Make CertPathBuilder::Run return Result rather than being an out-param of the constructor.

Bug: 410574
Change-Id: I407332f05d591709f5602d92e5697caa48140ab3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1731102
Commit-Queue: Matt Mueller <mattm@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Reviewed-by: Doug Steedman <dougsteed@chromium.org>
Cr-Commit-Position: refs/heads/master@{#683697}

components/cast_certificate/cast_cert_validator.cc

@@ -303,14 +303,13 @@ CastCertError VerifyDeviceCertUsingCustomTrustStore(
   net::der::GeneralizedTime verification_time;
   if (!net::der::EncodeTimeAsGeneralizedTime(time, &verification_time))
     return CastCertError::ERR_UNEXPECTED;
-  net::CertPathBuilder::Result result;
   net::CertPathBuilder path_builder(
       target_cert.get(), trust_store, &path_builder_delegate, verification_time,
       net::KeyPurpose::CLIENT_AUTH, net::InitialExplicitPolicy::kFalse,
       {net::AnyPolicy()}, net::InitialPolicyMappingInhibit::kFalse,
-      net::InitialAnyPolicyInhibit::kFalse, &result);
+      net::InitialAnyPolicyInhibit::kFalse);
   path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
-  path_builder.Run();
+  net::CertPathBuilder::Result result = path_builder.Run();
   if (!result.HasValidPath())
     return MapToCastError(result);
 

components/cast_certificate/cast_crl.cc

@@ -137,13 +137,12 @@ bool VerifyCRL(const Crl& crl,
   net::SimplePathBuilderDelegate path_builder_delegate(
       2048, net::SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1);
 
-  net::CertPathBuilder::Result result;
   net::CertPathBuilder path_builder(
       parsed_cert.get(), trust_store, &path_builder_delegate, verification_time,
       net::KeyPurpose::ANY_EKU, net::InitialExplicitPolicy::kFalse,
       {net::AnyPolicy()}, net::InitialPolicyMappingInhibit::kFalse,
-      net::InitialAnyPolicyInhibit::kFalse, &result);
-  path_builder.Run();
+      net::InitialAnyPolicyInhibit::kFalse);
+  net::CertPathBuilder::Result result = path_builder.Run();
   if (!result.HasValidPath()) {
     VLOG(2) << "CRL - Issuer certificate verification failed.";
     // TODO(crbug.com/634443): Log the error information.

net/cert/cert_verify_proc_builtin.cc

@@ -421,26 +421,25 @@ struct BuildPathAttempt {
   SimplePathBuilderDelegate::DigestPolicy digest_policy;
 };
 
-void TryBuildPath(const scoped_refptr<ParsedCertificate>& target,
-                  CertIssuerSourceStatic* intermediates,
-                  SystemTrustStore* ssl_trust_store,
-                  base::Time verification_time,
-                  base::TimeTicks deadline,
-                  VerificationType verification_type,
-                  SimplePathBuilderDelegate::DigestPolicy digest_policy,
-                  int flags,
-                  const std::string& ocsp_response,
-                  const CRLSet* crl_set,
-                  CertNetFetcher* net_fetcher,
-                  const EVRootCAMetadata* ev_metadata,
-                  CertPathBuilder::Result* result,
-                  bool* checked_revocation) {
+CertPathBuilder::Result TryBuildPath(
+    const scoped_refptr<ParsedCertificate>& target,
+    CertIssuerSourceStatic* intermediates,
+    SystemTrustStore* ssl_trust_store,
+    base::Time verification_time,
+    base::TimeTicks deadline,
+    VerificationType verification_type,
+    SimplePathBuilderDelegate::DigestPolicy digest_policy,
+    int flags,
+    const std::string& ocsp_response,
+    const CRLSet* crl_set,
+    CertNetFetcher* net_fetcher,
+    const EVRootCAMetadata* ev_metadata,
+    bool* checked_revocation) {
   der::GeneralizedTime der_verification_time;
   if (!der::EncodeTimeAsGeneralizedTime(verification_time,
                                         &der_verification_time)) {
     // This shouldn't be possible.
-    *result = CertPathBuilder::Result();
-    return;
+    return CertPathBuilder::Result();
   }
 
   // Path building will require candidate paths to conform to at least one of
@@ -462,8 +461,7 @@ void TryBuildPath(const scoped_refptr<ParsedCertificate>& target,
       target, ssl_trust_store->GetTrustStore(), &path_builder_delegate,
       der_verification_time, KeyPurpose::SERVER_AUTH,
       InitialExplicitPolicy::kFalse, user_initial_policy_set,
-      InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse,
-      result);
+      InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse);
 
   // Allow the path builder to discover the explicitly provided intermediates in
   // |input_cert|.
@@ -481,7 +479,7 @@ void TryBuildPath(const scoped_refptr<ParsedCertificate>& target,
   path_builder.SetIterationLimit(kPathBuilderIterationLimit);
   path_builder.SetDeadline(deadline);
 
-  path_builder.Run();
+  return path_builder.Run();
 }
 
 int AssignVerifyResult(X509Certificate* input_cert,
@@ -652,11 +650,11 @@ int CertVerifyProcBuiltin::VerifyInternal(
     verification_type = cur_attempt.verification_type;
 
     // Run the attempt through the path builder.
-    TryBuildPath(target, &intermediates, ssl_trust_store.get(),
-                 verification_time, deadline, cur_attempt.verification_type,
-                 cur_attempt.digest_policy, flags, ocsp_response, crl_set,
-                 net_fetcher_.get(), ev_metadata, &result,
-                 &checked_revocation_for_some_path);
+    result = TryBuildPath(
+        target, &intermediates, ssl_trust_store.get(), verification_time,
+        deadline, cur_attempt.verification_type, cur_attempt.digest_policy,
+        flags, ocsp_response, crl_set, net_fetcher_.get(), ev_metadata,
+        &checked_revocation_for_some_path);
 
     if (result.HasValidPath() || result.exceeded_deadline)
       break;

net/cert/internal/path_builder.cc

@@ -545,8 +545,7 @@ CertPathBuilder::CertPathBuilder(
     InitialExplicitPolicy initial_explicit_policy,
     const std::set<der::Input>& user_initial_policy_set,
     InitialPolicyMappingInhibit initial_policy_mapping_inhibit,
-    InitialAnyPolicyInhibit initial_any_policy_inhibit,
-    Result* result)
+    InitialAnyPolicyInhibit initial_any_policy_inhibit)
     : cert_path_iter_(new CertPathIter(std::move(cert), trust_store)),
       delegate_(delegate),
       time_(time),
@@ -554,10 +553,8 @@ CertPathBuilder::CertPathBuilder(
       initial_explicit_policy_(initial_explicit_policy),
       user_initial_policy_set_(user_initial_policy_set),
       initial_policy_mapping_inhibit_(initial_policy_mapping_inhibit),
-      initial_any_policy_inhibit_(initial_any_policy_inhibit),
-      out_result_(result) {
+      initial_any_policy_inhibit_(initial_any_policy_inhibit) {
   DCHECK(delegate);
-  *result = Result();
   // The TrustStore also implements the CertIssuerSource interface.
   AddCertIssuerSource(trust_store);
 }
@@ -577,7 +574,8 @@ void CertPathBuilder::SetDeadline(base::TimeTicks deadline) {
   deadline_ = deadline;
 }
 
-void CertPathBuilder::Run() {
+CertPathBuilder::Result CertPathBuilder::Run() {
+  Result result;
   uint32_t iteration_count = 0;
 
   while (true) {
@@ -589,13 +587,13 @@ void CertPathBuilder::Run() {
                                       &iteration_count, max_iteration_count_)) {
       // No more paths to check.
       if (max_iteration_count_ > 0 && iteration_count > max_iteration_count_) {
-        out_result_->exceeded_iteration_limit = true;
+        result.exceeded_iteration_limit = true;
       }
       if (!deadline_.is_null() && base::TimeTicks::Now() > deadline_) {
-        out_result_->exceeded_deadline = true;
+        result.exceeded_deadline = true;
       }
       RecordIterationCountHistogram(iteration_count);
-      return;
+      return result;
     }
 
     // Verify the entire certificate chain.
@@ -613,25 +611,26 @@ void CertPathBuilder::Run() {
 
     bool path_is_good = result_path->IsValid();
 
-    AddResultPath(std::move(result_path));
+    AddResultPath(std::move(result_path), &result);
 
     if (path_is_good) {
       RecordIterationCountHistogram(iteration_count);
       // Found a valid path, return immediately.
       // TODO(mattm): add debug/test mode that tries all possible paths.
-      return;
+      return result;
     }
     // Path did not verify. Try more paths.
   }
 }
 
 void CertPathBuilder::AddResultPath(
-    std::unique_ptr<CertPathBuilderResultPath> result_path) {
+    std::unique_ptr<CertPathBuilderResultPath> result_path,
+    Result* out_result) {
   // TODO(mattm): set best_result_index based on number or severity of errors.
   if (result_path->IsValid())
-    out_result_->best_result_index = out_result_->paths.size();
+    out_result->best_result_index = out_result->paths.size();
   // TODO(mattm): add flag to only return a single path or all attempted paths?
-  out_result_->paths.push_back(std::move(result_path));
+  out_result->paths.push_back(std::move(result_path));
 }
 
 }  // namespace net

net/cert/internal/path_builder.h

@@ -141,16 +141,14 @@ class NET_EXPORT CertPathBuilder {
   };
 
   // Creates a CertPathBuilder that attempts to find a path from |cert| to a
-  // trust anchor in |trust_store| and is valid at |time|. Details of attempted
-  // path(s) are stored in |*result|.
+  // trust anchor in |trust_store| and is valid at |time|.
   //
-  // The caller must keep |trust_store|, |delegate| and |*result| valid for the
-  // lifetime of the CertPathBuilder.
+  // The caller must keep |trust_store| and |delegate| valid for the lifetime
+  // of the CertPathBuilder.
   //
   // See VerifyCertificateChain() for a more detailed explanation of the
   // same-named parameters not defined below.
   //
-  // * |result|: Storage for the result of path building.
   // * |delegate|: Must be non-null. The delegate is called at various points in
   //               path building to verify specific parts of certificates or the
   //               final chain. See CertPathBuilderDelegate and
@@ -163,8 +161,7 @@ class NET_EXPORT CertPathBuilder {
                   InitialExplicitPolicy initial_explicit_policy,
                   const std::set<der::Input>& user_initial_policy_set,
                   InitialPolicyMappingInhibit initial_policy_mapping_inhibit,
-                  InitialAnyPolicyInhibit initial_any_policy_inhibit,
-                  Result* result);
+                  InitialAnyPolicyInhibit initial_any_policy_inhibit);
   ~CertPathBuilder();
 
   // Adds a CertIssuerSource to provide intermediates for use in path building.
@@ -188,13 +185,12 @@ class NET_EXPORT CertPathBuilder {
 
   // Executes verification of the target certificate.
   //
-  // Upon return results are written to the |result| object passed into the
-  // constructor. Run must not be called more than once on each CertPathBuilder
-  // instance.
-  void Run();
+  // Run must not be called more than once on each CertPathBuilder instance.
+  Result Run();
 
  private:
-  void AddResultPath(std::unique_ptr<CertPathBuilderResultPath> result_path);
+  void AddResultPath(std::unique_ptr<CertPathBuilderResultPath> result_path,
+                     Result* out_result);
 
   std::unique_ptr<CertPathIter> cert_path_iter_;
   CertPathBuilderDelegate* delegate_;
@@ -207,7 +203,7 @@ class NET_EXPORT CertPathBuilder {
   uint32_t max_iteration_count_ = 0;
   base::TimeTicks deadline_;
 
-  Result* out_result_;
+  Result out_result_;
 
   DISALLOW_COPY_AND_ASSIGN(CertPathBuilder);
 };

net/cert/internal/path_builder_pkits_unittest.cc

@@ -157,15 +157,14 @@ class PathBuilderPkitsTestDelegate {
           1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1);
     }
 
-    CertPathBuilder::Result result;
     CertPathBuilder path_builder(
         std::move(target_cert), &trust_store, path_builder_delegate.get(),
         info.time, KeyPurpose::ANY_EKU, info.initial_explicit_policy,
         info.initial_policy_set, info.initial_policy_mapping_inhibit,
-        info.initial_inhibit_any_policy, &result);
+        info.initial_inhibit_any_policy);
     path_builder.AddCertIssuerSource(&cert_issuer_source);
 
-    path_builder.Run();
+    CertPathBuilder::Result result = path_builder.Run();
 
     if (info.should_validate != result.HasValidPath()) {
       for (size_t i = 0; i < result.paths.size(); ++i) {

net/cert/internal/path_builder_unittest.cc

@@ -162,13 +162,12 @@ TEST_F(PathBuilderMultiRootTest, TargetHasNameAndSpkiOfTrustAnchor) {
   trust_store.AddTrustAnchor(a_by_b_);
   trust_store.AddTrustAnchor(b_by_f_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
   const auto& path = *result.GetBestValidPath();
@@ -184,13 +183,12 @@ TEST_F(PathBuilderMultiRootTest, TargetWithSameNameAsTrustAnchorFails) {
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(a_by_b_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
 }
@@ -215,14 +213,13 @@ TEST_F(PathBuilderMultiRootTest, SelfSignedTrustAnchorSupplementalCert) {
   // C(D) is not valid at this time, so path building will fail.
   der::GeneralizedTime expired_time = {2016, 1, 1, 0, 0, 0};
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       b_by_c_, &trust_store, &delegate_, expired_time, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
   ASSERT_EQ(1U, result.paths.size());
@@ -242,13 +239,12 @@ TEST_F(PathBuilderMultiRootTest, TargetIsSelfSignedTrustAnchor) {
   // This is not necessary for the test, just an extra...
   trust_store.AddTrustAnchor(f_by_e_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       e_by_e_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
@@ -266,13 +262,12 @@ TEST_F(PathBuilderMultiRootTest, TargetDirectlySignedByTrustAnchor) {
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(b_by_f_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
   const auto& path = *result.GetBestValidPath();
@@ -295,15 +290,14 @@ TEST_F(PathBuilderMultiRootTest, TriesSyncFirst) {
   async_certs.AddCert(b_by_c_);
   async_certs.AddCert(c_by_e_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&async_certs);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   EXPECT_EQ(0, async_certs.num_async_gets());
@@ -325,16 +319,15 @@ TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) {
   AsyncCertIssuerSourceStatic async_certs2;
   async_certs2.AddCert(f_by_e_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&async_certs1);
   path_builder.AddCertIssuerSource(&async_certs2);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   EXPECT_EQ(1, async_certs1.num_async_gets());
@@ -354,14 +347,13 @@ TEST_F(PathBuilderMultiRootTest, TestLongChain) {
   sync_certs.AddCert(b_by_c_);
   sync_certs.AddCert(c_by_d_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
@@ -389,15 +381,14 @@ TEST_F(PathBuilderMultiRootTest, TestBacktracking) {
   async_certs.AddCert(b_by_c_);
   async_certs.AddCert(c_by_d_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
   path_builder.AddCertIssuerSource(&async_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
@@ -430,14 +421,13 @@ TEST_F(PathBuilderMultiRootTest, TestCertIssuerOrdering) {
         sync_certs.AddCert(cert);
     }
 
-    CertPathBuilder::Result result;
     CertPathBuilder path_builder(
         a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
         initial_explicit_policy_, user_initial_policy_set_,
-        initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+        initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
     path_builder.AddCertIssuerSource(&sync_certs);
 
-    path_builder.Run();
+    auto result = path_builder.Run();
 
     ASSERT_TRUE(result.HasValidPath());
 
@@ -464,11 +454,10 @@ TEST_F(PathBuilderMultiRootTest, TestIterationLimit) {
   for (const bool insufficient_limit : {true, false}) {
     SCOPED_TRACE(insufficient_limit);
 
-    CertPathBuilder::Result result;
     CertPathBuilder path_builder(
         a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
         initial_explicit_policy_, user_initial_policy_set_,
-        initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+        initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
     path_builder.AddCertIssuerSource(&sync_certs);
 
     if (insufficient_limit) {
@@ -483,7 +472,7 @@ TEST_F(PathBuilderMultiRootTest, TestIterationLimit) {
     }
 
     base::HistogramTester histogram_tester;
-    path_builder.Run();
+    auto result = path_builder.Run();
 
     EXPECT_EQ(!insufficient_limit, result.HasValidPath());
     EXPECT_EQ(insufficient_limit, result.exceeded_iteration_limit);
@@ -512,11 +501,10 @@ TEST_F(PathBuilderMultiRootTest, TestTrivialDeadline) {
   for (const bool insufficient_limit : {true, false}) {
     SCOPED_TRACE(insufficient_limit);
 
-    CertPathBuilder::Result result;
     CertPathBuilder path_builder(
         a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
         initial_explicit_policy_, user_initial_policy_set_,
-        initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+        initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
     path_builder.AddCertIssuerSource(&sync_certs);
 
     if (insufficient_limit) {
@@ -532,7 +520,7 @@ TEST_F(PathBuilderMultiRootTest, TestTrivialDeadline) {
                                base::TimeDelta::FromDays(1));
     }
 
-    path_builder.Run();
+    auto result = path_builder.Run();
 
     EXPECT_EQ(!insufficient_limit, result.HasValidPath());
     EXPECT_EQ(insufficient_limit, result.exceeded_deadline);
@@ -619,14 +607,13 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) {
   sync_certs.AddCert(newintermediate_);
   sync_certs.AddCert(newrootrollover_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
 
@@ -669,14 +656,13 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) {
   sync_certs.AddCert(newintermediate_);
   sync_certs.AddCert(newrootrollover_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
 
@@ -706,13 +692,12 @@ TEST_F(PathBuilderKeyRolloverTest, TestAnchorsNoMatchAndNoIssuerSources) {
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(newroot_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
 
@@ -739,14 +724,13 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) {
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(oldintermediate_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store_collection, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   ASSERT_EQ(2U, result.paths.size());
@@ -791,15 +775,14 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) {
   AsyncCertIssuerSourceStatic async_certs;
   async_certs.AddCert(newrootrollover_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
   path_builder.AddCertIssuerSource(&async_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   ASSERT_EQ(3U, result.paths.size());
@@ -849,14 +832,13 @@ TEST_F(PathBuilderKeyRolloverTest, TestEndEntityIsTrustRoot) {
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(newintermediate_);
 
-  CertPathBuilder::Result result;
   // Newintermediate is also the target cert.
   CertPathBuilder path_builder(
       newintermediate_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
 }
@@ -875,15 +857,14 @@ TEST_F(PathBuilderKeyRolloverTest,
   CertIssuerSourceStatic sync_certs;
   sync_certs.AddCert(newrootrollover_);
 
-  CertPathBuilder::Result result;
   // Newroot is the target cert.
   CertPathBuilder path_builder(
       newroot_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   // This could actually be OK, but CertPathBuilder does not build the
   // newroot <- newrootrollover <- oldroot path.
@@ -898,14 +879,13 @@ TEST_F(PathBuilderKeyRolloverTest,
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(newrootrollover_);
 
-  CertPathBuilder::Result result;
   // Newroot is the target cert.
   CertPathBuilder path_builder(
       newroot_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ASSERT_TRUE(result.HasValidPath());
 
@@ -949,16 +929,15 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) {
   AsyncCertIssuerSourceStatic async_certs;
   async_certs.AddCert(newintermediate_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs1);
   path_builder.AddCertIssuerSource(&sync_certs2);
   path_builder.AddCertIssuerSource(&async_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_TRUE(result.HasValidPath());
   ASSERT_EQ(2U, result.paths.size());
@@ -1005,14 +984,13 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) {
   sync_certs.AddCert(oldintermediate_);
   sync_certs.AddCert(newroot_dupe);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&sync_certs);
 
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   EXPECT_FALSE(result.HasValidPath());
   ASSERT_EQ(1U, result.paths.size());
@@ -1081,11 +1059,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) {
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(newroot_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&cert_issuer_source);
 
   // Create the mock CertIssuerSource::Request...
@@ -1124,7 +1101,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) {
   EXPECT_CALL(cert_issuer_source, SyncGetIssuersOf(newintermediate_.get(), _));
 
   // Ensure pathbuilder finished and filled result.
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   // Note that VerifyAndClearExpectations(target_issuers_req) is not called
   // here. PathBuilder could have destroyed it already, so just let the
@@ -1162,11 +1139,10 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) {
   TrustStoreInMemory trust_store;
   trust_store.AddTrustAnchor(newroot_);
 
-  CertPathBuilder::Result result;
   CertPathBuilder path_builder(
       target_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU,
       initial_explicit_policy_, user_initial_policy_set_,
-      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result);
+      initial_policy_mapping_inhibit_, initial_any_policy_inhibit_);
   path_builder.AddCertIssuerSource(&cert_issuer_source);
 
   // Create the mock CertIssuerSource::Request...
@@ -1215,7 +1191,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) {
   EXPECT_CALL(cert_issuer_source, SyncGetIssuersOf(newintermediate_.get(), _));
 
   // Ensure pathbuilder finished and filled result.
-  path_builder.Run();
+  auto result = path_builder.Run();
 
   ::testing::Mock::VerifyAndClearExpectations(&cert_issuer_source);
 
@@ -1259,11 +1235,9 @@ class PathBuilderSimpleChainTest : public ::testing::Test {
 
   // Runs the path builder for the target certificate while |distrusted_cert| is
   // blocked, and |delegate| if non-null.
-  void RunPathBuilder(const scoped_refptr<ParsedCertificate>& distrusted_cert,
-                      CertPathBuilderDelegate* optional_delegate,
-                      CertPathBuilder::Result* result) {
-    ASSERT_EQ(3u, test_.chain.size());
-
+  CertPathBuilder::Result RunPathBuilder(
+      const scoped_refptr<ParsedCertificate>& distrusted_cert,
+      CertPathBuilderDelegate* optional_delegate) {
     // Set up the trust store such that |distrusted_cert| is blocked, and
     // the root is trusted (except if it was |distrusted_cert|).
     TrustStoreInMemory trust_store;
@@ -1292,9 +1266,9 @@ class PathBuilderSimpleChainTest : public ::testing::Test {
     CertPathBuilder path_builder(
         test_.chain.front(), &trust_store, delegate, test_.time,
         KeyPurpose::ANY_EKU, initial_explicit_policy, user_initial_policy_set,
-        initial_policy_mapping_inhibit, initial_any_policy_inhibit, result);
+        initial_policy_mapping_inhibit, initial_any_policy_inhibit);
     path_builder.AddCertIssuerSource(&intermediates);
-    path_builder.Run();
+    return path_builder.Run();
   }
 
  protected:
@@ -1310,20 +1284,18 @@ class PathBuilderDistrustTest : public PathBuilderSimpleChainTest {
  protected:
   // Runs the path builder for the target certificate while |distrusted_cert| is
   // blocked.
-  void RunPathBuilderWithDistrustedCert(
-      const scoped_refptr<ParsedCertificate>& distrusted_cert,
-      CertPathBuilder::Result* result) {
-    RunPathBuilder(distrusted_cert, nullptr, result);
+  CertPathBuilder::Result RunPathBuilderWithDistrustedCert(
+      const scoped_refptr<ParsedCertificate>& distrusted_cert) {
+    return RunPathBuilder(distrusted_cert, nullptr);
   }
 };
 
 // Tests that path building fails when the target, intermediate, or root are
 // distrusted (but the path is otherwise valid).
 TEST_F(PathBuilderDistrustTest, TargetIntermediateRoot) {
-  CertPathBuilder::Result result;
   // First do a control test -- path building without any blocked
   // certificates should work.
-  RunPathBuilderWithDistrustedCert(nullptr, &result);
+  CertPathBuilder::Result result = RunPathBuilderWithDistrustedCert(nullptr);
   {
     EXPECT_TRUE(result.HasValidPath());
     // The built path should be identical the the one read from disk.
@@ -1334,7 +1306,7 @@ TEST_F(PathBuilderDistrustTest, TargetIntermediateRoot) {
   }
 
   // Try path building when only the target is blocked - should fail.
-  RunPathBuilderWithDistrustedCert(test_.chain[0], &result);
+  result = RunPathBuilderWithDistrustedCert(test_.chain[0]);
   {
     EXPECT_FALSE(result.HasValidPath());
     ASSERT_LT(result.best_result_index, result.paths.size());
@@ -1349,7 +1321,7 @@ TEST_F(PathBuilderDistrustTest, TargetIntermediateRoot) {
   }
 
   // Try path building when only the intermediate is blocked - should fail.
-  RunPathBuilderWithDistrustedCert(test_.chain[1], &result);
+  result = RunPathBuilderWithDistrustedCert(test_.chain[1]);
   {
     EXPECT_FALSE(result.HasValidPath());
     ASSERT_LT(result.best_result_index, result.paths.size());
@@ -1365,7 +1337,7 @@ TEST_F(PathBuilderDistrustTest, TargetIntermediateRoot) {
   }
 
   // Try path building when only the root is blocked - should fail.
-  RunPathBuilderWithDistrustedCert(test_.chain[2], &result);
+  result = RunPathBuilderWithDistrustedCert(test_.chain[2]);
   {
     EXPECT_FALSE(result.HasValidPath());
     ASSERT_LT(result.best_result_index, result.paths.size());
@@ -1405,13 +1377,11 @@ class MockPathBuilderDelegate : public CertPathBuilderDelegateBase {
 };
 
 TEST_F(PathBuilderCheckPathAfterVerificationTest, NoOpToValidPath) {
-  CertPathBuilder::Result result;
-
   StrictMock<MockPathBuilderDelegate> delegate;
   // Just verify that the hook is called.
   EXPECT_CALL(delegate, CheckPathAfterVerification(_));
 
-  RunPathBuilder(nullptr, &delegate, &result);
+  CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate);
   EXPECT_TRUE(result.HasValidPath());
 }
 
@@ -1425,10 +1395,8 @@ class AddWarningPathBuilderDelegate : public CertPathBuilderDelegateBase {
 };
 
 TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsWarningToValidPath) {
-  CertPathBuilder::Result result;
-
   AddWarningPathBuilderDelegate delegate;
-  RunPathBuilder(nullptr, &delegate, &result);
+  CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate);
   ASSERT_TRUE(result.HasValidPath());
 
   // A warning should have been added to certificate at index 1 in the path.
@@ -1448,10 +1416,8 @@ class AddErrorPathBuilderDelegate : public CertPathBuilderDelegateBase {
 };
 
 TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsErrorToValidPath) {
-  CertPathBuilder::Result result;
-
   AddErrorPathBuilderDelegate delegate;
-  RunPathBuilder(nullptr, &delegate, &result);
+  CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate);
 
   // Verification failed.
   ASSERT_FALSE(result.HasValidPath());
@@ -1468,14 +1434,12 @@ TEST_F(PathBuilderCheckPathAfterVerificationTest, AddsErrorToValidPath) {
 }
 
 TEST_F(PathBuilderCheckPathAfterVerificationTest, NoopToAlreadyInvalidPath) {
-  CertPathBuilder::Result result;
-
   StrictMock<MockPathBuilderDelegate> delegate;
   // Just verify that the hook is called (on an invalid path).
   EXPECT_CALL(delegate, CheckPathAfterVerification(_));
 
   // Run the pathbuilder with certificate at index 1 actively distrusted.
-  RunPathBuilder(test_.chain[1], &delegate, &result);
+  CertPathBuilder::Result result = RunPathBuilder(test_.chain[1], &delegate);
   EXPECT_FALSE(result.HasValidPath());
 }
 
@@ -1491,10 +1455,8 @@ class SetsDelegateDataPathBuilderDelegate : public CertPathBuilderDelegateBase {
 };
 
 TEST_F(PathBuilderCheckPathAfterVerificationTest, SetsDelegateData) {
-  CertPathBuilder::Result result;
-
   SetsDelegateDataPathBuilderDelegate delegate;
-  RunPathBuilder(nullptr, &delegate, &result);
+  CertPathBuilder::Result result = RunPathBuilder(nullptr, &delegate);
   ASSERT_TRUE(result.HasValidPath());
 
   DelegateData* data = reinterpret_cast<DelegateData*>(

net/cert/internal/path_builder_verify_certificate_chain_unittest.cc

@@ -42,16 +42,15 @@ class PathBuilderTestDelegate {
     for (size_t i = 1; i < test.chain.size(); ++i)
       intermediate_cert_issuer_source.AddCert(test.chain[i]);
 
-    CertPathBuilder::Result result;
     // First cert in the |chain| is the target.
     CertPathBuilder path_builder(
         test.chain.front(), &trust_store, &path_builder_delegate, test.time,
         test.key_purpose, test.initial_explicit_policy,
         test.user_initial_policy_set, test.initial_policy_mapping_inhibit,
-        test.initial_any_policy_inhibit, &result);
+        test.initial_any_policy_inhibit);
     path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
 
-    path_builder.Run();
+    CertPathBuilder::Result result = path_builder.Run();
     EXPECT_EQ(!test.HasHighSeverityErrors(), result.HasValidPath());
   }
 };

net/tools/cert_verify_tool/verify_using_path_builder.cc

@@ -166,12 +166,11 @@ bool VerifyUsingPathBuilder(
   // Verify the chain.
   net::SimplePathBuilderDelegate delegate(
       2048, net::SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1);
-  net::CertPathBuilder::Result result;
   net::CertPathBuilder path_builder(
       target_cert, ssl_trust_store->GetTrustStore(), &delegate, time,
       net::KeyPurpose::SERVER_AUTH, net::InitialExplicitPolicy::kFalse,
       {net::AnyPolicy()}, net::InitialPolicyMappingInhibit::kFalse,
-      net::InitialAnyPolicyInhibit::kFalse, &result);
+      net::InitialAnyPolicyInhibit::kFalse);
   path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source);
 
   std::unique_ptr<net::CertIssuerSourceAia> aia_cert_issuer_source;
@@ -182,7 +181,7 @@ bool VerifyUsingPathBuilder(
   }
 
   // Run the path builder.
-  path_builder.Run();
+  net::CertPathBuilder::Result result = path_builder.Run();
 
   // TODO(crbug.com/634443): Display any errors/warnings associated with path
   //                         building that were not part of a particular