch(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.NextProtos = []string{"proto2", "proto1"}
 
 	test := &clientTest{
 		name: "ALPN",
 		// Note that this needs OpenSSL 1.0.2 because that is the first
 		// version that supports the -alpn flag.
 		command: []string{"openssl", "s_server", "-alpn", "proto1,proto2"},
-		config:  &config,
+		config:  config,
 		validate: func(state ConnectionState) error {
 			// The server's preferences should override the client.
 			if state.NegotiatedProtocol != "proto1" {
@@ -712,15 +712,15 @@ func TestHandshakeClientALPNMatch(t *testing.T) {
 }
 
 func TestHandshakeClientALPNNoMatch(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.NextProtos = []string{"proto3"}
 
 	test := &clientTest{
 		name: "ALPN-NoMatch",
 		// Note that this needs OpenSSL 1.0.2 because that is the first
 		// version that supports the -alpn flag.
 		command: []string{"openssl", "s_server", "-alpn", "proto1,proto2"},
-		config:  &config,
+		config:  config,
 		validate: func(state ConnectionState) error {
 			// There's no overlap so OpenSSL will not select a protocol.
 			if state.NegotiatedProtocol != "" {
@@ -736,7 +736,7 @@ func TestHandshakeClientALPNNoMatch(t *testing.T) {
 const sctsBase64 = "ABIBaQFnAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFHl5nuFgAABAMARjBEAiAcS4JdlW5nW9sElUv2zvQyPoZ6ejKrGGB03gjaBZFMLwIgc1Qbbn+hsH0RvObzhS+XZhr3iuQQJY8S9G85D9KeGPAAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUeX4bVwAAAEAwBHMEUCIDIhFDgG2HIuADBkGuLobU5a4dlCHoJLliWJ1SYT05z6AiEAjxIoZFFPRNWMGGIjskOTMwXzQ1Wh2e7NxXE1kd1J0QsAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAUhcZIqHAAAEAwBHMEUCICmJ1rBT09LpkbzxtUC+Hi7nXLR0J+2PmwLp+sJMuqK+AiEAr0NkUnEVKVhAkccIFpYDqHOlZaBsuEhWWrYpg2RtKp0="
 
 func TestHandshakClientSCTs(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 
 	scts, err := base64.StdEncoding.DecodeString(sctsBase64)
 	if err != nil {
@@ -748,7 +748,7 @@ func TestHandshakClientSCTs(t *testing.T) {
 		// Note that this needs OpenSSL 1.0.2 because that is the first
 		// version that supports the -serverinfo flag.
 		command:    []string{"openssl", "s_server"},
-		config:     &config,
+		config:     config,
 		extensions: [][]byte{scts},
 		validate: func(state ConnectionState) error {
 			expectedSCTs := [][]byte{
@@ -771,11 +771,11 @@ func TestHandshakClientSCTs(t *testing.T) {
 }
 
 func TestRenegotiationRejected(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	test := &clientTest{
 		name:                        "RenegotiationRejected",
 		command:                     []string{"openssl", "s_server", "-state"},
-		config:                      &config,
+		config:                      config,
 		numRenegotiations:           1,
 		renegotiationExpectedToFail: 1,
 		checkRenegotiationError: func(renegotiationNum int, err error) error {
@@ -793,41 +793,41 @@ func TestRenegotiationRejected(t *testing.T) {
 }
 
 func TestRenegotiateOnce(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.Renegotiation = RenegotiateOnceAsClient
 
 	test := &clientTest{
 		name:              "RenegotiateOnce",
 		command:           []string{"openssl", "s_server", "-state"},
-		config:            &config,
+		config:            config,
 		numRenegotiations: 1,
 	}
 
 	runClientTestTLS12(t, test)
 }
 
 func TestRenegotiateTwice(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.Renegotiation = RenegotiateFreelyAsClient
 
 	test := &clientTest{
 		name:              "RenegotiateTwice",
 		command:           []string{"openssl", "s_server", "-state"},
-		config:            &config,
+		config:            config,
 		numRenegotiations: 2,
 	}
 
 	runClientTestTLS12(t, test)
 }
 
 func TestRenegotiateTwiceRejected(t *testing.T) {
-	config := *testConfig
+	config := testConfig.clone()
 	config.Renegotiation = RenegotiateOnceAsClient
 
 	test := &clientTest{
 		name:                        "RenegotiateTwiceRejected",
 		command:                     []string{"openssl", "s_server", "-state"},
-		config:                      &config,
+		config:                      config,
 		numRenegotiations:           2,
 		renegotiationExpectedToFail: 2,
 		checkRenegotiationError: func(renegotiationNum int, err error) error {