_ZN5Botan11ASN1_ObjectD2Ev:
  114|  34.9k|      virtual ~ASN1_Object() = default;
_ZN5Botan10BER_ObjectC2Ev:
  122|  51.0k|      BER_Object() : m_type_tag(ASN1_Type::NoObject), m_class_tag(ASN1_Class::Universal) {}
_ZNK5Botan10BER_Object6is_setEv:
  132|  59.6k|      bool is_set() const { return m_type_tag != ASN1_Type::NoObject; }
_ZNK5Botan10BER_Object7taggingEv:
  134|  31.5k|      uint32_t tagging() const { return type_tag() | class_tag(); }
_ZNK5Botan10BER_Object8type_tagEv:
  136|  31.5k|      ASN1_Type type_tag() const { return m_type_tag; }
_ZNK5Botan10BER_Object9class_tagEv:
  138|  31.5k|      ASN1_Class class_tag() const { return m_class_tag; }
_ZNK5Botan10BER_Object4typeEv:
  140|  5.43k|      ASN1_Type type() const { return m_type_tag; }
_ZNK5Botan10BER_Object4bitsEv:
  144|   204k|      const uint8_t* bits() const { return m_value.data(); }
_ZNK5Botan10BER_Object6lengthEv:
  146|   449k|      size_t length() const { return m_value.size(); }
_ZN5Botan10BER_Object12mutable_bitsEm:
  163|  28.0k|      uint8_t* mutable_bits(size_t length) {
  164|  28.0k|         m_value.resize(length);
  165|  28.0k|         return m_value.data();
  166|  28.0k|      }
_ZN5Botan3OIDC2Ev:
  212|  6.39k|      explicit OID() {}
_ZNK5Botan11ASN1_String5emptyEv:
  411|  2.42k|      bool empty() const { return m_utf8_str.empty(); }
_ZN5BotanorENS_10ASN1_ClassES0_:
   76|  14.9k|inline ASN1_Class operator|(ASN1_Class x, ASN1_Class y) {
   77|  14.9k|   return static_cast<ASN1_Class>(static_cast<uint32_t>(x) | static_cast<uint32_t>(y));
   78|  14.9k|}
_ZN5BotanorENS_9ASN1_TypeENS_10ASN1_ClassE:
   80|  31.5k|inline uint32_t operator|(ASN1_Type x, ASN1_Class y) { return static_cast<uint32_t>(x) | static_cast<uint32_t>(y); }
_ZN5BotanorENS_10ASN1_ClassENS_9ASN1_TypeE:
   82|  3.40k|inline uint32_t operator|(ASN1_Class x, ASN1_Type y) { return static_cast<uint32_t>(x) | static_cast<uint32_t>(y); }
_ZN5Botan11ASN1_ObjectC2ERKS0_:
  112|  10.2k|      ASN1_Object(const ASN1_Object&) = default;
_ZN5Botan11ASN1_ObjectC2Ev:
  111|  24.6k|      ASN1_Object() = default;
_ZN5Botan19AlgorithmIdentifierC2Ev:
  439|  3.67k|      AlgorithmIdentifier() = default;
_ZN5Botan9ASN1_TimeC2Ev:
  354|    888|      ASN1_Time() = default;
_ZN5Botan10BER_ObjectaSEOS0_:
  130|    836|      BER_Object& operator=(BER_Object&& other) = default;
_ZN5Botan10BER_ObjectC2EOS0_:
  128|  14.5k|      BER_Object(BER_Object&& other) = default;

_ZN5Botan12ignore_paramIRmEEvOT_:
  111|    279|void ignore_param(T&&) {}
_ZN5Botan13ignore_paramsIJRhEEEvDpOT_:
  114|  2.72k|void ignore_params(T&&... args) {
  115|  2.72k|   (ignore_param(args), ...);
  116|  2.72k|}
_ZN5Botan12ignore_paramIRhEEvOT_:
  111|  2.72k|void ignore_param(T&&) {}
_ZN5Botan13ignore_paramsIJRmEEEvDpOT_:
  114|    279|void ignore_params(T&&... args) {
  115|    279|   (ignore_param(args), ...);
  116|    279|}
_ZN5Botan13ignore_paramsIJRKmEEEvDpOT_:
  114|    113|void ignore_params(T&&... args) {
  115|    113|   (ignore_param(args), ...);
  116|    113|}
_ZN5Botan12ignore_paramIRKmEEvOT_:
  111|    113|void ignore_param(T&&) {}

_ZN5Botan11BER_DecoderC2EONS_10BER_ObjectE:
   56|    162|      BER_Decoder(BER_Object&& obj) : BER_Decoder(std::move(obj), nullptr) {}
_ZN5Botan11BER_Decoder14start_sequenceEv:
  112|  11.8k|      BER_Decoder start_sequence() { return start_cons(ASN1_Type::Sequence, ASN1_Class::Universal); }
_ZN5Botan11BER_Decoder9start_setEv:
  114|  2.95k|      BER_Decoder start_set() { return start_cons(ASN1_Type::Set, ASN1_Class::Universal); }
_ZN5Botan11BER_Decoder6decodeERm:
  178|    162|      BER_Decoder& decode(size_t& out) { return decode(out, ASN1_Type::Integer, ASN1_Class::Universal); }
_ZN5Botan11BER_Decoder6decodeERNS_6BigIntE:
  183|    297|      BER_Decoder& decode(BigInt& out) { return decode(out, ASN1_Type::Integer, ASN1_Class::Universal); }
_ZN5Botan11BER_Decoder6decodeINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EENS_9ASN1_TypeE:
  195|    508|      BER_Decoder& decode(std::vector<uint8_t, Alloc>& out, ASN1_Type real_type) {
  196|    508|         return decode(out, real_type, real_type, ASN1_Class::Universal);
  197|    508|      }
_ZN5Botan11BER_Decoder9raw_bytesINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EE:
  160|  7.26k|      BER_Decoder& raw_bytes(std::vector<uint8_t, Alloc>& out) {
  161|  7.26k|         out.clear();
  162|  7.26k|         uint8_t buf;
  163|   141k|         while(m_source->read_byte(buf))
  ------------------
  |  Branch (163:16): [True: 134k, False: 7.26k]
  ------------------
  164|   134k|            out.push_back(buf);
  165|  7.26k|         return (*this);
  166|  7.26k|      }
_ZN5Botan11BER_Decoder15decode_optionalImEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS3_:
  313|    444|BER_Decoder& BER_Decoder::decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value) {
  314|    444|   BER_Object obj = get_next_object();
  315|       |
  316|    444|   if(obj.is_a(type_tag, class_tag)) {
  ------------------
  |  Branch (316:7): [True: 162, False: 282]
  ------------------
  317|    162|      if(class_tag == ASN1_Class::ExplicitContextSpecific) {
  ------------------
  |  Branch (317:10): [True: 162, False: 0]
  ------------------
  318|    162|         BER_Decoder(std::move(obj)).decode(out).verify_end();
  319|    162|      } else {
  320|      0|         push_back(std::move(obj));
  321|      0|         decode(out, type_tag, class_tag);
  322|      0|      }
  323|    282|   } else {
  324|    282|      out = default_value;
  325|    282|      push_back(std::move(obj));
  326|    282|   }
  327|       |
  328|    444|   return (*this);
  329|    444|}

_ZN5Botan6BigIntD2Ev:
  147|    914|      ~BigInt() { const_time_unpoison(); }
_ZN5Botan6BigIntaSEOS0_:
  152|    308|      BigInt& operator=(BigInt&& other) {
  153|    308|         if(this != &other)
  ------------------
  |  Branch (153:13): [True: 308, False: 0]
  ------------------
  154|    308|            this->swap(other);
  155|       |
  156|    308|         return (*this);
  157|    308|      }
_ZN5Botan6BigInt4swapERS0_:
  168|    308|      void swap(BigInt& other) {
  169|    308|         m_data.swap(other.m_data);
  170|    308|         std::swap(m_signedness, other.m_signedness);
  171|    308|      }
_ZN5Botan6BigInt5clearEv:
  366|    371|      void clear() {
  367|    371|         m_data.set_to_zero();
  368|    371|         m_signedness = Positive;
  369|    371|      }
_ZNK5Botan6BigInt7is_zeroEv:
  424|    165|      bool is_zero() const { return (sig_words() == 0); }
_ZNK5Botan6BigInt7word_atEm:
  514|    201|      word word_at(size_t n) const { return m_data.get_word_at(n); }
_ZNK5Botan6BigInt11is_negativeEv:
  524|    160|      bool is_negative() const { return (sign() == Negative); }
_ZNK5Botan6BigInt4signEv:
  536|    325|      Sign sign() const { return (m_signedness); }
_ZNK5Botan6BigInt12reverse_signEv:
  541|    165|      Sign reverse_sign() const {
  542|    165|         if(sign() == Positive)
  ------------------
  |  Branch (542:13): [True: 165, False: 0]
  ------------------
  543|    165|            return Negative;
  544|      0|         return Positive;
  545|    165|      }
_ZN5Botan6BigInt9flip_signEv:
  550|    165|      void flip_sign() { set_sign(reverse_sign()); }
_ZN5Botan6BigInt8set_signENS0_4SignE:
  556|    165|      void set_sign(Sign sign) {
  557|    165|         if(sign == Negative && is_zero())
  ------------------
  |  Branch (557:13): [True: 165, False: 0]
  |  Branch (557:33): [True: 0, False: 165]
  ------------------
  558|      0|            sign = Positive;
  559|       |
  560|    165|         m_signedness = sign;
  561|    165|      }
_ZNK5Botan6BigInt9sig_wordsEv:
  578|    395|      size_t sig_words() const { return m_data.sig_words(); }
_ZNK5Botan6BigInt19const_time_unpoisonEv:
  710|    914|      void const_time_unpoison() const {}
_ZNK5Botan6BigInt4Data11get_word_atEm:
  830|    201|            word get_word_at(size_t n) const {
  831|    201|               if(n < m_reg.size())
  ------------------
  |  Branch (831:19): [True: 189, False: 12]
  ------------------
  832|    189|                  return m_reg[n];
  833|     12|               return 0;
  834|    201|            }
_ZN5Botan6BigInt4Data11set_to_zeroEv:
  851|    371|            void set_to_zero() {
  852|    371|               m_reg.resize(m_reg.capacity());
  853|    371|               clear_mem(m_reg.data(), m_reg.size());
  854|    371|               m_sig_words = 0;
  855|    371|            }
_ZN5Botan6BigInt4Data4swapERS1_:
  900|    308|            void swap(Data& other) {
  901|    308|               m_reg.swap(other.m_reg);
  902|    308|               std::swap(m_sig_words, other.m_sig_words);
  903|    308|            }
_ZN5Botan6BigInt4Data4swapERNSt3__16vectorImNS_16secure_allocatorImEEEE:
  905|    308|            void swap(secure_vector<word>& reg) {
  906|    308|               m_reg.swap(reg);
  907|    308|               invalidate_sig_words();
  908|    308|            }
_ZNK5Botan6BigInt4Data20invalidate_sig_wordsEv:
  910|    308|            void invalidate_sig_words() const { m_sig_words = sig_words_npos; }
_ZNK5Botan6BigInt4Data9sig_wordsEv:
  912|    395|            size_t sig_words() const {
  913|    395|               if(m_sig_words == sig_words_npos) {
  ------------------
  |  Branch (913:19): [True: 279, False: 116]
  ------------------
  914|    279|                  m_sig_words = calc_sig_words();
  915|    279|               } else {
  916|    116|                  BOTAN_DEBUG_ASSERT(m_sig_words == calc_sig_words());
  ------------------
  |  |   99|    116|      do {                          \
  |  |  100|    116|      } while(0)
  |  |  ------------------
  |  |  |  Branch (100:15): [Folded - Ignored]
  |  |  ------------------
  ------------------
  917|    116|               }
  918|    395|               return m_sig_words;
  919|    395|            }
_ZN5Botan6BigIntC2Ev:
   39|    606|      BigInt() = default;

_ZN5Botan20Buffered_Computation6updateEPKhm:
   34|  30.0k|      void update(const uint8_t in[], size_t length) { add_data(in, length); }
_ZN5Botan20Buffered_Computation6updateENSt3__14spanIKhLm18446744073709551615EEE:
   40|  5.54k|      void update(std::span<const uint8_t> in) { add_data(in.data(), in.size()); }
_ZN5Botan20Buffered_Computation12final_stdvecEv:
   83|  32.8k|      std::vector<uint8_t> final_stdvec() { return final<std::vector<uint8_t>>(); }
_ZN5Botan20Buffered_Computation5finalINSt3__16vectorIhNS2_9allocatorIhEEEEEET_v:
   77|  32.8k|      T final() {
   78|  32.8k|         T output(output_length());
   79|  32.8k|         final_result(output.data());
   80|  32.8k|         return output;
   81|  32.8k|      }
_ZN5Botan20Buffered_ComputationD2Ev:
  133|  38.2k|      virtual ~Buffered_Computation() = default;

_ZN5Botan17DataSource_MemoryC2EPKhm:
  118|  13.7k|      DataSource_Memory(const uint8_t in[], size_t length) : m_source(in, in + length), m_offset(0) {}
_ZN5Botan17DataSource_MemoryC2ENSt3__16vectorIhNS_16secure_allocatorIhEEEE:
  124|  16.8k|      explicit DataSource_Memory(secure_vector<uint8_t> in) : m_source(std::move(in)), m_offset(0) {}
_ZN5Botan10DataSourceC2Ev:
   91|  44.8k|      DataSource() = default;
_ZN5Botan10DataSourceD2Ev:
   92|  44.8k|      virtual ~DataSource() = default;

_ZNK5Botan9Exception4whatEv:
   93|  1.22k|      const char* what() const noexcept override { return m_msg.c_str(); }
_ZN5Botan13Invalid_StateC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
  208|     14|      explicit Invalid_State(std::string_view err) : Exception(err) {}

_ZN5Botan10ct_is_zeroIhEET_S1_:
   35|  74.5k|{
   36|  74.5k|   return expand_top_bit<T>(~x & (x - 1));
   37|  74.5k|}
_ZN5Botan14expand_top_bitIhEET_S1_:
   25|   167k|{
   26|   167k|   return static_cast<T>(0) - (a >> (sizeof(T) * 8 - 1));
   27|   167k|}
_ZN5Botan10ct_is_zeroImEET_S1_:
   35|  2.94k|{
   36|  2.94k|   return expand_top_bit<T>(~x & (x - 1));
   37|  2.94k|}
_ZN5Botan14expand_top_bitImEET_S1_:
   25|  2.94k|{
   26|  2.94k|   return static_cast<T>(0) - (a >> (sizeof(T) * 8 - 1));
   27|  2.94k|}
_ZN5Botan6chooseIjEET_S1_S1_S1_:
  168|  6.94M|inline constexpr T choose(T mask, T a, T b) {
  169|       |   //return (mask & a) | (~mask & b);
  170|  6.94M|   return (b ^ (mask & (a ^ b)));
  171|  6.94M|}
_ZN5Botan8majorityIjEET_S1_S1_S1_:
  174|  3.47M|inline constexpr T majority(T a, T b, T c) {
  175|       |   /*
  176|       |   Considering each bit of a, b, c individually
  177|       |
  178|       |   If a xor b is set, then c is the deciding vote.
  179|       |
  180|       |   If a xor b is not set then either a and b are both set or both unset.
  181|       |   In either case the value of c doesn't matter, and examining b (or a)
  182|       |   allows us to determine which case we are in.
  183|       |   */
  184|  3.47M|   return choose(a ^ b, c, b);
  185|  3.47M|}
_ZN5Botan6chooseIhEET_S1_S1_S1_:
  168|   162k|inline constexpr T choose(T mask, T a, T b) {
  169|       |   //return (mask & a) | (~mask & b);
  170|   162k|   return (b ^ (mask & (a ^ b)));
  171|   162k|}
_ZN5Botan9ceil_log2ImEEhT_:
  124|  8.18k|{
  125|  8.18k|   if(x >> (sizeof(T) * 8 - 1))
  ------------------
  |  Branch (125:7): [True: 0, False: 8.18k]
  ------------------
  126|      0|      return sizeof(T) * 8;
  127|       |
  128|  8.18k|   uint8_t result = 0;
  129|  8.18k|   T compare = 1;
  130|       |
  131|  57.3k|   while(compare < x) {
  ------------------
  |  Branch (131:10): [True: 49.1k, False: 8.18k]
  ------------------
  132|  49.1k|      compare <<= 1;
  133|  49.1k|      result++;
  134|  49.1k|   }
  135|       |
  136|  8.18k|   return result;
  137|  8.18k|}
_ZN5Botan13is_power_of_2ImEEbT_:
   47|  8.18k|{
   48|  8.18k|   return (arg != 0) && (arg != 1) && ((arg & static_cast<T>(arg - 1)) == 0);
  ------------------
  |  Branch (48:11): [True: 8.18k, False: 0]
  |  Branch (48:25): [True: 8.18k, False: 0]
  |  Branch (48:39): [True: 8.18k, False: 0]
  ------------------
   49|  8.18k|}
_ZN5Botan8high_bitImEEmT_:
   60|    113|{
   61|    113|   size_t hb = 0;
   62|       |
   63|    791|   for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) {
  ------------------
  |  Branch (63:38): [True: 678, False: 113]
  ------------------
   64|    678|      const size_t z = s * ((~ct_is_zero(n >> s)) & 1);
   65|    678|      hb += z;
   66|    678|      n >>= z;
   67|    678|   }
   68|       |
   69|    113|   hb += n;
   70|       |
   71|    113|   return hb;
   72|    113|}

_ZN5Botan13reverse_bytesEt:
   19|  52.4k|inline constexpr uint16_t reverse_bytes(uint16_t x) {
   20|  52.4k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16)
   21|  52.4k|   return __builtin_bswap16(x);
   22|       |#else
   23|       |   return static_cast<uint16_t>((x << 8) | (x >> 8));
   24|       |#endif
   25|  52.4k|}
_ZN5Botan13reverse_bytesEj:
   33|  1.13M|inline constexpr uint32_t reverse_bytes(uint32_t x) {
   34|  1.13M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32)
   35|  1.13M|   return __builtin_bswap32(x);
   36|       |#else
   37|       |   // MSVC at least recognizes this as a bswap
   38|       |   return ((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | ((x & 0xFF000000) >> 24);
   39|       |#endif
   40|  1.13M|}
_ZN5Botan13reverse_bytesEm:
   48|  33.0k|inline constexpr uint64_t reverse_bytes(uint64_t x) {
   49|  33.0k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64)
   50|  33.0k|   return __builtin_bswap64(x);
   51|       |#else
   52|       |   uint32_t hi = static_cast<uint32_t>(x >> 32);
   53|       |   uint32_t lo = static_cast<uint32_t>(x);
   54|       |
   55|       |   hi = reverse_bytes(hi);
   56|       |   lo = reverse_bytes(lo);
   57|       |
   58|       |   return (static_cast<uint64_t>(lo) << 32) | hi;
   59|       |#endif
   60|  33.0k|}

base64.cpp:_ZN5Botan11base_decodeIRNS_12_GLOBAL__N_16Base64EEEmOT_PhPKcmRmbb:
  118|    109|                   bool ignore_ws = true) {
  119|    109|   const size_t decoding_bytes_in = base.decoding_bytes_in();
  120|    109|   const size_t decoding_bytes_out = base.decoding_bytes_out();
  121|       |
  122|    109|   uint8_t* out_ptr = output;
  123|    109|   std::vector<uint8_t> decode_buf(decoding_bytes_in, 0);
  124|    109|   size_t decode_buf_pos = 0;
  125|    109|   size_t final_truncate = 0;
  126|       |
  127|    109|   clear_mem(output, base.decode_max_output(input_length));
  128|       |
  129|  22.8k|   for(size_t i = 0; i != input_length; ++i) {
  ------------------
  |  Branch (129:22): [True: 22.7k, False: 109]
  ------------------
  130|  22.7k|      const uint8_t bin = base.lookup_binary_value(input[i]);
  131|       |
  132|  22.7k|      if(base.check_bad_char(bin, input[i], ignore_ws))  // May throw Invalid_Argument
  ------------------
  |  Branch (132:10): [True: 15.9k, False: 6.82k]
  ------------------
  133|  15.9k|      {
  134|  15.9k|         decode_buf[decode_buf_pos] = bin;
  135|  15.9k|         ++decode_buf_pos;
  136|  15.9k|      }
  137|       |
  138|       |      /*
  139|       |      * If we're at the end of the input, pad with 0s and truncate
  140|       |      */
  141|  22.7k|      if(final_inputs && (i == input_length - 1)) {
  ------------------
  |  Branch (141:10): [True: 22.7k, False: 36]
  |  Branch (141:26): [True: 70, False: 22.6k]
  ------------------
  142|     70|         if(decode_buf_pos) {
  ------------------
  |  Branch (142:13): [True: 33, False: 37]
  ------------------
  143|     86|            for(size_t j = decode_buf_pos; j < decoding_bytes_in; ++j) {
  ------------------
  |  Branch (143:44): [True: 53, False: 33]
  ------------------
  144|     53|               decode_buf[j] = 0;
  145|     53|            }
  146|       |
  147|     33|            final_truncate = decoding_bytes_in - decode_buf_pos;
  148|     33|            decode_buf_pos = decoding_bytes_in;
  149|     33|         }
  150|     70|      }
  151|       |
  152|  22.7k|      if(decode_buf_pos == decoding_bytes_in) {
  ------------------
  |  Branch (152:10): [True: 3.98k, False: 18.7k]
  ------------------
  153|  3.98k|         base.decode(out_ptr, decode_buf.data());
  154|       |
  155|  3.98k|         out_ptr += decoding_bytes_out;
  156|  3.98k|         decode_buf_pos = 0;
  157|  3.98k|         input_consumed = i + 1;
  158|  3.98k|      }
  159|  22.7k|   }
  160|       |
  161|    545|   while(input_consumed < input_length && base.lookup_binary_value(input[input_consumed]) == 0x80) {
  ------------------
  |  Branch (161:10): [True: 446, False: 99]
  |  Branch (161:43): [True: 436, False: 10]
  ------------------
  162|    436|      ++input_consumed;
  163|    436|   }
  164|       |
  165|    109|   size_t written = (out_ptr - output) - base.bytes_to_remove(final_truncate);
  166|       |
  167|    109|   return written;
  168|    109|}
base64.cpp:_ZN5Botan18base_decode_to_vecINSt3__16vectorIhNS_16secure_allocatorIhEEEENS_12_GLOBAL__N_16Base64EEET_OT0_PKcmb:
  183|    109|Vector base_decode_to_vec(Base&& base, const char input[], size_t input_length, bool ignore_ws) {
  184|    109|   const size_t output_length = base.decode_max_output(input_length);
  185|    109|   Vector bin(output_length);
  186|       |
  187|    109|   const size_t written = base_decode_full(base, bin.data(), input, input_length, ignore_ws);
  188|       |
  189|    109|   bin.resize(written);
  190|    109|   return bin;
  191|    109|}
base64.cpp:_ZN5Botan16base_decode_fullIRNS_12_GLOBAL__N_16Base64EEEmOT_PhPKcmb:
  171|    109|size_t base_decode_full(Base&& base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {
  172|    109|   size_t consumed = 0;
  173|    109|   const size_t written = base_decode(base, output, input, input_length, consumed, true, ignore_ws);
  174|       |
  175|    109|   if(consumed != input_length) {
  ------------------
  |  Branch (175:7): [True: 10, False: 99]
  ------------------
  176|     10|      throw Invalid_Argument(base.name() + " decoding failed, input did not have full bytes");
  177|     10|   }
  178|       |
  179|     99|   return written;
  180|    109|}

_ZN5Botan5CPUID13has_cpuid_bitENS0_10CPUID_bitsE:
  333|   155k|      static bool has_cpuid_bit(CPUID_bits elem) {
  334|   155k|         const uint32_t elem32 = static_cast<uint32_t>(elem);
  335|   155k|         return state().has_bit(elem32);
  336|   155k|      }
_ZN5Botan5CPUID5stateEv:
  362|   155k|      static CPUID_Data& state() {
  363|   155k|         static CPUID::CPUID_Data g_cpuid;
  364|   155k|         return g_cpuid;
  365|   155k|      }
_ZNK5Botan5CPUID10CPUID_Data7has_bitEj:
  350|   155k|            bool has_bit(uint32_t bit) const { return (m_processor_features & bit) == bit; }
_ZN5Botan5CPUID8has_sse2Ev:
  208|  51.9k|      static bool has_sse2() { return has_cpuid_bit(CPUID_SSE2_BIT); }
_ZN5Botan5CPUID8has_bmi2Ev:
  240|  51.9k|      static bool has_bmi2() { return has_cpuid_bit(CPUID_BMI_BIT); }
_ZN5Botan5CPUID13has_intel_shaEv:
  255|  51.9k|      static bool has_intel_sha() { return has_sse2() && has_cpuid_bit(CPUID_SHA_BIT); }
  ------------------
  |  Branch (255:44): [True: 51.9k, False: 0]
  |  Branch (255:58): [True: 0, False: 51.9k]
  ------------------

_ZN5Botan2CT4MaskIhE7is_zeroEh:
  123|  74.5k|      static Mask<T> is_zero(T x) { return Mask<T>(ct_is_zero<T>(x)); }
_ZN5Botan2CT4MaskIhEC2Eh:
  279|   239k|      Mask(T m) : m_mask(m) {}
_ZNK5Botan2CT4MaskIhE6is_setEv:
  271|  2.72k|      bool is_set() const { return unpoisoned_value() != 0; }
_ZNK5Botan2CT4MaskIhE16unpoisoned_valueEv:
  262|  2.72k|      T unpoisoned_value() const {
  263|  2.72k|         T r = value();
  264|  2.72k|         CT::unpoison(r);
  265|  2.72k|         return r;
  266|  2.72k|      }
_ZNK5Botan2CT4MaskIhE5valueEv:
  276|   239k|      T value() const { return m_mask; }
_ZN5Botan2CT8unpoisonIhEEvRT_:
   66|  2.72k|inline void unpoison(T& p) {
   67|       |#if defined(BOTAN_HAS_VALGRIND)
   68|       |   VALGRIND_MAKE_MEM_DEFINED(&p, sizeof(T));
   69|       |#else
   70|  2.72k|   BOTAN_UNUSED(p);
  ------------------
  |  |  118|  2.72k|#define BOTAN_UNUSED Botan::ignore_params
  ------------------
   71|  2.72k|#endif
   72|  2.72k|}
_ZN5Botan2CT4MaskIhE3setEv:
   99|  2.72k|      static Mask<T> set() { return Mask<T>(static_cast<T>(~0)); }
_ZN5Botan2CT4MaskIhE15is_within_rangeEhhh:
  150|  69.5k|      static Mask<T> is_within_range(T v, T l, T u) {
  151|       |         //return Mask<T>::is_gte(v, l) & Mask<T>::is_lte(v, u);
  152|       |
  153|  69.5k|         const T v_lt_l = v ^ ((v ^ l) | ((v - l) ^ v));
  154|  69.5k|         const T v_gt_u = u ^ ((u ^ v) | ((u - v) ^ u));
  155|  69.5k|         const T either = v_lt_l | v_gt_u;
  156|  69.5k|         return ~Mask<T>(expand_top_bit(either));
  157|  69.5k|      }
_ZNK5Botan2CT4MaskIhEcoEv:
  213|  69.5k|      Mask<T> operator~() const { return Mask<T>(~value()); }
_ZN5Botan2CT4MaskIhE9is_any_ofEhSt16initializer_listIhE:
  159|  23.1k|      static Mask<T> is_any_of(T v, std::initializer_list<T> accepted) {
  160|  23.1k|         T accept = 0;
  161|       |
  162|  92.7k|         for(auto a : accepted) {
  ------------------
  |  Branch (162:21): [True: 92.7k, False: 23.1k]
  ------------------
  163|  92.7k|            const T diff = a ^ v;
  164|  92.7k|            const T eq_zero = ~diff & (diff - 1);
  165|  92.7k|            accept |= eq_zero;
  166|  92.7k|         }
  167|       |
  168|  23.1k|         return Mask<T>(expand_top_bit(accept));
  169|  23.1k|      }
_ZNK5Botan2CT4MaskIhE6selectEhh:
  228|   162k|      T select(T x, T y) const { return choose(value(), x, y); }
_ZN5Botan2CT8unpoisonImEEvRT_:
   66|    279|inline void unpoison(T& p) {
   67|       |#if defined(BOTAN_HAS_VALGRIND)
   68|       |   VALGRIND_MAKE_MEM_DEFINED(&p, sizeof(T));
   69|       |#else
   70|    279|   BOTAN_UNUSED(p);
  ------------------
  |  |  118|    279|#define BOTAN_UNUSED Botan::ignore_params
  ------------------
   71|    279|#endif
   72|    279|}
_ZN5Botan2CT8unpoisonIKmEEvRT_:
   66|    113|inline void unpoison(T& p) {
   67|       |#if defined(BOTAN_HAS_VALGRIND)
   68|       |   VALGRIND_MAKE_MEM_DEFINED(&p, sizeof(T));
   69|       |#else
   70|    113|   BOTAN_UNUSED(p);
  ------------------
  |  |  118|    113|#define BOTAN_UNUSED Botan::ignore_params
  ------------------
   71|    113|#endif
   72|    113|}
_ZN5Botan2CT4MaskIhE8is_equalEhh:
  128|  69.5k|      static Mask<T> is_equal(T x, T y) { return Mask<T>::is_zero(static_cast<T>(x ^ y)); }

_ZN5Botan8FE_25519C2ESt16initializer_listIiE:
   36|  1.53k|      FE_25519(std::initializer_list<int32_t> x) {
   37|  1.53k|         if(x.size() != 10)
  ------------------
  |  Branch (37:13): [True: 0, False: 1.53k]
  ------------------
   38|      0|            throw Invalid_Argument("Invalid FE_25519 initializer list");
   39|  1.53k|         copy_mem(m_fe, x.begin(), 10);
   40|  1.53k|      }

_ZN5Botan3fmtIJPKcNSt3__117basic_string_viewIcNS3_11char_traitsIcEEEEEEENS3_12basic_stringIcS6_NS3_9allocatorIcEEEES7_DpRKT_:
   51|    758|std::string fmt(std::string_view format, const T&... args) {
   52|    758|   std::ostringstream oss;
   53|    758|   oss.imbue(std::locale::classic());
   54|    758|   fmt_detail::do_fmt(oss, format, args...);
   55|    758|   return oss.str();
   56|    758|}
_ZN5Botan10fmt_detail6do_fmtIPKcJNSt3__117basic_string_viewIcNS4_11char_traitsIcEEEEEEEvRNS4_19basic_ostringstreamIcS7_NS4_9allocatorIcEEEES8_RKT_DpRKT0_:
   23|    758|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|    758|   size_t i = 0;
   25|       |
   26|  6.81k|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 6.81k, False: 0]
  ------------------
   27|  6.81k|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 758, False: 6.05k]
  |  Branch (27:30): [True: 758, False: 0]
  |  Branch (27:59): [True: 758, False: 0]
  ------------------
   28|    758|         oss << val;
   29|    758|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|  6.05k|      } else {
   31|  6.05k|         oss << format[i];
   32|  6.05k|      }
   33|       |
   34|  6.05k|      i += 1;
   35|  6.05k|   }
   36|    758|}
_ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_:
   23|  3.09k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|  3.09k|   size_t i = 0;
   25|       |
   26|  23.9k|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 23.9k, False: 0]
  ------------------
   27|  23.9k|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 3.09k, False: 20.8k]
  |  Branch (27:30): [True: 3.09k, False: 0]
  |  Branch (27:59): [True: 3.09k, False: 0]
  ------------------
   28|  3.09k|         oss << val;
   29|  3.09k|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|  20.8k|      } else {
   31|  20.8k|         oss << format[i];
   32|  20.8k|      }
   33|       |
   34|  20.8k|      i += 1;
   35|  20.8k|   }
   36|  3.09k|}
_ZN5Botan10fmt_detail6do_fmtERNSt3__119basic_ostringstreamIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EE:
   20|  4.75k|inline void do_fmt(std::ostringstream& oss, std::string_view format) { oss << format; }
_ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_:
   51|  2.33k|std::string fmt(std::string_view format, const T&... args) {
   52|  2.33k|   std::ostringstream oss;
   53|  2.33k|   oss.imbue(std::locale::classic());
   54|  2.33k|   fmt_detail::do_fmt(oss, format, args...);
   55|  2.33k|   return oss.str();
   56|  2.33k|}
_ZN5Botan3fmtIJPKcS2_S2_EEENSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEENS3_17basic_string_viewIcS6_EEDpRKT_:
   51|     76|std::string fmt(std::string_view format, const T&... args) {
   52|     76|   std::ostringstream oss;
   53|     76|   oss.imbue(std::locale::classic());
   54|     76|   fmt_detail::do_fmt(oss, format, args...);
   55|     76|   return oss.str();
   56|     76|}
_ZN5Botan10fmt_detail6do_fmtIPKcJS3_S3_EEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_:
   23|     76|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|     76|   size_t i = 0;
   25|       |
   26|    356|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 356, False: 0]
  ------------------
   27|    356|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 76, False: 280]
  |  Branch (27:30): [True: 76, False: 0]
  |  Branch (27:59): [True: 76, False: 0]
  ------------------
   28|     76|         oss << val;
   29|     76|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|    280|      } else {
   31|    280|         oss << format[i];
   32|    280|      }
   33|       |
   34|    280|      i += 1;
   35|    280|   }
   36|     76|}
_ZN5Botan10fmt_detail6do_fmtIPKcJS3_EEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_:
   23|     76|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|     76|   size_t i = 0;
   25|       |
   26|    520|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 520, False: 0]
  ------------------
   27|    520|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 76, False: 444]
  |  Branch (27:30): [True: 76, False: 0]
  |  Branch (27:59): [True: 76, False: 0]
  ------------------
   28|     76|         oss << val;
   29|     76|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|    444|      } else {
   31|    444|         oss << format[i];
   32|    444|      }
   33|       |
   34|    444|      i += 1;
   35|    444|   }
   36|     76|}
_ZN5Botan10fmt_detail6do_fmtIPKcJEEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_:
   23|  1.29k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|  1.29k|   size_t i = 0;
   25|       |
   26|  17.2k|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 17.2k, False: 0]
  ------------------
   27|  17.2k|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 1.29k, False: 15.9k]
  |  Branch (27:30): [True: 1.29k, False: 0]
  |  Branch (27:59): [True: 1.29k, False: 0]
  ------------------
   28|  1.29k|         oss << val;
   29|  1.29k|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|  15.9k|      } else {
   31|  15.9k|         oss << format[i];
   32|  15.9k|      }
   33|       |
   34|  15.9k|      i += 1;
   35|  15.9k|   }
   36|  1.29k|}
_ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEPKcEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_:
   51|  1.22k|std::string fmt(std::string_view format, const T&... args) {
   52|  1.22k|   std::ostringstream oss;
   53|  1.22k|   oss.imbue(std::locale::classic());
   54|  1.22k|   fmt_detail::do_fmt(oss, format, args...);
   55|  1.22k|   return oss.str();
   56|  1.22k|}
_ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJPKcEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_:
   23|  1.22k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|  1.22k|   size_t i = 0;
   25|       |
   26|  1.22k|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 1.22k, False: 0]
  ------------------
   27|  1.22k|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 1.22k, False: 0]
  |  Branch (27:30): [True: 1.22k, False: 0]
  |  Branch (27:59): [True: 1.22k, False: 0]
  ------------------
   28|  1.22k|         oss << val;
   29|  1.22k|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|  1.22k|      } else {
   31|      0|         oss << format[i];
   32|      0|      }
   33|       |
   34|      0|      i += 1;
   35|      0|   }
   36|  1.22k|}
_ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEjEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_:
   51|     59|std::string fmt(std::string_view format, const T&... args) {
   52|     59|   std::ostringstream oss;
   53|     59|   oss.imbue(std::locale::classic());
   54|     59|   fmt_detail::do_fmt(oss, format, args...);
   55|     59|   return oss.str();
   56|     59|}
_ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJjEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_:
   23|     59|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|     59|   size_t i = 0;
   25|       |
   26|     59|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 59, False: 0]
  ------------------
   27|     59|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 59, False: 0]
  |  Branch (27:30): [True: 59, False: 0]
  |  Branch (27:59): [True: 59, False: 0]
  ------------------
   28|     59|         oss << val;
   29|     59|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|     59|      } else {
   31|      0|         oss << format[i];
   32|      0|      }
   33|       |
   34|      0|      i += 1;
   35|      0|   }
   36|     59|}
_ZN5Botan10fmt_detail6do_fmtIjJEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_:
   23|    143|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|    143|   size_t i = 0;
   25|       |
   26|  3.03k|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 3.03k, False: 0]
  ------------------
   27|  3.03k|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 143, False: 2.89k]
  |  Branch (27:30): [True: 143, False: 0]
  |  Branch (27:59): [True: 143, False: 0]
  ------------------
   28|    143|         oss << val;
   29|    143|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|  2.89k|      } else {
   31|  2.89k|         oss << format[i];
   32|  2.89k|      }
   33|       |
   34|  2.89k|      i += 1;
   35|  2.89k|   }
   36|    143|}
_ZN5Botan3fmtIJjEEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEDpRKT_:
   51|     84|std::string fmt(std::string_view format, const T&... args) {
   52|     84|   std::ostringstream oss;
   53|     84|   oss.imbue(std::locale::classic());
   54|     84|   fmt_detail::do_fmt(oss, format, args...);
   55|     84|   return oss.str();
   56|     84|}
_ZN5Botan3fmtIJNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEEES7_NS1_17basic_string_viewIcS4_EEDpRKT_:
   51|    216|std::string fmt(std::string_view format, const T&... args) {
   52|    216|   std::ostringstream oss;
   53|    216|   oss.imbue(std::locale::classic());
   54|    216|   fmt_detail::do_fmt(oss, format, args...);
   55|    216|   return oss.str();
   56|    216|}
_ZN5Botan10fmt_detail6do_fmtINSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEJEEEvRNS2_19basic_ostringstreamIcS5_S7_EENS2_17basic_string_viewIcS5_EERKT_DpRKT0_:
   23|    216|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) {
   24|    216|   size_t i = 0;
   25|       |
   26|  3.06k|   while(i < format.size()) {
  ------------------
  |  Branch (26:10): [True: 3.06k, False: 0]
  ------------------
   27|  3.06k|      if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') {
  ------------------
  |  Branch (27:10): [True: 216, False: 2.84k]
  |  Branch (27:30): [True: 216, False: 0]
  |  Branch (27:59): [True: 216, False: 0]
  ------------------
   28|    216|         oss << val;
   29|    216|         return do_fmt(oss, format.substr(i + 2), rest...);
   30|  2.84k|      } else {
   31|  2.84k|         oss << format[i];
   32|  2.84k|      }
   33|       |
   34|  2.84k|      i += 1;
   35|  2.84k|   }
   36|    216|}

_ZN5Botan11make_uint16Ehh:
   63|   219k|inline constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1) {
   64|   219k|   return static_cast<uint16_t>((static_cast<uint16_t>(i0) << 8) | i1);
   65|   219k|}
_ZN5Botan11make_uint32Ehhhh:
   75|  39.0k|inline constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3) {
   76|  39.0k|   return ((static_cast<uint32_t>(i0) << 24) | (static_cast<uint32_t>(i1) << 16) | (static_cast<uint32_t>(i2) << 8) |
   77|  39.0k|           (static_cast<uint32_t>(i3)));
   78|  39.0k|}
_ZN5Botan7load_beIhEET_PKhm:
  106|  3.77M|inline constexpr T load_be(const uint8_t in[], size_t off) {
  107|  3.77M|   in += off * sizeof(T);
  108|  3.77M|   T out = 0;
  109|  7.54M|   for(size_t i = 0; i != sizeof(T); ++i)
  ------------------
  |  Branch (109:22): [True: 3.77M, False: 3.77M]
  ------------------
  110|  3.77M|      out = static_cast<T>((out << 8) | in[i]);
  111|  3.77M|   return out;
  112|  3.77M|}
_ZN5Botan7load_beItEET_PKhm:
  136|  52.4k|inline constexpr uint16_t load_be<uint16_t>(const uint8_t in[], size_t off) {
  137|  52.4k|   in += off * sizeof(uint16_t);
  138|       |
  139|  52.4k|#if defined(BOTAN_ENDIAN_N2B)
  140|  52.4k|   uint16_t x = 0;
  141|  52.4k|   typecast_copy(x, in);
  142|  52.4k|   return BOTAN_ENDIAN_N2B(x);
  ------------------
  |  |   26|  52.4k|   #define BOTAN_ENDIAN_N2B(x) reverse_bytes(x)
  ------------------
  143|       |#else
  144|       |   return make_uint16(in[0], in[1]);
  145|       |#endif
  146|  52.4k|}
_ZN5Botan7load_beIjEET_PKhm:
  174|   869k|inline constexpr uint32_t load_be<uint32_t>(const uint8_t in[], size_t off) {
  175|   869k|   in += off * sizeof(uint32_t);
  176|   869k|#if defined(BOTAN_ENDIAN_N2B)
  177|   869k|   uint32_t x = 0;
  178|   869k|   typecast_copy(x, in);
  179|   869k|   return BOTAN_ENDIAN_N2B(x);
  ------------------
  |  |   26|   869k|   #define BOTAN_ENDIAN_N2B(x) reverse_bytes(x)
  ------------------
  180|       |#else
  181|       |   return make_uint32(in[0], in[1], in[2], in[3]);
  182|       |#endif
  183|   869k|}
_ZN5Botan7load_beImEET_PKhm:
  210|    246|inline constexpr uint64_t load_be<uint64_t>(const uint8_t in[], size_t off) {
  211|    246|   in += off * sizeof(uint64_t);
  212|    246|#if defined(BOTAN_ENDIAN_N2B)
  213|    246|   uint64_t x = 0;
  214|    246|   typecast_copy(x, in);
  215|    246|   return BOTAN_ENDIAN_N2B(x);
  ------------------
  |  |   26|    246|   #define BOTAN_ENDIAN_N2B(x) reverse_bytes(x)
  ------------------
  216|       |#else
  217|       |   return make_uint64(in[0], in[1], in[2], in[3], in[4], in[5], in[6], in[7]);
  218|       |#endif
  219|    246|}
_ZN5Botan8store_beEjPh:
  437|   262k|inline constexpr void store_be(uint32_t in, uint8_t out[4]) {
  438|   262k|#if defined(BOTAN_ENDIAN_B2N)
  439|   262k|   uint32_t o = BOTAN_ENDIAN_B2N(in);
  ------------------
  |  |   27|   262k|   #define BOTAN_ENDIAN_B2N(x) reverse_bytes(x)
  ------------------
  440|   262k|   typecast_copy(out, o);
  441|       |#else
  442|       |   out[0] = get_byte<0>(in);
  443|       |   out[1] = get_byte<1>(in);
  444|       |   out[2] = get_byte<2>(in);
  445|       |   out[3] = get_byte<3>(in);
  446|       |#endif
  447|   262k|}
_ZN5Botan8store_beEmPh:
  471|  32.8k|inline constexpr void store_be(uint64_t in, uint8_t out[8]) {
  472|  32.8k|#if defined(BOTAN_ENDIAN_B2N)
  473|  32.8k|   uint64_t o = BOTAN_ENDIAN_B2N(in);
  ------------------
  |  |   27|  32.8k|   #define BOTAN_ENDIAN_B2N(x) reverse_bytes(x)
  ------------------
  474|  32.8k|   typecast_copy(out, o);
  475|       |#else
  476|       |   out[0] = get_byte<0>(in);
  477|       |   out[1] = get_byte<1>(in);
  478|       |   out[2] = get_byte<2>(in);
  479|       |   out[3] = get_byte<3>(in);
  480|       |   out[4] = get_byte<4>(in);
  481|       |   out[5] = get_byte<5>(in);
  482|       |   out[6] = get_byte<6>(in);
  483|       |   out[7] = get_byte<7>(in);
  484|       |#endif
  485|  32.8k|}
_ZN5Botan12get_byte_varImEEhmT_:
   40|     88|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) {
   41|     88|   return static_cast<uint8_t>(input >> (((~byte_num) & (sizeof(T) - 1)) << 3));
   42|     88|}
_ZN5Botan8get_byteILm0EmEEhT0_:
   52|  1.35k|{
   53|  1.35k|   const size_t shift = ((~B) & (sizeof(T) - 1)) << 3;
   54|  1.35k|   return static_cast<uint8_t>((input >> shift) & 0xFF);
   55|  1.35k|}
_ZN5Botan15copy_out_vec_beIjNS_16secure_allocatorIjEEEEvPhmRKNSt3__16vectorIT_T0_EE:
  626|  32.8k|void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector<T, Alloc>& in) {
  627|  32.8k|   copy_out_be(out, out_bytes, in.data());
  628|  32.8k|}
_ZN5Botan11copy_out_beIjEEvPhmPKT_:
  613|  32.8k|void copy_out_be(uint8_t out[], size_t out_bytes, const T in[]) {
  614|   295k|   while(out_bytes >= sizeof(T)) {
  ------------------
  |  Branch (614:10): [True: 262k, False: 32.8k]
  ------------------
  615|   262k|      store_be(in[0], out);
  616|   262k|      out += sizeof(T);
  617|   262k|      out_bytes -= sizeof(T);
  618|   262k|      in += 1;
  619|   262k|   }
  620|       |
  621|  32.8k|   for(size_t i = 0; i != out_bytes; ++i)
  ------------------
  |  Branch (621:22): [True: 0, False: 32.8k]
  ------------------
  622|      0|      out[i] = get_byte_var(i % 8, in[0]);
  623|  32.8k|}

_ZN5Botan4rotrILm18EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm6EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm2EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm22EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm7EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm13EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan3rhoILm2ELm13ELm22EjEET2_S1_:
   51|  3.47M|inline constexpr T rho(T x) {
   52|  3.47M|   return rotr<R1>(x) ^ rotr<R2>(x) ^ rotr<R3>(x);
   53|  3.47M|}
_ZN5Botan3rhoILm6ELm11ELm25EjEET2_S1_:
   51|  3.47M|inline constexpr T rho(T x) {
   52|  3.47M|   return rotr<R1>(x) ^ rotr<R2>(x) ^ rotr<R3>(x);
   53|  3.47M|}
_ZN5Botan4rotrILm11EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm25EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan5sigmaILm7ELm18ELm3EjEET2_S1_:
   43|  3.47M|inline constexpr T sigma(T x) {
   44|  3.47M|   return rotr<R1>(x) ^ rotr<R2>(x) ^ (x >> S);
   45|  3.47M|}
_ZN5Botan5sigmaILm17ELm19ELm10EjEET2_S1_:
   43|  3.47M|inline constexpr T sigma(T x) {
   44|  3.47M|   return rotr<R1>(x) ^ rotr<R2>(x) ^ (x >> S);
   45|  3.47M|}
_ZN5Botan4rotrILm17EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}
_ZN5Botan4rotrILm19EjEET0_S1_:
   35|  3.47M|{
   36|  3.47M|   return static_cast<T>((input >> ROT) | (input << (8 * sizeof(T) - ROT)));
   37|  3.47M|}

_ZN5Botan8round_upEmm:
   21|    526|inline size_t round_up(size_t n, size_t align_to) {
   22|    526|   BOTAN_ARG_CHECK(align_to != 0, "align_to must not be 0");
  ------------------
  |  |   30|    526|   do {                                                          \
  |  |   31|    526|      if(!(expr))                                                \
  |  |  ------------------
  |  |  |  Branch (31:10): [True: 0, False: 526]
  |  |  ------------------
  |  |   32|    526|         Botan::throw_invalid_argument(msg, __func__, __FILE__); \
  |  |   33|    526|   } while(0)
  |  |  ------------------
  |  |  |  Branch (33:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
   23|       |
   24|    526|   if(n % align_to)
  ------------------
  |  Branch (24:7): [True: 484, False: 42]
  ------------------
   25|    484|      n += align_to - (n % align_to);
   26|    526|   return n;
   27|    526|}

_ZN5Botan11checked_mulEmm:
   47|   143k|inline std::optional<size_t> checked_mul(size_t x, size_t y) {
   48|   143k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_add_overflow)
   49|   143k|   size_t z;
   50|   143k|   if(__builtin_mul_overflow(x, y, &z)) [[unlikely]]
  ------------------
  |  Branch (50:7): [True: 0, False: 143k]
  ------------------
   51|       |#elif defined(_MSC_VER)
   52|       |   size_t z;
   53|       |   if(SizeTMult(x, y, &z) != S_OK) [[unlikely]]
   54|       |#else
   55|       |   size_t z = x * y;
   56|       |   if(y && z / y != x) [[unlikely]]
   57|       |#endif
   58|      0|   {
   59|      0|      return std::nullopt;
   60|      0|   }
   61|   143k|   return z;
   62|   143k|}
_ZN5Botan11checked_addEmmPKci:
   30|  69.0k|inline size_t checked_add(size_t x, size_t y, const char* file, int line) {
   31|  69.0k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_add_overflow)
   32|  69.0k|   size_t z;
   33|  69.0k|   if(__builtin_add_overflow(x, y, &z)) [[unlikely]]
  ------------------
  |  Branch (33:7): [True: 0, False: 69.0k]
  ------------------
   34|       |#elif defined(_MSC_VER)
   35|       |   size_t z;
   36|       |   if(SizeTAdd(x, y, &z) != S_OK) [[unlikely]]
   37|       |#else
   38|       |   size_t z = x + y;
   39|       |   if(z < x) [[unlikely]]
   40|       |#endif
   41|      0|   {
   42|      0|      throw Integer_Overflow_Detected(file, line);
   43|      0|   }
   44|  69.0k|   return z;
   45|  69.0k|}

_ZN5Botan7SHA_256C2Ev:
   59|  8.18k|      SHA_256() : MDx_HashFunction(64, true, true), m_digest(8) { clear(); }
_ZNK5Botan7SHA_25613output_lengthEv:
   49|  98.4k|      size_t output_length() const override { return 32; }

_ZN5Botan9SHA2_32_FEjjjRjjjjS0_S0_jjjj:
   31|  3.47M|                                  uint32_t magic) {
   32|  3.47M|   uint32_t A_rho = rho<2, 13, 22>(A);
   33|  3.47M|   uint32_t E_rho = rho<6, 11, 25>(E);
   34|  3.47M|   uint32_t M2_sigma = sigma<17, 19, 10>(M2);
   35|  3.47M|   uint32_t M4_sigma = sigma<7, 18, 3>(M4);
   36|  3.47M|   H += magic + E_rho + choose(E, F, G) + M1;
   37|  3.47M|   D += H;
   38|  3.47M|   H += A_rho + majority(A, B, C);
   39|  3.47M|   M1 += M2_sigma + M3 + M4_sigma;
   40|  3.47M|}

_ZN5Botan9SIMD_4x32C2EDv2_x:
  605|      2|      explicit SIMD_4x32(native_simd_type x) noexcept : m_simd(x) {}
_ZN5Botan9SIMD_4x32C2Ejjjj:
  113|     96|      SIMD_4x32(uint32_t B0, uint32_t B1, uint32_t B2, uint32_t B3) noexcept {
  114|     96|#if defined(BOTAN_SIMD_USE_SSE2)
  115|     96|         m_simd = _mm_set_epi32(B3, B2, B1, B0);
  116|       |#elif defined(BOTAN_SIMD_USE_ALTIVEC)
  117|       |         __vector unsigned int val = {B0, B1, B2, B3};
  118|       |         m_simd = val;
  119|       |#elif defined(BOTAN_SIMD_USE_NEON)
  120|       |         // Better way to do this?
  121|       |         const uint32_t B[4] = {B0, B1, B2, B3};
  122|       |         m_simd = vld1q_u32(B);
  123|       |#endif
  124|     96|      }
_ZN5Botan9SIMD_4x328splat_u8Eh:
  142|      2|      static SIMD_4x32 splat_u8(uint8_t B) noexcept {
  143|      2|#if defined(BOTAN_SIMD_USE_SSE2)
  144|      2|         return SIMD_4x32(_mm_set1_epi8(B));
  145|       |#elif defined(BOTAN_SIMD_USE_NEON)
  146|       |         return SIMD_4x32(vreinterpretq_u32_u8(vdupq_n_u8(B)));
  147|       |#else
  148|       |         const uint32_t B4 = make_uint32(B, B, B, B);
  149|       |         return SIMD_4x32(B4, B4, B4, B4);
  150|       |#endif
  151|      2|      }

_ZN5Botan12value_existsINS_3TLS16Signature_SchemeES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_:
   89|  1.80k|bool value_exists(const std::vector<T>& vec, const OT& val) {
   90|  9.63k|   for(size_t i = 0; i != vec.size(); ++i)
  ------------------
  |  Branch (90:22): [True: 9.61k, False: 24]
  ------------------
   91|  9.61k|      if(vec[i] == val)
  ------------------
  |  Branch (91:10): [True: 1.78k, False: 7.83k]
  ------------------
   92|  1.78k|         return true;
   93|     24|   return false;
   94|  1.80k|}
_ZN5Botan12value_existsINS_3TLS12Group_ParamsES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_:
   89|  3.89k|bool value_exists(const std::vector<T>& vec, const OT& val) {
   90|  87.7k|   for(size_t i = 0; i != vec.size(); ++i)
  ------------------
  |  Branch (90:22): [True: 84.7k, False: 3.00k]
  ------------------
   91|  84.7k|      if(vec[i] == val)
  ------------------
  |  Branch (91:10): [True: 894, False: 83.8k]
  ------------------
   92|    894|         return true;
   93|  3.00k|   return false;
   94|  3.89k|}
_ZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_15Client_Hello_12ENS3_15Server_Hello_13ENS3_15Server_Hello_12ENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEE:
  254|  7.45k|constexpr GeneralVariantT generalize_to(std::variant<SpecialTs...> specific) noexcept {
  255|  7.45k|   static_assert(
  256|  7.45k|      is_generalizable_to<GeneralVariantT>(specific),
  257|  7.45k|      "Desired general type must be implicitly constructible by all types of the specialized std::variant<>");
  258|  7.45k|   return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific));
  259|  7.45k|}
_ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_15Client_Hello_12ENS3_15Server_Hello_13ENS3_15Server_Hello_12ENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS4_EESE_SF_:
  258|    524|   return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific));
_ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_15Client_Hello_12ENS3_15Server_Hello_13ENS3_15Server_Hello_12ENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS5_EESE_SF_:
  258|  6.93k|   return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific));
_ZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_15Client_Hello_12ENS3_15Server_Hello_13ENS3_15Server_Hello_12ENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEE:
  254|  4.77k|constexpr GeneralVariantT generalize_to(std::variant<SpecialTs...> specific) noexcept {
  255|  4.77k|   static_assert(
  256|  4.77k|      is_generalizable_to<GeneralVariantT>(specific),
  257|  4.77k|      "Desired general type must be implicitly constructible by all types of the specialized std::variant<>");
  258|  4.77k|   return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific));
  259|  4.77k|}
_ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_15Client_Hello_12ENS3_15Server_Hello_13ENS3_15Server_Hello_12ENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS6_EESE_SF_:
  258|    183|   return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific));
_ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_15Client_Hello_12ENS3_15Server_Hello_13ENS3_15Server_Hello_12ENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS7_EESE_SF_:
  258|  4.59k|   return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific));

_ZN5Botan3TLS15Handshake_LayerC2ENS0_15Connection_SideE:
   31|  6.92k|            m_peer(whoami == Connection_Side::Server ? Connection_Side::Client : Connection_Side::Server) {}

_ZN5Botan3TLS15TLS_Data_ReaderC2EPKcNSt3__14spanIKhLm18446744073709551615EEE:
   29|   120k|            m_typename(type), m_buf(buf_in), m_offset(0) {}
_ZN5Botan3TLS15TLS_Data_Reader12get_uint16_tEv:
   67|   218k|      uint16_t get_uint16_t() {
   68|   218k|         assert_at_least(2);
   69|   218k|         uint16_t result = make_uint16(m_buf[m_offset], m_buf[m_offset + 1]);
   70|   218k|         m_offset += 2;
   71|   218k|         return result;
   72|   218k|      }
_ZNK5Botan3TLS15TLS_Data_Reader15assert_at_leastEm:
  157|   708k|      void assert_at_least(size_t n) const {
  158|   708k|         if(m_buf.size() - m_offset < n)
  ------------------
  |  Branch (158:13): [True: 640, False: 707k]
  ------------------
  159|    640|            throw_decode_error("Expected " + std::to_string(n) + " bytes remaining, only " +
  160|    640|                               std::to_string(m_buf.size() - m_offset) + " left");
  161|   708k|      }
_ZNK5Botan3TLS15TLS_Data_Reader18throw_decode_errorENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE:
  163|    757|      [[noreturn]] void throw_decode_error(std::string_view why) const {
  164|    757|         throw Decoding_Error(fmt("Invalid {}: {}", m_typename, why));
  165|    757|      }
_ZNK5Botan3TLS15TLS_Data_Reader11assert_doneEv:
   31|  51.5k|      void assert_done() const {
   32|  51.5k|         if(has_remaining())
  ------------------
  |  Branch (32:13): [True: 80, False: 51.4k]
  ------------------
   33|     80|            throw_decode_error("Extra bytes at end of message");
   34|  51.5k|      }
_ZNK5Botan3TLS15TLS_Data_Reader13has_remainingEv:
   40|   182k|      bool has_remaining() const { return (remaining_bytes() > 0); }
_ZNK5Botan3TLS15TLS_Data_Reader15remaining_bytesEv:
   38|   325k|      size_t remaining_bytes() const { return m_buf.size() - m_offset; }
_ZN5Botan3TLS15TLS_Data_Reader9get_rangeIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm:
  105|  20.0k|      std::vector<T> get_range(size_t len_bytes, size_t min_elems, size_t max_elems) {
  106|  20.0k|         const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
  107|       |
  108|  20.0k|         return get_elem<T, std::vector<T>>(num_elems);
  109|  20.0k|      }
_ZN5Botan3TLS15TLS_Data_Reader13get_num_elemsEmmmm:
  143|  42.0k|      size_t get_num_elems(size_t len_bytes, size_t T_size, size_t min_elems, size_t max_elems) {
  144|  42.0k|         const size_t byte_length = get_length_field(len_bytes);
  145|       |
  146|  42.0k|         if(byte_length % T_size != 0)
  ------------------
  |  Branch (146:13): [True: 12, False: 42.0k]
  ------------------
  147|     12|            throw_decode_error("Size isn't multiple of T");
  148|       |
  149|  42.0k|         const size_t num_elems = byte_length / T_size;
  150|       |
  151|  42.0k|         if(num_elems < min_elems || num_elems > max_elems)
  ------------------
  |  Branch (151:13): [True: 75, False: 41.9k]
  |  Branch (151:38): [True: 13, False: 41.9k]
  ------------------
  152|     25|            throw_decode_error("Length field outside parameters");
  153|       |
  154|  42.0k|         return num_elems;
  155|  42.0k|      }
_ZN5Botan3TLS15TLS_Data_Reader16get_length_fieldEm:
  130|  59.0k|      size_t get_length_field(size_t len_bytes) {
  131|  59.0k|         assert_at_least(len_bytes);
  132|       |
  133|  59.0k|         if(len_bytes == 1)
  ------------------
  |  Branch (133:13): [True: 33.5k, False: 25.5k]
  ------------------
  134|  33.5k|            return get_byte();
  135|  25.5k|         else if(len_bytes == 2)
  ------------------
  |  Branch (135:18): [True: 24.0k, False: 1.48k]
  ------------------
  136|  24.0k|            return get_uint16_t();
  137|  1.48k|         else if(len_bytes == 3)
  ------------------
  |  Branch (137:18): [True: 1.39k, False: 91]
  ------------------
  138|  1.39k|            return get_uint24_t();
  139|       |
  140|     91|         throw_decode_error("Bad length size");
  141|     91|      }
_ZN5Botan3TLS15TLS_Data_Reader8get_byteEv:
   79|   141k|      uint8_t get_byte() {
   80|   141k|         assert_at_least(1);
   81|   141k|         uint8_t result = m_buf[m_offset];
   82|   141k|         m_offset += 1;
   83|   141k|         return result;
   84|   141k|      }
_ZN5Botan3TLS15TLS_Data_Reader12get_uint24_tEv:
   60|  35.8k|      uint32_t get_uint24_t() {
   61|  35.8k|         assert_at_least(3);
   62|  35.8k|         uint32_t result = make_uint32(0, m_buf[m_offset], m_buf[m_offset + 1], m_buf[m_offset + 2]);
   63|  35.8k|         m_offset += 3;
   64|  35.8k|         return result;
   65|  35.8k|      }
_ZN5Botan3TLS15TLS_Data_Reader8get_elemIhNSt3__16vectorIhNS3_9allocatorIhEEEEEET0_m:
   87|   177k|      Container get_elem(size_t num_elems) {
   88|   177k|         assert_at_least(num_elems * sizeof(T));
   89|       |
   90|   177k|         Container result(num_elems);
   91|       |
   92|  3.95M|         for(size_t i = 0; i != num_elems; ++i)
  ------------------
  |  Branch (92:28): [True: 3.77M, False: 177k]
  ------------------
   93|  3.77M|            result[i] = load_be<T>(&m_buf[m_offset], i);
   94|       |
   95|   177k|         m_offset += num_elems * sizeof(T);
   96|       |
   97|   177k|         return result;
   98|   177k|      }
_ZNK5Botan3TLS15TLS_Data_Reader11read_so_farEv:
   36|   132k|      size_t read_so_far() const { return m_offset; }
_ZN5Botan3TLS15TLS_Data_Reader13get_remainingEv:
   42|  2.76k|      std::vector<uint8_t> get_remaining() { return std::vector<uint8_t>(m_buf.begin() + m_offset, m_buf.end()); }
_ZN5Botan3TLS15TLS_Data_Reader20get_data_read_so_farEv:
   44|  2.77k|      std::vector<uint8_t> get_data_read_so_far() {
   45|  2.77k|         return std::vector<uint8_t>(m_buf.begin(), m_buf.begin() + m_offset);
   46|  2.77k|      }
_ZN5Botan3TLS15TLS_Data_Reader12discard_nextEm:
   48|  61.4k|      void discard_next(size_t bytes) {
   49|  61.4k|         assert_at_least(bytes);
   50|  61.4k|         m_offset += bytes;
   51|  61.4k|      }
_ZN5Botan3TLS15TLS_Data_Reader12get_uint32_tEv:
   53|  3.18k|      uint32_t get_uint32_t() {
   54|  3.18k|         assert_at_least(4);
   55|  3.18k|         uint32_t result = make_uint32(m_buf[m_offset], m_buf[m_offset + 1], m_buf[m_offset + 2], m_buf[m_offset + 3]);
   56|  3.18k|         m_offset += 4;
   57|  3.18k|         return result;
   58|  3.18k|      }
_ZNK5Botan3TLS15TLS_Data_Reader13peek_uint16_tEv:
   74|    928|      uint16_t peek_uint16_t() const {
   75|    928|         assert_at_least(2);
   76|    928|         return make_uint16(m_buf[m_offset], m_buf[m_offset + 1]);
   77|    928|      }
_ZN5Botan3TLS15TLS_Data_Reader20get_tls_length_valueEm:
  100|  17.0k|      std::vector<uint8_t> get_tls_length_value(size_t len_bytes) {
  101|  17.0k|         return get_fixed<uint8_t>(get_length_field(len_bytes));
  102|  17.0k|      }
_ZN5Botan3TLS15TLS_Data_Reader10get_stringEmmm:
  118|  4.31k|      std::string get_string(size_t len_bytes, size_t min_bytes, size_t max_bytes) {
  119|  4.31k|         std::vector<uint8_t> v = get_range_vector<uint8_t>(len_bytes, min_bytes, max_bytes);
  120|       |
  121|  4.31k|         return std::string(cast_uint8_ptr_to_char(v.data()), v.size());
  122|  4.31k|      }
_ZN5Botan3TLS15TLS_Data_Reader9get_fixedIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEm:
  125|   145k|      std::vector<T> get_fixed(size_t size) {
  126|   145k|         return get_elem<T, std::vector<T>>(size);
  127|   145k|      }
_ZN5Botan3TLS15TLS_Data_Reader16get_range_vectorIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm:
  112|  12.3k|      std::vector<T> get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems) {
  113|  12.3k|         const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
  114|       |
  115|  12.3k|         return get_elem<T, std::vector<T>>(num_elems);
  116|  12.3k|      }
_ZN5Botan3TLS15TLS_Data_Reader16get_range_vectorItEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm:
  112|  8.10k|      std::vector<T> get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems) {
  113|  8.10k|         const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
  114|       |
  115|  8.10k|         return get_elem<T, std::vector<T>>(num_elems);
  116|  8.10k|      }
_ZN5Botan3TLS15TLS_Data_Reader8get_elemItNSt3__16vectorItNS3_9allocatorItEEEEEET0_m:
   87|  9.56k|      Container get_elem(size_t num_elems) {
   88|  9.56k|         assert_at_least(num_elems * sizeof(T));
   89|       |
   90|  9.56k|         Container result(num_elems);
   91|       |
   92|  59.6k|         for(size_t i = 0; i != num_elems; ++i)
  ------------------
  |  Branch (92:28): [True: 50.1k, False: 9.56k]
  ------------------
   93|  50.1k|            result[i] = load_be<T>(&m_buf[m_offset], i);
   94|       |
   95|  9.56k|         m_offset += num_elems * sizeof(T);
   96|       |
   97|  9.56k|         return result;
   98|  9.56k|      }
_ZN5Botan3TLS15TLS_Data_Reader9get_rangeItEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm:
  105|  1.49k|      std::vector<T> get_range(size_t len_bytes, size_t min_elems, size_t max_elems) {
  106|  1.49k|         const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
  107|       |
  108|  1.49k|         return get_elem<T, std::vector<T>>(num_elems);
  109|  1.49k|      }

_ZN5Botan3TLS21Transcript_Hash_StateD2Ev:
   32|  5.41k|      ~Transcript_Hash_State() = default;

_ZN5Botan13typecast_copyImEEvPT_PKhm:
  140|    246|{
  141|    246|   std::memcpy(out, in, sizeof(T) * N);
  142|    246|}
_ZN5Botan13typecast_copyImEEvPhPT_m:
  133|  32.8k|{
  134|  32.8k|   std::memcpy(out, in, sizeof(T) * N);
  135|  32.8k|}
_ZN5Botan21constant_time_compareEPKhS1_m:
   80|  4.97k|inline bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len) {
   81|  4.97k|   return ct_compare_u8(x, y, len) == 0xFF;
   82|  4.97k|}
_ZN5Botan11clear_bytesEPvm:
   92|  78.0k|inline constexpr void clear_bytes(void* ptr, size_t bytes) {
   93|  78.0k|   if(bytes > 0) {
  ------------------
  |  Branch (93:7): [True: 77.6k, False: 374]
  ------------------
   94|  77.6k|      std::memset(ptr, 0, bytes);
   95|  77.6k|   }
   96|  78.0k|}
_ZN5Botan22cast_uint8_ptr_to_charEPKh:
  179|  1.55k|inline const char* cast_uint8_ptr_to_char(const uint8_t* b) { return reinterpret_cast<const char*>(b); }
_ZN5Botan22cast_uint8_ptr_to_charEPh:
  183|  4.24k|inline char* cast_uint8_ptr_to_char(uint8_t* b) { return reinterpret_cast<char*>(b); }
_ZN5Botan9clear_memIhEEvPT_m:
  109|  77.6k|inline constexpr void clear_mem(T* ptr, size_t n) {
  110|  77.6k|   clear_bytes(ptr, sizeof(T) * n);
  111|  77.6k|}
_ZN5Botan9clear_memImEEvPT_m:
  109|    371|inline constexpr void clear_mem(T* ptr, size_t n) {
  110|    371|   clear_bytes(ptr, sizeof(T) * n);
  111|    371|}
_ZN5Botan13typecast_copyItEEvPT_PKhm:
  140|  52.4k|{
  141|  52.4k|   std::memcpy(out, in, sizeof(T) * N);
  142|  52.4k|}
_ZN5Botan13typecast_copyItEEvRT_PKh:
  152|  52.4k|{
  153|  52.4k|   typecast_copy(&out, in, 1);
  154|  52.4k|}
_ZN5Botan13typecast_copyIjEEvPT_PKhm:
  140|   869k|{
  141|   869k|   std::memcpy(out, in, sizeof(T) * N);
  142|   869k|}
_ZN5Botan13typecast_copyIjEEvRT_PKh:
  152|   869k|{
  153|   869k|   typecast_copy(&out, in, 1);
  154|   869k|}
_ZN5Botan13typecast_copyImEEvRT_PKh:
  152|    246|{
  153|    246|   typecast_copy(&out, in, 1);
  154|    246|}
_ZN5Botan13typecast_copyIjEEvPhPT_m:
  133|   262k|{
  134|   262k|   std::memcpy(out, in, sizeof(T) * N);
  135|   262k|}
_ZN5Botan13typecast_copyIjEEvPhT_:
  145|   262k|inline constexpr void typecast_copy(uint8_t out[], T in) {
  146|   262k|   typecast_copy(out, &in, 1);
  147|   262k|}
_ZN5Botan13typecast_copyImEEvPhT_:
  145|  32.8k|inline constexpr void typecast_copy(uint8_t out[], T in) {
  146|  32.8k|   typecast_copy(out, &in, 1);
  147|  32.8k|}
_ZN5Botan8copy_memIhEEvPT_PKS1_m:
  122|   505k|{
  123|   505k|   BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null");
  ------------------
  |  |   78|   505k|   do {                                                                                          \
  |  |   79|   946k|      if((expr1) && !(expr2))                                                                    \
  |  |  ------------------
  |  |  |  Branch (79:10): [True: 473k, False: 32.4k]
  |  |  |  Branch (79:23): [True: 473k, False: 0]
  |  |  |  Branch (79:23): [True: 473k, False: 0]
  |  |  ------------------
  |  |   80|   505k|         Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \
  |  |   81|   505k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (81:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  124|       |
  125|   505k|   if(in != nullptr && out != nullptr && n > 0) {
  ------------------
  |  Branch (125:7): [True: 496k, False: 9.43k]
  |  Branch (125:24): [True: 488k, False: 7.97k]
  |  Branch (125:42): [True: 473k, False: 15.0k]
  ------------------
  126|   473k|      std::memmove(out, in, sizeof(T) * n);
  127|   473k|   }
  128|   505k|}
_ZN5Botan9clear_memIjEEvPT_m:
  109|      1|inline constexpr void clear_mem(T* ptr, size_t n) {
  110|      1|   clear_bytes(ptr, sizeof(T) * n);
  111|      1|}
_ZN5Botan13buffer_insertIhNS_16secure_allocatorIhEEEEmRNSt3__16vectorIT_T0_EEmPKS5_m:
  203|  65.4k|size_t buffer_insert(std::vector<T, Alloc>& buf, size_t buf_offset, const T input[], size_t input_length) {
  204|  65.4k|   BOTAN_ASSERT_NOMSG(buf_offset <= buf.size());
  ------------------
  |  |   60|  65.4k|   do {                                                                     \
  |  |   61|  65.4k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 65.4k]
  |  |  ------------------
  |  |   62|  65.4k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  65.4k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  205|  65.4k|   const size_t to_copy = std::min(input_length, buf.size() - buf_offset);
  206|  65.4k|   if(to_copy > 0) {
  ------------------
  |  Branch (206:7): [True: 63.9k, False: 1.46k]
  ------------------
  207|  63.9k|      copy_mem(&buf[buf_offset], input, to_copy);
  208|  63.9k|   }
  209|  65.4k|   return to_copy;
  210|  65.4k|}
_ZN5Botan8copy_memIiEEvPT_PKS1_m:
  122|  1.53k|{
  123|  1.53k|   BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null");
  ------------------
  |  |   78|  1.53k|   do {                                                                                          \
  |  |   79|  3.07k|      if((expr1) && !(expr2))                                                                    \
  |  |  ------------------
  |  |  |  Branch (79:10): [True: 1.53k, False: 0]
  |  |  |  Branch (79:23): [True: 1.53k, False: 0]
  |  |  |  Branch (79:23): [True: 1.53k, False: 0]
  |  |  ------------------
  |  |   80|  1.53k|         Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \
  |  |   81|  1.53k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (81:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  124|       |
  125|  1.53k|   if(in != nullptr && out != nullptr && n > 0) {
  ------------------
  |  Branch (125:7): [True: 1.53k, False: 0]
  |  Branch (125:24): [True: 1.53k, False: 0]
  |  Branch (125:42): [True: 1.53k, False: 0]
  ------------------
  126|  1.53k|      std::memmove(out, in, sizeof(T) * n);
  127|  1.53k|   }
  128|  1.53k|}

_ZN5Botan15Key_ConstraintsC2Ev:
  143|    444|      Key_Constraints() : m_value(0) {}

_ZN5Botan15NameConstraintsC2Ev:
  295|    444|      NameConstraints() : m_permitted_subtrees(), m_excluded_subtrees() {}
_ZN5Botan10ExtensionsC2Ev:
  513|    444|      Extensions() {}
_ZN5Botan7X509_DNC2Ev:
   37|  6.82k|      X509_DN() = default;

_ZN5Botan16secure_allocatorIhE8allocateEm:
   45|   104k|      T* allocate(std::size_t n) { return static_cast<T*>(allocate_memory(n, sizeof(T))); }
_ZN5Botan16secure_allocatorIhE10deallocateEPhm:
   47|   104k|      void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); }
_ZN5Botan16secure_allocatorImE10deallocateEPmm:
   47|    308|      void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); }
_ZN5Botan16secure_allocatorImE8allocateEm:
   45|    308|      T* allocate(std::size_t n) { return static_cast<T*>(allocate_memory(n, sizeof(T))); }
_ZN5BotanneIhhEEbRKNS_16secure_allocatorIT_EERKNS1_IT0_EE:
   56|    836|inline bool operator!=(const secure_allocator<T>&, const secure_allocator<U>&) {
   57|    836|   return false;
   58|    836|}
_ZN5Botan7zeroiseIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIT_T0_EE:
  108|  44.7k|void zeroise(std::vector<T, Alloc>& vec) {
  109|  44.7k|   clear_mem(vec.data(), vec.size());
  110|  44.7k|}
_ZN5BotanpLIhNS_16secure_allocatorIhEEmEERNSt3__16vectorIT_T0_EES8_RKNS3_4pairIPS5_T1_EE:
   98|  11.3k|std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, const std::pair<T*, L>& in) {
   99|  11.3k|   out.insert(out.end(), in.first, in.first + in.second);
  100|  11.3k|   return out;
  101|  11.3k|}
_ZN5Botan16secure_allocatorIjE10deallocateEPjm:
   47|  38.2k|      void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); }
_ZN5Botan16secure_allocatorIjE8allocateEm:
   45|  38.2k|      T* allocate(std::size_t n) { return static_cast<T*>(allocate_memory(n, sizeof(T))); }

_ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2Ev:
   42|  13.1k|      Strong_Base() = default;
_ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2EOS7_:
   44|  14.3k|      Strong_Base(Strong_Base&&) = default;
_ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2ES6_:
   48|  16.7k|      constexpr explicit Strong_Base(T v) : m_value(std::move(v)) {}
_ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEaSEOS7_:
   46|  13.0k|      Strong_Base& operator=(Strong_Base&&) = default;

_ZN5Botan3TLS13TLS_ExceptionC2ENS0_9AlertTypeENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE:
   26|  2.46k|            Exception(err_msg), m_alert_type(type) {}

_ZNK5Botan3TLS9Extension14is_implementedEv:
  109|    231|      virtual bool is_implemented() const { return true; }
_ZN5Botan3TLS21Server_Name_Indicator11static_typeEv:
  119|  31.5k|      static Extension_Code static_type() { return Extension_Code::ServerNameIndication; }
_ZNK5Botan3TLS21Server_Name_Indicator4typeEv:
  121|  31.5k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS23Renegotiation_Extension11static_typeEv:
  142|  5.43k|      static Extension_Code static_type() { return Extension_Code::SafeRenegotiation; }
_ZNK5Botan3TLS23Renegotiation_Extension4typeEv:
  144|  3.45k|      Extension_Code type() const override { return static_type(); }
_ZNK5Botan3TLS23Renegotiation_Extension18renegotiation_infoEv:
  152|     76|      const std::vector<uint8_t>& renegotiation_info() const { return m_reneg_data; }
_ZN5Botan3TLS39Application_Layer_Protocol_Notification11static_typeEv:
  167|  17.7k|      static Extension_Code static_type() { return Extension_Code::ApplicationLayerProtocolNegotiation; }
_ZNK5Botan3TLS39Application_Layer_Protocol_Notification4typeEv:
  169|  17.7k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS24Session_Ticket_Extension11static_typeEv:
  202|  3.30k|      static Extension_Code static_type() { return Extension_Code::SessionTicket; }
_ZNK5Botan3TLS24Session_Ticket_Extension4typeEv:
  204|  3.30k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS16Supported_Groups11static_typeEv:
  239|  15.6k|      static Extension_Code static_type() { return Extension_Code::SupportedGroups; }
_ZNK5Botan3TLS16Supported_Groups4typeEv:
  241|  14.1k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS23Supported_Point_Formats11static_typeEv:
  273|  1.23k|      static Extension_Code static_type() { return Extension_Code::EcPointFormats; }
_ZNK5Botan3TLS23Supported_Point_Formats4typeEv:
  275|  1.23k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS20Signature_Algorithms11static_typeEv:
  296|  14.5k|      static Extension_Code static_type() { return Extension_Code::SignatureAlgorithms; }
_ZNK5Botan3TLS20Signature_Algorithms4typeEv:
  298|  12.8k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS25Signature_Algorithms_Cert11static_typeEv:
  329|    899|      static Extension_Code static_type() { return Extension_Code::CertSignatureAlgorithms; }
_ZNK5Botan3TLS25Signature_Algorithms_Cert4typeEv:
  331|    899|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS24SRTP_Protection_Profiles11static_typeEv:
  352|  1.36k|      static Extension_Code static_type() { return Extension_Code::UseSrtp; }
_ZNK5Botan3TLS24SRTP_Protection_Profiles4typeEv:
  354|  1.36k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS22Extended_Master_Secret11static_typeEv:
  377|  2.68k|      static Extension_Code static_type() { return Extension_Code::ExtendedMasterSecret; }
_ZNK5Botan3TLS22Extended_Master_Secret4typeEv:
  379|  2.68k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS16Encrypt_then_MAC11static_typeEv:
  395|  1.56k|      static Extension_Code static_type() { return Extension_Code::EncryptThenMac; }
_ZNK5Botan3TLS16Encrypt_then_MAC4typeEv:
  397|  1.56k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS26Certificate_Status_Request11static_typeEv:
  415|  5.93k|      static Extension_Code static_type() { return Extension_Code::CertificateStatusRequest; }
_ZNK5Botan3TLS26Certificate_Status_Request4typeEv:
  417|  5.93k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS18Supported_Versions11static_typeEv:
  453|  32.8k|      static Extension_Code static_type() { return Extension_Code::SupportedVersions; }
_ZNK5Botan3TLS18Supported_Versions4typeEv:
  455|  13.3k|      Extension_Code type() const override { return static_type(); }
_ZNK5Botan3TLS18Supported_Versions8versionsEv:
  469|    236|      const std::vector<Protocol_Version>& versions() const { return m_versions; }
_ZN5Botan3TLS17Record_Size_Limit11static_typeEv:
  484|  3.40k|      static Extension_Code static_type() { return Extension_Code::RecordSizeLimit; }
_ZNK5Botan3TLS17Record_Size_Limit4typeEv:
  486|  3.40k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS6Cookie11static_typeEv:
  510|  2.77k|      static Extension_Code static_type() { return Extension_Code::Cookie; }
_ZNK5Botan3TLS6Cookie4typeEv:
  512|  2.77k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS22PSK_Key_Exchange_Modes11static_typeEv:
  533|  3.70k|      static Extension_Code static_type() { return Extension_Code::PskKeyExchangeModes; }
_ZNK5Botan3TLS22PSK_Key_Exchange_Modes4typeEv:
  535|  3.56k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS23Certificate_Authorities11static_typeEv:
  556|  6.38k|      static Extension_Code static_type() { return Extension_Code::CertificateAuthorities; }
_ZNK5Botan3TLS23Certificate_Authorities4typeEv:
  558|  6.38k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS3PSK11static_typeEv:
  578|  3.94k|      static Extension_Code static_type() { return Extension_Code::PresharedKey; }
_ZNK5Botan3TLS3PSK4typeEv:
  580|  2.65k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS9Key_Share11static_typeEv:
  657|  13.7k|      static Extension_Code static_type() { return Extension_Code::KeyShare; }
_ZNK5Botan3TLS9Key_Share4typeEv:
  659|  12.0k|      Extension_Code type() const override { return static_type(); }
_ZN5Botan3TLS19EarlyDataIndication11static_typeEv:
  723|  9.57k|      static Extension_Code static_type() { return Extension_Code::EarlyData; }
_ZNK5Botan3TLS19EarlyDataIndication4typeEv:
  725|  9.57k|      Extension_Code type() const override { return static_type(); }
_ZNK5Botan3TLS17Unknown_Extension4typeEv:
  762|   562k|      Extension_Code type() const override { return m_type; }
_ZNK5Botan3TLS17Unknown_Extension14is_implementedEv:
  764|  22.1k|      bool is_implemented() const override { return false; }
_ZNK5Botan3TLS10Extensions3allEv:
  778|    123|      const std::vector<std::unique_ptr<Extension>>& all() const { return m_extensions; }
_ZNK5Botan3TLS10Extensions3hasENS0_14Extension_CodeE:
  790|   102k|      bool has(Extension_Code type) const { return get(type) != nullptr; }
_ZN5Botan3TLS10Extensions3addEPNS0_9ExtensionE:
  796|  1.90k|      void add(Extension* extn) { add(std::unique_ptr<Extension>(extn)); }
_ZZNK5Botan3TLS10Extensions3getENS0_14Extension_CodeEENKUlRKT_E_clINSt3__110unique_ptrINS0_9ExtensionENS8_14default_deleteISA_EEEEEEDaS5_:
  800|   630k|            m_extensions.cbegin(), m_extensions.cend(), [type](const auto& ext) { return ext->type() == type; });
_ZNK5Botan3TLS10Extensions3getENS0_14Extension_CodeE:
  798|   152k|      Extension* get(Extension_Code type) const {
  799|   152k|         const auto i = std::find_if(
  800|   152k|            m_extensions.cbegin(), m_extensions.cend(), [type](const auto& ext) { return ext->type() == type; });
  801|       |
  802|   152k|         return (i != m_extensions.end()) ? i->get() : nullptr;
  ------------------
  |  Branch (802:17): [True: 30.8k, False: 122k]
  ------------------
  803|   152k|      }
_ZNK5Botan3TLS10Extensions42contains_implemented_extensions_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEE:
  822|  8.64k|      bool contains_implemented_extensions_other_than(const std::set<Extension_Code>& allowed_extensions) const {
  823|  8.64k|         return contains_other_than(allowed_extensions, true);
  824|  8.64k|      }
_ZN5Botan3TLS23Renegotiation_ExtensionC2Ev:
  146|  1.90k|      Renegotiation_Extension() = default;
_ZN5Botan3TLS9ExtensionD2Ev:
  111|  52.8k|      virtual ~Extension() = default;
_ZNK5Botan3TLS10Extensions3hasINS0_18Supported_VersionsEEEbv:
  786|  18.3k|      bool has() const {
  787|  18.3k|         return get<T>() != nullptr;
  788|  18.3k|      }
_ZNK5Botan3TLS10Extensions3getINS0_18Supported_VersionsEEEPT_v:
  781|  19.5k|      T* get() const {
  782|  19.5k|         return dynamic_cast<T*>(get(T::static_type()));
  783|  19.5k|      }
_ZN5Botan3TLS10ExtensionsC2Ev:
  859|  24.3k|      Extensions() = default;
_ZNK5Botan3TLS10Extensions3getINS0_20Signature_AlgorithmsEEEPT_v:
  781|  1.70k|      T* get() const {
  782|  1.70k|         return dynamic_cast<T*>(get(T::static_type()));
  783|  1.70k|      }
_ZNK5Botan3TLS10Extensions3getINS0_16Supported_GroupsEEEPT_v:
  781|  1.54k|      T* get() const {
  782|  1.54k|         return dynamic_cast<T*>(get(T::static_type()));
  783|  1.54k|      }
_ZNK5Botan3TLS10Extensions3getINS0_23Renegotiation_ExtensionEEEPT_v:
  781|  1.98k|      T* get() const {
  782|  1.98k|         return dynamic_cast<T*>(get(T::static_type()));
  783|  1.98k|      }
_ZNK5Botan3TLS10Extensions3hasINS0_20Signature_AlgorithmsEEEbv:
  786|  1.70k|      bool has() const {
  787|  1.70k|         return get<T>() != nullptr;
  788|  1.70k|      }
_ZNK5Botan3TLS10Extensions3hasINS0_3PSKEEEbv:
  786|  1.28k|      bool has() const {
  787|  1.28k|         return get<T>() != nullptr;
  788|  1.28k|      }
_ZNK5Botan3TLS10Extensions3hasINS0_22PSK_Key_Exchange_ModesEEEbv:
  786|    138|      bool has() const {
  787|    138|         return get<T>() != nullptr;
  788|    138|      }
_ZNK5Botan3TLS10Extensions3getINS0_22PSK_Key_Exchange_ModesEEEPT_v:
  781|    138|      T* get() const {
  782|    138|         return dynamic_cast<T*>(get(T::static_type()));
  783|    138|      }
_ZNK5Botan3TLS10Extensions3hasINS0_16Supported_GroupsEEEbv:
  786|  1.08k|      bool has() const {
  787|  1.08k|         return get<T>() != nullptr;
  788|  1.08k|      }
_ZNK5Botan3TLS10Extensions3hasINS0_9Key_ShareEEEbv:
  786|  1.29k|      bool has() const {
  787|  1.29k|         return get<T>() != nullptr;
  788|  1.29k|      }
_ZNK5Botan3TLS10Extensions3getINS0_9Key_ShareEEEPT_v:
  781|  1.74k|      T* get() const {
  782|  1.74k|         return dynamic_cast<T*>(get(T::static_type()));
  783|  1.74k|      }
_ZNK5Botan3TLS10Extensions3getINS0_3PSKEEEPT_v:
  781|  1.28k|      T* get() const {
  782|  1.28k|         return dynamic_cast<T*>(get(T::static_type()));
  783|  1.28k|      }
_ZN5Botan3TLS10ExtensionsC2EOS1_:
  860|  8.41k|      Extensions(Extensions&&) = default;

_ZN5Botan3TLS17Handshake_MessageD2Ev:
   52|  98.2k|      virtual ~Handshake_Message() = default;
_ZN5Botan3TLS17Handshake_MessageC2Ev:
   53|  32.3k|      Handshake_Message() = default;
_ZN5Botan3TLS17Handshake_MessageC2EOS1_:
   55|  65.9k|      Handshake_Message(Handshake_Message&&) = default;

_ZNK5Botan3TLS20Encrypted_Extensions4typeEv:
  463|  8.48k|      Handshake_Type type() const override { return Handshake_Type::EncryptedExtensions; }

_ZNK5Botan3TLS16Signature_SchemeeqERKS1_:
   91|  9.61k|      bool operator==(const Signature_Scheme& rhs) const { return m_code == rhs.m_code; }

_ZN5Botan3TLS6TicketC2ENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_22Opaque_Session_Handle_EJEEEj:
   32|  3.17k|            m_identity(std::move(identity)), m_obfuscated_age(obfuscated_age) {}

_ZN5Botan3TLS16Protocol_VersionC2Ev:
   51|  13.1k|      Protocol_Version() : m_version(0) {}
_ZN5Botan3TLS16Protocol_VersionC2Et:
   53|  49.7k|      explicit Protocol_Version(uint16_t code) : m_version(code) {}
_ZN5Botan3TLS16Protocol_VersionC2ENS0_12Version_CodeE:
   58|  31.6k|      Protocol_Version(Version_Code named_version) : Protocol_Version(static_cast<uint16_t>(named_version)) {}
_ZN5Botan3TLS16Protocol_VersionC2Ehh:
   65|  13.0k|            Protocol_Version(static_cast<uint16_t>((static_cast<uint16_t>(major) << 8) | minor)) {}
_ZNK5Botan3TLS16Protocol_Version13major_versionEv:
   80|  74.1k|      uint8_t major_version() const { return static_cast<uint8_t>(m_version >> 8); }
_ZNK5Botan3TLS16Protocol_Version13minor_versionEv:
   85|     96|      uint8_t minor_version() const { return static_cast<uint8_t>(m_version & 0xFF); }
_ZNK5Botan3TLS16Protocol_VersioneqERKS1_:
  115|  32.3k|      bool operator==(const Protocol_Version& other) const { return (m_version == other.m_version); }
_ZNK5Botan3TLS16Protocol_VersionneERKS1_:
  120|    521|      bool operator!=(const Protocol_Version& other) const { return (m_version != other.m_version); }
_ZNK5Botan3TLS16Protocol_VersiongeERKS1_:
  130|  9.97k|      bool operator>=(const Protocol_Version& other) const { return (*this == other || *this > other); }
  ------------------
  |  Branch (130:70): [True: 3, False: 9.97k]
  |  Branch (130:88): [True: 2.84k, False: 7.13k]
  ------------------
_ZNK5Botan3TLS16Protocol_VersionltERKS1_:
  135|  9.27k|      bool operator<(const Protocol_Version& other) const { return !(*this >= other); }
_ZNK5Botan3TLS16Protocol_VersionleERKS1_:
  140|  18.9k|      bool operator<=(const Protocol_Version& other) const { return (*this == other || *this < other); }
  ------------------
  |  Branch (140:70): [True: 9.66k, False: 9.27k]
  |  Branch (140:88): [True: 6.45k, False: 2.82k]
  ------------------

_ZN5Botan11X509_ObjectD2Ev:
  103|  2.78k|      virtual ~X509_Object() = default;
_ZNK5Botan11X509_Object11signed_bodyEv:
   42|    444|      const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
_ZN5Botan11X509_ObjectC2Ev:
  121|  2.78k|      X509_Object() = default;

_ZN5Botan16X509_CertificateC2Ev:
  403|  1.39k|      X509_Certificate() = default;

LLVMFuzzerInitialize:
   24|      2|extern "C" int LLVMFuzzerInitialize(int*, char***) {
   25|       |   /*
   26|       |   * This disables the mlock pool, as overwrites within the pool are
   27|       |   * opaque to ASan or other instrumentation.
   28|       |   */
   29|      2|   ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1);
   30|      2|   return 0;
   31|      2|}
LLVMFuzzerTestOneInput:
   34|  5.42k|extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len) {
   35|  5.42k|   if(len <= max_fuzzer_input_size) {
  ------------------
  |  Branch (35:7): [True: 5.41k, False: 9]
  ------------------
   36|  5.41k|      fuzz(in, len);
   37|  5.41k|   }
   38|  5.42k|   return 0;
   39|  5.42k|}

_Z4fuzzPKhm:
   24|  5.41k|void fuzz(const uint8_t in[], size_t len) {
   25|  5.41k|   static Botan::TLS::Default_Policy policy;
   26|       |
   27|  5.41k|   try {
   28|  5.41k|      auto hl1 = prepare(std::span(in, len));
   29|  5.41k|      Botan::TLS::Transcript_Hash_State ths("SHA-256");
   30|  34.5k|      while(hl1.next_message(policy, ths).has_value()) {};
  ------------------
  |  Branch (30:13): [True: 29.1k, False: 5.41k]
  ------------------
   31|       |
   32|  5.41k|      auto hl2 = prepare(std::span(in, len));
   33|  5.41k|      while(hl2.next_post_handshake_message(policy).has_value()) {};
  ------------------
  |  Branch (33:13): [True: 0, False: 5.41k]
  ------------------
   34|  5.41k|   } catch(Botan::Exception& e) {}
   35|  5.41k|}
tls_13_handshake_layer.cpp:_ZN12_GLOBAL__N_17prepareENSt3__14spanIKhLm18446744073709551615EEE:
   16|  6.92k|Botan::TLS::Handshake_Layer prepare(std::span<const uint8_t> data) {
   17|  6.92k|   Botan::TLS::Handshake_Layer hl(Botan::TLS::Connection_Side::Client);
   18|  6.92k|   hl.copy_data(data);
   19|  6.92k|   return hl;
   20|  6.92k|}

_ZN5Botan19AlgorithmIdentifier11decode_fromERNS_11BER_DecoderE:
   81|    843|void AlgorithmIdentifier::decode_from(BER_Decoder& codec) {
   82|    843|   codec.start_sequence().decode(m_oid).raw_bytes(m_parameters).end_cons();
   83|    843|}

_ZNK5Botan10BER_Object11assert_is_aENS_9ASN1_TypeENS_10ASN1_ClassENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE:
   28|  15.4k|void BER_Object::assert_is_a(ASN1_Type expected_type_tag, ASN1_Class expected_class_tag, std::string_view descr) const {
   29|  15.4k|   if(this->is_a(expected_type_tag, expected_class_tag) == false) {
  ------------------
  |  Branch (29:7): [True: 570, False: 14.9k]
  ------------------
   30|    570|      std::stringstream msg;
   31|       |
   32|    570|      msg << "Tag mismatch when decoding " << descr << " got ";
   33|       |
   34|    570|      if(m_class_tag == ASN1_Class::NoObject && m_type_tag == ASN1_Type::NoObject) {
  ------------------
  |  Branch (34:10): [True: 210, False: 360]
  |  Branch (34:49): [True: 210, False: 0]
  ------------------
   35|    210|         msg << "EOF";
   36|    360|      } else {
   37|    360|         if(m_class_tag == ASN1_Class::Universal || m_class_tag == ASN1_Class::Constructed) {
  ------------------
  |  Branch (37:13): [True: 65, False: 295]
  |  Branch (37:53): [True: 210, False: 85]
  ------------------
   38|    275|            msg << asn1_tag_to_string(m_type_tag);
   39|    275|         } else {
   40|     85|            msg << std::to_string(static_cast<uint32_t>(m_type_tag));
   41|     85|         }
   42|       |
   43|    360|         msg << "/" << asn1_class_to_string(m_class_tag);
   44|    360|      }
   45|       |
   46|    570|      msg << " expected ";
   47|       |
   48|    570|      if(expected_class_tag == ASN1_Class::Universal || expected_class_tag == ASN1_Class::Constructed) {
  ------------------
  |  Branch (48:10): [True: 122, False: 448]
  |  Branch (48:57): [True: 448, False: 0]
  ------------------
   49|    570|         msg << asn1_tag_to_string(expected_type_tag);
   50|    570|      } else {
   51|      0|         msg << std::to_string(static_cast<uint32_t>(expected_type_tag));
   52|      0|      }
   53|       |
   54|    570|      msg << "/" << asn1_class_to_string(expected_class_tag);
   55|       |
   56|    570|      throw BER_Decoding_Error(msg.str());
   57|    570|   }
   58|  15.4k|}
_ZNK5Botan10BER_Object4is_aENS_9ASN1_TypeENS_10ASN1_ClassE:
   60|  15.9k|bool BER_Object::is_a(ASN1_Type expected_type_tag, ASN1_Class expected_class_tag) const {
   61|  15.9k|   return (m_type_tag == expected_type_tag && m_class_tag == expected_class_tag);
  ------------------
  |  Branch (61:12): [True: 15.0k, False: 832]
  |  Branch (61:47): [True: 15.0k, False: 20]
  ------------------
   62|  15.9k|}
_ZN5Botan10BER_Object11set_taggingENS_9ASN1_TypeENS_10ASN1_ClassE:
   68|  28.6k|void BER_Object::set_tagging(ASN1_Type type_tag, ASN1_Class class_tag) {
   69|  28.6k|   m_type_tag = type_tag;
   70|  28.6k|   m_class_tag = class_tag;
   71|  28.6k|}
_ZN5Botan20asn1_class_to_stringENS_10ASN1_ClassE:
   73|    930|std::string asn1_class_to_string(ASN1_Class type) {
   74|    930|   switch(type) {
   75|    187|      case ASN1_Class::Universal:
  ------------------
  |  Branch (75:7): [True: 187, False: 743]
  ------------------
   76|    187|         return "UNIVERSAL";
   77|    658|      case ASN1_Class::Constructed:
  ------------------
  |  Branch (77:7): [True: 658, False: 272]
  ------------------
   78|    658|         return "CONSTRUCTED";
   79|     21|      case ASN1_Class::ContextSpecific:
  ------------------
  |  Branch (79:7): [True: 21, False: 909]
  ------------------
   80|     21|         return "CONTEXT_SPECIFIC";
   81|      6|      case ASN1_Class::Application:
  ------------------
  |  Branch (81:7): [True: 6, False: 924]
  ------------------
   82|      6|         return "APPLICATION";
   83|     13|      case ASN1_Class::Private:
  ------------------
  |  Branch (83:7): [True: 13, False: 917]
  ------------------
   84|     13|         return "PRIVATE";
   85|      0|      case ASN1_Class::NoObject:
  ------------------
  |  Branch (85:7): [True: 0, False: 930]
  ------------------
   86|      0|         return "NO_OBJECT";
   87|     45|      default:
  ------------------
  |  Branch (87:7): [True: 45, False: 885]
  ------------------
   88|     45|         return "CLASS(" + std::to_string(static_cast<size_t>(type)) + ")";
   89|    930|   }
   90|    930|}
_ZN5Botan18asn1_tag_to_stringENS_9ASN1_TypeE:
   92|    845|std::string asn1_tag_to_string(ASN1_Type type) {
   93|    845|   switch(type) {
   94|    441|      case ASN1_Type::Sequence:
  ------------------
  |  Branch (94:7): [True: 441, False: 404]
  ------------------
   95|    441|         return "SEQUENCE";
   96|       |
   97|     34|      case ASN1_Type::Set:
  ------------------
  |  Branch (97:7): [True: 34, False: 811]
  ------------------
   98|     34|         return "SET";
   99|       |
  100|      3|      case ASN1_Type::PrintableString:
  ------------------
  |  Branch (100:7): [True: 3, False: 842]
  ------------------
  101|      3|         return "PRINTABLE STRING";
  102|       |
  103|      4|      case ASN1_Type::NumericString:
  ------------------
  |  Branch (103:7): [True: 4, False: 841]
  ------------------
  104|      4|         return "NUMERIC STRING";
  105|       |
  106|      3|      case ASN1_Type::Ia5String:
  ------------------
  |  Branch (106:7): [True: 3, False: 842]
  ------------------
  107|      3|         return "IA5 STRING";
  108|       |
  109|      4|      case ASN1_Type::TeletexString:
  ------------------
  |  Branch (109:7): [True: 4, False: 841]
  ------------------
  110|      4|         return "T61 STRING";
  111|       |
  112|      3|      case ASN1_Type::Utf8String:
  ------------------
  |  Branch (112:7): [True: 3, False: 842]
  ------------------
  113|      3|         return "UTF8 STRING";
  114|       |
  115|      5|      case ASN1_Type::VisibleString:
  ------------------
  |  Branch (115:7): [True: 5, False: 840]
  ------------------
  116|      5|         return "VISIBLE STRING";
  117|       |
  118|      2|      case ASN1_Type::BmpString:
  ------------------
  |  Branch (118:7): [True: 2, False: 843]
  ------------------
  119|      2|         return "BMP STRING";
  120|       |
  121|      5|      case ASN1_Type::UniversalString:
  ------------------
  |  Branch (121:7): [True: 5, False: 840]
  ------------------
  122|      5|         return "UNIVERSAL STRING";
  123|       |
  124|      1|      case ASN1_Type::UtcTime:
  ------------------
  |  Branch (124:7): [True: 1, False: 844]
  ------------------
  125|      1|         return "UTC TIME";
  126|       |
  127|      1|      case ASN1_Type::GeneralizedTime:
  ------------------
  |  Branch (127:7): [True: 1, False: 844]
  ------------------
  128|      1|         return "GENERALIZED TIME";
  129|       |
  130|      5|      case ASN1_Type::OctetString:
  ------------------
  |  Branch (130:7): [True: 5, False: 840]
  ------------------
  131|      5|         return "OCTET STRING";
  132|       |
  133|     40|      case ASN1_Type::BitString:
  ------------------
  |  Branch (133:7): [True: 40, False: 805]
  ------------------
  134|     40|         return "BIT STRING";
  135|       |
  136|      1|      case ASN1_Type::Enumerated:
  ------------------
  |  Branch (136:7): [True: 1, False: 844]
  ------------------
  137|      1|         return "ENUMERATED";
  138|       |
  139|     93|      case ASN1_Type::Integer:
  ------------------
  |  Branch (139:7): [True: 93, False: 752]
  ------------------
  140|     93|         return "INTEGER";
  141|       |
  142|      1|      case ASN1_Type::Null:
  ------------------
  |  Branch (142:7): [True: 1, False: 844]
  ------------------
  143|      1|         return "NULL";
  144|       |
  145|      5|      case ASN1_Type::ObjectId:
  ------------------
  |  Branch (145:7): [True: 5, False: 840]
  ------------------
  146|      5|         return "OBJECT";
  147|       |
  148|     13|      case ASN1_Type::Boolean:
  ------------------
  |  Branch (148:7): [True: 13, False: 832]
  ------------------
  149|     13|         return "BOOLEAN";
  150|       |
  151|      1|      case ASN1_Type::NoObject:
  ------------------
  |  Branch (151:7): [True: 1, False: 844]
  ------------------
  152|      1|         return "NO_OBJECT";
  153|       |
  154|    180|      default:
  ------------------
  |  Branch (154:7): [True: 180, False: 665]
  ------------------
  155|    180|         return "TAG(" + std::to_string(static_cast<uint32_t>(type)) + ")";
  156|    845|   }
  157|    845|}
_ZN5Botan18BER_Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
  162|  1.11k|BER_Decoding_Error::BER_Decoding_Error(std::string_view str) : Decoding_Error(fmt("BER: {}", str)) {}
_ZN5Botan11BER_Bad_TagC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEj:
  164|     59|BER_Bad_Tag::BER_Bad_Tag(std::string_view str, uint32_t tagging) : BER_Decoding_Error(fmt("{}: {}", str, tagging)) {}
_ZN5Botan4ASN19to_stringERKNS_10BER_ObjectE:
  184|  1.55k|std::string to_string(const BER_Object& obj) { return std::string(cast_uint8_ptr_to_char(obj.bits()), obj.length()); }
_ZN5Botan4ASN19maybe_BERERNS_10DataSourceE:
  189|  1.38k|bool maybe_BER(DataSource& source) {
  190|  1.38k|   uint8_t first_u8;
  191|  1.38k|   if(!source.peek_byte(first_u8)) {
  ------------------
  |  Branch (191:7): [True: 1, False: 1.38k]
  ------------------
  192|      1|      BOTAN_ASSERT_EQUAL(source.read_byte(first_u8), 0, "Expected EOF");
  ------------------
  |  |   69|      1|   do {                                                                                                \
  |  |   70|      1|      if((expr1) != (expr2))                                                                           \
  |  |  ------------------
  |  |  |  Branch (70:10): [True: 0, False: 1]
  |  |  ------------------
  |  |   71|      1|         Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \
  |  |   72|      1|   } while(0)
  |  |  ------------------
  |  |  |  Branch (72:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  193|      1|      throw Stream_IO_Error("ASN1::maybe_BER: Source was empty");
  194|      1|   }
  195|       |
  196|  1.38k|   const auto cons_seq = static_cast<uint8_t>(ASN1_Class::Constructed) | static_cast<uint8_t>(ASN1_Type::Sequence);
  197|  1.38k|   if(first_u8 == cons_seq) {
  ------------------
  |  Branch (197:7): [True: 1.18k, False: 196]
  ------------------
  198|  1.18k|      return true;
  199|  1.18k|   }
  200|    196|   return false;
  201|  1.38k|}

_ZN5Botan3OID11decode_fromERNS_11BER_DecoderE:
  185|  3.40k|void OID::decode_from(BER_Decoder& decoder) {
  186|  3.40k|   BER_Object obj = decoder.get_next_object();
  187|  3.40k|   if(obj.tagging() != (ASN1_Class::Universal | ASN1_Type::ObjectId)) {
  ------------------
  |  Branch (187:7): [True: 59, False: 3.34k]
  ------------------
  188|     59|      throw BER_Bad_Tag("Error decoding OID, unknown tag", obj.tagging());
  189|     59|   }
  190|       |
  191|  3.34k|   const size_t length = obj.length();
  192|  3.34k|   const uint8_t* bits = obj.bits();
  193|       |
  194|  3.34k|   if(length < 2 && !(length == 1 && bits[0] == 0)) {
  ------------------
  |  Branch (194:7): [True: 254, False: 3.09k]
  |  Branch (194:23): [True: 253, False: 1]
  |  Branch (194:38): [True: 246, False: 7]
  ------------------
  195|      8|      throw BER_Decoding_Error("OID encoding is too short");
  196|      8|   }
  197|       |
  198|  3.33k|   m_id.clear();
  199|  3.33k|   m_id.push_back(bits[0] / 40);
  200|  3.33k|   m_id.push_back(bits[0] % 40);
  201|       |
  202|  3.33k|   size_t i = 0;
  203|  19.0k|   while(i != length - 1) {
  ------------------
  |  Branch (203:10): [True: 15.7k, False: 3.30k]
  ------------------
  204|  15.7k|      uint32_t component = 0;
  205|  18.6k|      while(i != length - 1) {
  ------------------
  |  Branch (205:13): [True: 17.9k, False: 715]
  ------------------
  206|  17.9k|         ++i;
  207|       |
  208|  17.9k|         if(component >> (32 - 7)) {
  ------------------
  |  Branch (208:13): [True: 37, False: 17.9k]
  ------------------
  209|     37|            throw Decoding_Error("OID component overflow");
  210|     37|         }
  211|       |
  212|  17.9k|         component = (component << 7) + (bits[i] & 0x7F);
  213|       |
  214|  17.9k|         if(!(bits[i] & 0x80)) {
  ------------------
  |  Branch (214:13): [True: 15.0k, False: 2.90k]
  ------------------
  215|  15.0k|            break;
  216|  15.0k|         }
  217|  17.9k|      }
  218|  15.7k|      m_id.push_back(component);
  219|  15.7k|   }
  220|  3.33k|}

_ZN5Botan11ASN1_StringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_9ASN1_TypeE:
   62|  2.72k|ASN1_String::ASN1_String(std::string_view str, ASN1_Type t) : m_utf8_str(str), m_tag(t) {
   63|  2.72k|   if(!is_utf8_subset_string_type(m_tag)) {
  ------------------
  |  Branch (63:7): [True: 0, False: 2.72k]
  ------------------
   64|      0|      throw Invalid_Argument("ASN1_String only supports encoding to UTF-8 or a UTF-8 subset");
   65|      0|   }
   66|  2.72k|}
_ZN5Botan11ASN1_StringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
   68|  2.72k|ASN1_String::ASN1_String(std::string_view str) : ASN1_String(str, choose_encoding(str)) {}
_ZN5Botan11ASN1_String11decode_fromERNS_11BER_DecoderE:
   86|  2.65k|void ASN1_String::decode_from(BER_Decoder& source) {
   87|  2.65k|   BER_Object obj = source.get_next_object();
   88|       |
   89|  2.65k|   if(!is_asn1_string_type(obj.type())) {
  ------------------
  |  Branch (89:7): [True: 84, False: 2.57k]
  ------------------
   90|     84|      auto typ = static_cast<uint32_t>(obj.type());
   91|     84|      throw Decoding_Error(fmt("ASN1_String: Unknown string type {}", typ));
   92|     84|   }
   93|       |
   94|  2.57k|   m_tag = obj.type();
   95|  2.57k|   m_data.assign(obj.bits(), obj.bits() + obj.length());
   96|       |
   97|  2.57k|   if(m_tag == ASN1_Type::BmpString) {
  ------------------
  |  Branch (97:7): [True: 526, False: 2.04k]
  ------------------
   98|    526|      m_utf8_str = ucs2_to_utf8(m_data.data(), m_data.size());
   99|  2.04k|   } else if(m_tag == ASN1_Type::UniversalString) {
  ------------------
  |  Branch (99:14): [True: 235, False: 1.81k]
  ------------------
  100|    235|      m_utf8_str = ucs4_to_utf8(m_data.data(), m_data.size());
  101|  1.81k|   } else if(m_tag == ASN1_Type::TeletexString) {
  ------------------
  |  Branch (101:14): [True: 383, False: 1.42k]
  ------------------
  102|       |      /*
  103|       |      TeletexString is nominally ITU T.61 not ISO-8859-1 but it seems
  104|       |      the majority of implementations actually used that charset here.
  105|       |      */
  106|    383|      m_utf8_str = latin1_to_utf8(m_data.data(), m_data.size());
  107|  1.42k|   } else {
  108|       |      // All other supported string types are UTF-8 or some subset thereof
  109|  1.42k|      m_utf8_str = ASN1::to_string(obj);
  110|  1.42k|   }
  111|  2.57k|}
asn1_str.cpp:_ZN5Botan12_GLOBAL__N_119is_asn1_string_typeENS_9ASN1_TypeE:
   52|  2.65k|bool is_asn1_string_type(ASN1_Type tag) {
   53|  2.65k|   return (is_utf8_subset_string_type(tag) || tag == ASN1_Type::TeletexString || tag == ASN1_Type::BmpString ||
  ------------------
  |  Branch (53:12): [True: 1.42k, False: 1.22k]
  |  Branch (53:47): [True: 383, False: 845]
  |  Branch (53:82): [True: 526, False: 319]
  ------------------
   54|  2.65k|           tag == ASN1_Type::UniversalString);
  ------------------
  |  Branch (54:12): [True: 235, False: 84]
  ------------------
   55|  2.65k|}
asn1_str.cpp:_ZN5Botan12_GLOBAL__N_126is_utf8_subset_string_typeENS_9ASN1_TypeE:
   47|  5.37k|bool is_utf8_subset_string_type(ASN1_Type tag) {
   48|  5.37k|   return (tag == ASN1_Type::NumericString || tag == ASN1_Type::PrintableString || tag == ASN1_Type::VisibleString ||
  ------------------
  |  Branch (48:12): [True: 114, False: 5.25k]
  |  Branch (48:47): [True: 3.10k, False: 2.14k]
  |  Branch (48:84): [True: 620, False: 1.52k]
  ------------------
   49|  5.37k|           tag == ASN1_Type::Ia5String || tag == ASN1_Type::Utf8String);
  ------------------
  |  Branch (49:12): [True: 252, False: 1.27k]
  |  Branch (49:43): [True: 49, False: 1.22k]
  ------------------
   50|  5.37k|}
asn1_str.cpp:_ZN5Botan12_GLOBAL__N_115choose_encodingENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
   23|  2.72k|ASN1_Type choose_encoding(std::string_view str) {
   24|  2.72k|   auto all_printable = CT::Mask<uint8_t>::set();
   25|       |
   26|  2.72k|   for(size_t i = 0; i != str.size(); ++i) {
  ------------------
  |  Branch (26:22): [True: 0, False: 2.72k]
  ------------------
   27|      0|      const uint8_t c = static_cast<uint8_t>(str[i]);
   28|       |
   29|      0|      auto is_alpha_lower = CT::Mask<uint8_t>::is_within_range(c, 'a', 'z');
   30|      0|      auto is_alpha_upper = CT::Mask<uint8_t>::is_within_range(c, 'A', 'Z');
   31|      0|      auto is_decimal = CT::Mask<uint8_t>::is_within_range(c, '0', '9');
   32|       |
   33|      0|      auto is_print_punc = CT::Mask<uint8_t>::is_any_of(c, {' ', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'});
   34|       |
   35|      0|      auto is_printable = is_alpha_lower | is_alpha_upper | is_decimal | is_print_punc;
   36|       |
   37|      0|      all_printable &= is_printable;
   38|      0|   }
   39|       |
   40|  2.72k|   if(all_printable.is_set()) {
  ------------------
  |  Branch (40:7): [True: 2.72k, False: 0]
  ------------------
   41|  2.72k|      return ASN1_Type::PrintableString;
   42|  2.72k|   } else {
   43|      0|      return ASN1_Type::Utf8String;
   44|      0|   }
   45|  2.72k|}

_ZN5Botan9ASN1_Time11decode_fromERNS_11BER_DecoderE:
   51|    136|void ASN1_Time::decode_from(BER_Decoder& source) {
   52|    136|   BER_Object ber_time = source.get_next_object();
   53|       |
   54|    136|   set_to(ASN1::to_string(ber_time), ber_time.type());
   55|    136|}
_ZN5Botan9ASN1_Time6set_toENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_9ASN1_TypeE:
  153|    130|void ASN1_Time::set_to(std::string_view t_spec, ASN1_Type spec_tag) {
  154|    130|   BOTAN_ARG_CHECK(spec_tag == ASN1_Type::UtcTime || spec_tag == ASN1_Type::GeneralizedTime,
  ------------------
  |  |   30|    130|   do {                                                          \
  |  |   31|    214|      if(!(expr))                                                \
  |  |  ------------------
  |  |  |  Branch (31:12): [True: 46, False: 84]
  |  |  |  Branch (31:12): [True: 38, False: 46]
  |  |  ------------------
  |  |   32|    130|         Botan::throw_invalid_argument(msg, __func__, __FILE__); \
  |  |   33|    130|   } while(0)
  |  |  ------------------
  |  |  |  Branch (33:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  155|    130|                   "Invalid tag for ASN1_Time");
  156|       |
  157|    130|   if(spec_tag == ASN1_Type::GeneralizedTime) {
  ------------------
  |  Branch (157:7): [True: 38, False: 92]
  ------------------
  158|     38|      BOTAN_ARG_CHECK(t_spec.size() == 15, "Invalid GeneralizedTime input string");
  ------------------
  |  |   30|     38|   do {                                                          \
  |  |   31|     38|      if(!(expr))                                                \
  |  |  ------------------
  |  |  |  Branch (31:10): [True: 2, False: 36]
  |  |  ------------------
  |  |   32|     38|         Botan::throw_invalid_argument(msg, __func__, __FILE__); \
  |  |   33|     38|   } while(0)
  |  |  ------------------
  |  |  |  Branch (33:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  159|     92|   } else if(spec_tag == ASN1_Type::UtcTime) {
  ------------------
  |  Branch (159:14): [True: 46, False: 46]
  ------------------
  160|     46|      BOTAN_ARG_CHECK(t_spec.size() == 13, "Invalid UTCTime input string");
  ------------------
  |  |   30|     46|   do {                                                          \
  |  |   31|     46|      if(!(expr))                                                \
  |  |  ------------------
  |  |  |  Branch (31:10): [True: 11, False: 35]
  |  |  ------------------
  |  |   32|     46|         Botan::throw_invalid_argument(msg, __func__, __FILE__); \
  |  |   33|     46|   } while(0)
  |  |  ------------------
  |  |  |  Branch (33:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  161|     46|   }
  162|       |
  163|    130|   BOTAN_ARG_CHECK(t_spec.back() == 'Z', "Botan does not support ASN1 times with timezones other than Z");
  ------------------
  |  |   30|    130|   do {                                                          \
  |  |   31|    130|      if(!(expr))                                                \
  |  |  ------------------
  |  |  |  Branch (31:10): [True: 3, False: 127]
  |  |  ------------------
  |  |   32|    130|         Botan::throw_invalid_argument(msg, __func__, __FILE__); \
  |  |   33|    130|   } while(0)
  |  |  ------------------
  |  |  |  Branch (33:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  164|       |
  165|    130|   const size_t field_len = 2;
  166|       |
  167|    130|   const size_t year_start = 0;
  168|    130|   const size_t year_len = (spec_tag == ASN1_Type::UtcTime) ? 2 : 4;
  ------------------
  |  Branch (168:28): [True: 34, False: 96]
  ------------------
  169|    130|   const size_t month_start = year_start + year_len;
  170|    130|   const size_t day_start = month_start + field_len;
  171|    130|   const size_t hour_start = day_start + field_len;
  172|    130|   const size_t min_start = hour_start + field_len;
  173|    130|   const size_t sec_start = min_start + field_len;
  174|       |
  175|    130|   m_year = to_u32bit(t_spec.substr(year_start, year_len));
  176|    130|   m_month = to_u32bit(t_spec.substr(month_start, field_len));
  177|    130|   m_day = to_u32bit(t_spec.substr(day_start, field_len));
  178|    130|   m_hour = to_u32bit(t_spec.substr(hour_start, field_len));
  179|    130|   m_minute = to_u32bit(t_spec.substr(min_start, field_len));
  180|    130|   m_second = to_u32bit(t_spec.substr(sec_start, field_len));
  181|    130|   m_tag = spec_tag;
  182|       |
  183|    130|   if(spec_tag == ASN1_Type::UtcTime) {
  ------------------
  |  Branch (183:7): [True: 29, False: 101]
  ------------------
  184|     29|      if(m_year >= 50) {
  ------------------
  |  Branch (184:10): [True: 7, False: 22]
  ------------------
  185|      7|         m_year += 1900;
  186|     22|      } else {
  187|     22|         m_year += 2000;
  188|     22|      }
  189|     29|   }
  190|       |
  191|    130|   if(!passes_sanity_check()) {
  ------------------
  |  Branch (191:7): [True: 38, False: 92]
  ------------------
  192|     38|      throw Invalid_Argument(fmt("ASN1_Time string '{}' does not seem to be valid", t_spec));
  193|     38|   }
  194|    130|}
_ZNK5Botan9ASN1_Time19passes_sanity_checkEv:
  199|     53|bool ASN1_Time::passes_sanity_check() const {
  200|       |   // AppVeyor's trust store includes a cert with expiration date in 3016 ...
  201|     53|   if(m_year < 1950 || m_year > 3100) {
  ------------------
  |  Branch (201:7): [True: 2, False: 51]
  |  Branch (201:24): [True: 6, False: 45]
  ------------------
  202|      8|      return false;
  203|      8|   }
  204|     45|   if(m_month == 0 || m_month > 12) {
  ------------------
  |  Branch (204:7): [True: 1, False: 44]
  |  Branch (204:23): [True: 6, False: 38]
  ------------------
  205|      7|      return false;
  206|      7|   }
  207|       |
  208|     38|   const uint32_t days_in_month[12] = {31, 28 + 1, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
  209|       |
  210|     38|   if(m_day == 0 || m_day > days_in_month[m_month - 1]) {
  ------------------
  |  Branch (210:7): [True: 1, False: 37]
  |  Branch (210:21): [True: 8, False: 29]
  ------------------
  211|      9|      return false;
  212|      9|   }
  213|       |
  214|     29|   if(m_month == 2 && m_day == 29) {
  ------------------
  |  Branch (214:7): [True: 8, False: 21]
  |  Branch (214:23): [True: 5, False: 3]
  ------------------
  215|      5|      if(m_year % 4 != 0) {
  ------------------
  |  Branch (215:10): [True: 1, False: 4]
  ------------------
  216|      1|         return false;  // not a leap year
  217|      1|      }
  218|       |
  219|      4|      if(m_year % 100 == 0 && m_year % 400 != 0) {
  ------------------
  |  Branch (219:10): [True: 2, False: 2]
  |  Branch (219:31): [True: 1, False: 1]
  ------------------
  220|      1|         return false;
  221|      1|      }
  222|      4|   }
  223|       |
  224|     27|   if(m_hour >= 24 || m_minute >= 60 || m_second > 60) {
  ------------------
  |  Branch (224:7): [True: 3, False: 24]
  |  Branch (224:23): [True: 2, False: 22]
  |  Branch (224:41): [True: 5, False: 17]
  ------------------
  225|     10|      return false;
  226|     10|   }
  227|       |
  228|     17|   if(m_tag == ASN1_Type::UtcTime) {
  ------------------
  |  Branch (228:7): [True: 12, False: 5]
  ------------------
  229|       |      /*
  230|       |      UTCTime limits the value of components such that leap seconds
  231|       |      are not covered. See "UNIVERSAL 23" in "Information technology
  232|       |      Abstract Syntax Notation One (ASN.1): Specification of basic notation"
  233|       |
  234|       |      http://www.itu.int/ITU-T/studygroups/com17/languages/
  235|       |      */
  236|     12|      if(m_second > 59) {
  ------------------
  |  Branch (236:10): [True: 2, False: 10]
  ------------------
  237|      2|         return false;
  238|      2|      }
  239|     12|   }
  240|       |
  241|     15|   return true;
  242|     17|}

_ZNK5Botan11BER_Decoder10more_itemsEv:
  195|  14.0k|bool BER_Decoder::more_items() const {
  196|  14.0k|   if(m_source->end_of_data() && !m_pushed.is_set()) {
  ------------------
  |  Branch (196:7): [True: 8.32k, False: 5.67k]
  |  Branch (196:34): [True: 8.32k, False: 0]
  ------------------
  197|  8.32k|      return false;
  198|  8.32k|   }
  199|  5.67k|   return true;
  200|  14.0k|}
_ZN5Botan11BER_Decoder10verify_endEv:
  205|     22|BER_Decoder& BER_Decoder::verify_end() { return verify_end("BER_Decoder::verify_end called, but data remains"); }
_ZN5Botan11BER_Decoder10verify_endENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
  210|     22|BER_Decoder& BER_Decoder::verify_end(std::string_view err) {
  211|     22|   if(!m_source->end_of_data() || m_pushed.is_set()) {
  ------------------
  |  Branch (211:7): [True: 7, False: 15]
  |  Branch (211:35): [True: 0, False: 15]
  ------------------
  212|      7|      throw Decoding_Error(err);
  213|      7|   }
  214|     15|   return (*this);
  215|     22|}
_ZN5Botan11BER_Decoder15get_next_objectEv:
  229|  22.4k|BER_Object BER_Decoder::get_next_object() {
  230|  22.4k|   BER_Object next;
  231|       |
  232|  22.4k|   if(m_pushed.is_set()) {
  ------------------
  |  Branch (232:7): [True: 277, False: 22.1k]
  ------------------
  233|    277|      std::swap(next, m_pushed);
  234|    277|      return next;
  235|    277|   }
  236|       |
  237|  28.6k|   for(;;) {
  238|  28.6k|      ASN1_Type type_tag;
  239|  28.6k|      ASN1_Class class_tag;
  240|  28.6k|      decode_tag(m_source, type_tag, class_tag);
  241|  28.6k|      next.set_tagging(type_tag, class_tag);
  242|  28.6k|      if(next.is_set() == false) {  // no more objects
  ------------------
  |  Branch (242:10): [True: 241, False: 28.4k]
  ------------------
  243|    241|         return next;
  244|    241|      }
  245|       |
  246|  28.4k|      size_t field_size;
  247|  28.4k|      const size_t length = decode_length(m_source, field_size, ALLOWED_EOC_NESTINGS);
  248|  28.4k|      if(!m_source->check_available(length)) {
  ------------------
  |  Branch (248:10): [True: 162, False: 28.2k]
  ------------------
  249|    162|         throw BER_Decoding_Error("Value truncated");
  250|    162|      }
  251|       |
  252|  28.2k|      uint8_t* out = next.mutable_bits(length);
  253|  28.2k|      if(m_source->read(out, length) != length) {
  ------------------
  |  Branch (253:10): [True: 0, False: 28.2k]
  ------------------
  254|      0|         throw BER_Decoding_Error("Value truncated");
  255|      0|      }
  256|       |
  257|  28.2k|      if(next.tagging() == static_cast<uint32_t>(ASN1_Type::Eoc)) {
  ------------------
  |  Branch (257:10): [True: 6.49k, False: 21.7k]
  ------------------
  258|  6.49k|         continue;
  259|  21.7k|      } else {
  260|  21.7k|         break;
  261|  21.7k|      }
  262|  28.2k|   }
  263|       |
  264|  21.7k|   return next;
  265|  22.1k|}
_ZN5Botan11BER_Decoder9push_backEONS_10BER_ObjectE:
  277|    282|void BER_Decoder::push_back(BER_Object&& obj) {
  278|    282|   if(m_pushed.is_set()) {
  ------------------
  |  Branch (278:7): [True: 0, False: 282]
  ------------------
  279|      0|      throw Invalid_State("BER_Decoder: Only one push back is allowed");
  280|      0|   }
  281|    282|   m_pushed = std::move(obj);
  282|    282|}
_ZN5Botan11BER_Decoder10start_consENS_9ASN1_TypeENS_10ASN1_ClassE:
  284|  14.8k|BER_Decoder BER_Decoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) {
  285|  14.8k|   BER_Object obj = get_next_object();
  286|  14.8k|   obj.assert_is_a(type_tag, class_tag | ASN1_Class::Constructed);
  287|  14.8k|   return BER_Decoder(std::move(obj), this);
  288|  14.8k|}
_ZN5Botan11BER_Decoder8end_consEv:
  293|  10.2k|BER_Decoder& BER_Decoder::end_cons() {
  294|  10.2k|   if(!m_parent) {
  ------------------
  |  Branch (294:7): [True: 0, False: 10.2k]
  ------------------
  295|      0|      throw Invalid_State("BER_Decoder::end_cons called with null parent");
  296|      0|   }
  297|  10.2k|   if(!m_source->end_of_data()) {
  ------------------
  |  Branch (297:7): [True: 77, False: 10.1k]
  ------------------
  298|     77|      throw Decoding_Error("BER_Decoder::end_cons called with data left");
  299|     77|   }
  300|  10.1k|   return (*m_parent);
  301|  10.2k|}
_ZN5Botan11BER_DecoderC2EONS_10BER_ObjectEPS0_:
  303|  14.2k|BER_Decoder::BER_Decoder(BER_Object&& obj, BER_Decoder* parent) {
  304|  14.2k|   m_data_src = std::make_unique<DataSource_BERObject>(std::move(obj));
  305|  14.2k|   m_source = m_data_src.get();
  306|  14.2k|   m_parent = parent;
  307|  14.2k|}
_ZN5Botan11BER_DecoderC2ERNS_10DataSourceE:
  312|  1.14k|BER_Decoder::BER_Decoder(DataSource& src) { m_source = &src; }
_ZN5Botan11BER_DecoderC2EPKhm:
  317|  5.93k|BER_Decoder::BER_Decoder(const uint8_t data[], size_t length) {
  318|  5.93k|   m_data_src = std::make_unique<DataSource_Memory>(data, length);
  319|  5.93k|   m_source = m_data_src.get();
  320|  5.93k|}
_ZN5Botan11BER_DecoderC2ERKNSt3__16vectorIhNS1_9allocatorIhEEEE:
  333|  6.43k|BER_Decoder::BER_Decoder(const std::vector<uint8_t>& data) {
  334|  6.43k|   m_data_src = std::make_unique<DataSource_Memory>(data.data(), data.size());
  335|  6.43k|   m_source = m_data_src.get();
  336|  6.43k|}
_ZN5Botan11BER_Decoder6decodeERNS_11ASN1_ObjectENS_9ASN1_TypeENS_10ASN1_ClassE:
  352|  13.1k|BER_Decoder& BER_Decoder::decode(ASN1_Object& obj, ASN1_Type /*unused*/, ASN1_Class /*unused*/) {
  353|  13.1k|   obj.decode_from(*this);
  354|  13.1k|   return (*this);
  355|  13.1k|}
_ZN5Botan11BER_Decoder6decodeERmNS_9ASN1_TypeENS_10ASN1_ClassE:
  394|    162|BER_Decoder& BER_Decoder::decode(size_t& out, ASN1_Type type_tag, ASN1_Class class_tag) {
  395|    162|   BigInt integer;
  396|    162|   decode(integer, type_tag, class_tag);
  397|       |
  398|    162|   if(integer.is_negative()) {
  ------------------
  |  Branch (398:7): [True: 43, False: 119]
  ------------------
  399|     43|      throw BER_Decoding_Error("Decoded small integer value was negative");
  400|     43|   }
  401|       |
  402|    119|   if(integer.bits() > 32) {
  ------------------
  |  Branch (402:7): [True: 95, False: 24]
  ------------------
  403|     95|      throw BER_Decoding_Error("Decoded integer value larger than expected");
  404|     95|   }
  405|       |
  406|     24|   out = 0;
  407|    112|   for(size_t i = 0; i != 4; ++i) {
  ------------------
  |  Branch (407:22): [True: 88, False: 24]
  ------------------
  408|     88|      out = (out << 8) | integer.byte_at(3 - i);
  409|     88|   }
  410|       |
  411|     24|   return (*this);
  412|    119|}
_ZN5Botan11BER_Decoder6decodeERNS_6BigIntENS_9ASN1_TypeENS_10ASN1_ClassE:
  440|    459|BER_Decoder& BER_Decoder::decode(BigInt& out, ASN1_Type type_tag, ASN1_Class class_tag) {
  441|    459|   BER_Object obj = get_next_object();
  442|    459|   obj.assert_is_a(type_tag, class_tag);
  443|       |
  444|    459|   if(obj.length() == 0) {
  ------------------
  |  Branch (444:7): [True: 63, False: 396]
  ------------------
  445|     63|      out.clear();
  446|    396|   } else {
  447|    396|      const bool negative = (obj.bits()[0] & 0x80) ? true : false;
  ------------------
  |  Branch (447:29): [True: 165, False: 231]
  ------------------
  448|       |
  449|    396|      if(negative) {
  ------------------
  |  Branch (449:10): [True: 165, False: 231]
  ------------------
  450|    165|         secure_vector<uint8_t> vec(obj.bits(), obj.bits() + obj.length());
  451|    327|         for(size_t i = obj.length(); i > 0; --i) {
  ------------------
  |  Branch (451:39): [True: 327, False: 0]
  ------------------
  452|    327|            if(vec[i - 1]--) {
  ------------------
  |  Branch (452:16): [True: 165, False: 162]
  ------------------
  453|    165|               break;
  454|    165|            }
  455|    327|         }
  456|  1.75k|         for(size_t i = 0; i != obj.length(); ++i) {
  ------------------
  |  Branch (456:28): [True: 1.59k, False: 165]
  ------------------
  457|  1.59k|            vec[i] = ~vec[i];
  458|  1.59k|         }
  459|    165|         out = BigInt(vec.data(), vec.size());
  460|    165|         out.flip_sign();
  461|    231|      } else {
  462|    231|         out = BigInt(obj.bits(), obj.length());
  463|    231|      }
  464|    396|   }
  465|       |
  466|    459|   return (*this);
  467|    459|}
_ZN5Botan11BER_Decoder6decodeERNSt3__16vectorIhNS1_9allocatorIhEEEENS_9ASN1_TypeES7_NS_10ASN1_ClassE:
  517|    508|                                 ASN1_Class class_tag) {
  518|    508|   if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) {
  ------------------
  |  Branch (518:7): [True: 508, False: 0]
  |  Branch (518:46): [True: 0, False: 508]
  ------------------
  519|      0|      throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast<uint32_t>(real_type));
  520|      0|   }
  521|       |
  522|    508|   asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag);
  523|    508|   return (*this);
  524|    508|}
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_110decode_tagEPNS_10DataSourceERNS_9ASN1_TypeERNS_10ASN1_ClassE:
   29|  65.1k|size_t decode_tag(DataSource* ber, ASN1_Type& type_tag, ASN1_Class& class_tag) {
   30|  65.1k|   uint8_t b;
   31|  65.1k|   if(!ber->read_byte(b)) {
  ------------------
  |  Branch (31:7): [True: 13.4k, False: 51.6k]
  ------------------
   32|  13.4k|      type_tag = ASN1_Type::NoObject;
   33|  13.4k|      class_tag = ASN1_Class::NoObject;
   34|  13.4k|      return 0;
   35|  13.4k|   }
   36|       |
   37|  51.6k|   if((b & 0x1F) != 0x1F) {
  ------------------
  |  Branch (37:7): [True: 50.6k, False: 998]
  ------------------
   38|  50.6k|      type_tag = ASN1_Type(b & 0x1F);
   39|  50.6k|      class_tag = ASN1_Class(b & 0xE0);
   40|  50.6k|      return 1;
   41|  50.6k|   }
   42|       |
   43|    998|   size_t tag_bytes = 1;
   44|    998|   class_tag = ASN1_Class(b & 0xE0);
   45|       |
   46|    998|   size_t tag_buf = 0;
   47|  2.98k|   while(true) {
  ------------------
  |  Branch (47:10): [Folded - Ignored]
  ------------------
   48|  2.98k|      if(!ber->read_byte(b)) {
  ------------------
  |  Branch (48:10): [True: 9, False: 2.97k]
  ------------------
   49|      9|         throw BER_Decoding_Error("Long-form tag truncated");
   50|      9|      }
   51|  2.97k|      if(tag_buf & 0xFF000000) {
  ------------------
  |  Branch (51:10): [True: 9, False: 2.96k]
  ------------------
   52|      9|         throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
   53|      9|      }
   54|  2.96k|      ++tag_bytes;
   55|  2.96k|      tag_buf = (tag_buf << 7) | (b & 0x7F);
   56|  2.96k|      if((b & 0x80) == 0) {
  ------------------
  |  Branch (56:10): [True: 980, False: 1.98k]
  ------------------
   57|    980|         break;
   58|    980|      }
   59|  2.96k|   }
   60|    980|   type_tag = ASN1_Type(tag_buf);
   61|    980|   return tag_bytes;
   62|    998|}
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_113decode_lengthEPNS_10DataSourceERmm:
   72|  51.5k|size_t decode_length(DataSource* ber, size_t& field_size, size_t allow_indef) {
   73|  51.5k|   uint8_t b;
   74|  51.5k|   if(!ber->read_byte(b)) {
  ------------------
  |  Branch (74:7): [True: 110, False: 51.4k]
  ------------------
   75|    110|      throw BER_Decoding_Error("Length field not found");
   76|    110|   }
   77|  51.4k|   field_size = 1;
   78|  51.4k|   if((b & 0x80) == 0) {
  ------------------
  |  Branch (78:7): [True: 34.0k, False: 17.4k]
  ------------------
   79|  34.0k|      return b;
   80|  34.0k|   }
   81|       |
   82|  17.4k|   field_size += (b & 0x7F);
   83|  17.4k|   if(field_size > 5) {
  ------------------
  |  Branch (83:7): [True: 16, False: 17.4k]
  ------------------
   84|     16|      throw BER_Decoding_Error("Length field is too large");
   85|     16|   }
   86|       |
   87|  17.4k|   if(field_size == 1) {
  ------------------
  |  Branch (87:7): [True: 16.8k, False: 636]
  ------------------
   88|  16.8k|      if(allow_indef == 0) {
  ------------------
  |  Branch (88:10): [True: 2, False: 16.8k]
  ------------------
   89|      2|         throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion");
   90|  16.8k|      } else {
   91|  16.8k|         return find_eoc(ber, allow_indef - 1);
   92|  16.8k|      }
   93|  16.8k|   }
   94|       |
   95|    636|   size_t length = 0;
   96|       |
   97|  1.96k|   for(size_t i = 0; i != field_size - 1; ++i) {
  ------------------
  |  Branch (97:22): [True: 1.35k, False: 613]
  ------------------
   98|  1.35k|      if(get_byte<0>(length) != 0) {
  ------------------
  |  Branch (98:10): [True: 0, False: 1.35k]
  ------------------
   99|      0|         throw BER_Decoding_Error("Field length overflow");
  100|      0|      }
  101|  1.35k|      if(!ber->read_byte(b)) {
  ------------------
  |  Branch (101:10): [True: 23, False: 1.33k]
  ------------------
  102|     23|         throw BER_Decoding_Error("Corrupted length field");
  103|     23|      }
  104|  1.33k|      length = (length << 8) | b;
  105|  1.33k|   }
  106|    613|   return length;
  107|    636|}
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_18find_eocEPNS_10DataSourceEm:
  112|  16.8k|size_t find_eoc(DataSource* ber, size_t allow_indef) {
  113|  16.8k|   secure_vector<uint8_t> buffer(BOTAN_DEFAULT_BUFFER_SIZE), data;
  ------------------
  |  |  372|  16.8k|#define BOTAN_DEFAULT_BUFFER_SIZE 4096
  ------------------
  114|       |
  115|  28.1k|   while(true) {
  ------------------
  |  Branch (115:10): [Folded - Ignored]
  ------------------
  116|  28.1k|      const size_t got = ber->peek(buffer.data(), buffer.size(), data.size());
  117|  28.1k|      if(got == 0) {
  ------------------
  |  Branch (117:10): [True: 16.8k, False: 11.3k]
  ------------------
  118|  16.8k|         break;
  119|  16.8k|      }
  120|       |
  121|  11.3k|      data += std::make_pair(buffer.data(), got);
  122|  11.3k|   }
  123|       |
  124|  16.8k|   DataSource_Memory source(data);
  125|  16.8k|   data.clear();
  126|       |
  127|  16.8k|   size_t length = 0;
  128|  36.6k|   while(true) {
  ------------------
  |  Branch (128:10): [Folded - Ignored]
  ------------------
  129|  36.4k|      ASN1_Type type_tag;
  130|  36.4k|      ASN1_Class class_tag;
  131|  36.4k|      size_t tag_size = decode_tag(&source, type_tag, class_tag);
  132|  36.4k|      if(type_tag == ASN1_Type::NoObject) {
  ------------------
  |  Branch (132:10): [True: 13.2k, False: 23.2k]
  ------------------
  133|  13.2k|         break;
  134|  13.2k|      }
  135|       |
  136|  23.2k|      size_t length_size = 0;
  137|  23.2k|      size_t item_size = decode_length(&source, length_size, allow_indef);
  138|  23.2k|      source.discard_next(item_size);
  139|       |
  140|  23.2k|      length = BOTAN_CHECKED_ADD(length, item_size);
  ------------------
  |  |   72|  23.2k|#define BOTAN_CHECKED_ADD(x, y) checked_add(x, y, __FILE__, __LINE__)
  ------------------
  141|  23.2k|      length = BOTAN_CHECKED_ADD(length, tag_size);
  ------------------
  |  |   72|  23.2k|#define BOTAN_CHECKED_ADD(x, y) checked_add(x, y, __FILE__, __LINE__)
  ------------------
  142|  23.2k|      length = BOTAN_CHECKED_ADD(length, length_size);
  ------------------
  |  |   72|  23.2k|#define BOTAN_CHECKED_ADD(x, y) checked_add(x, y, __FILE__, __LINE__)
  ------------------
  143|       |
  144|  23.2k|      if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal) {
  ------------------
  |  Branch (144:10): [True: 5.36k, False: 17.8k]
  |  Branch (144:40): [True: 3.35k, False: 2.00k]
  ------------------
  145|  3.35k|         break;
  146|  3.35k|      }
  147|  23.2k|   }
  148|  16.8k|   return length;
  149|  16.8k|}
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObjectC2EONS_10BER_ObjectE:
  183|  14.2k|      explicit DataSource_BERObject(BER_Object&& obj) : m_obj(std::move(obj)), m_offset(0) {}
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObject4readEPhm:
  153|   191k|      size_t read(uint8_t out[], size_t length) override {
  154|   191k|         BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length());
  ------------------
  |  |   60|   191k|   do {                                                                     \
  |  |   61|   191k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 191k]
  |  |  ------------------
  |  |   62|   191k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|   191k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  155|   191k|         const size_t got = std::min<size_t>(m_obj.length() - m_offset, length);
  156|   191k|         copy_mem(out, m_obj.bits() + m_offset, got);
  157|   191k|         m_offset += got;
  158|   191k|         return got;
  159|   191k|      }
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObject15check_availableEm:
  174|  16.0k|      bool check_available(size_t n) override {
  175|  16.0k|         BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length());
  ------------------
  |  |   60|  16.0k|   do {                                                                     \
  |  |   61|  16.0k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 16.0k]
  |  |  ------------------
  |  |   62|  16.0k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  16.0k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  176|  16.0k|         return (n <= (m_obj.length() - m_offset));
  177|  16.0k|      }
ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject4peekEPhmm:
  161|  3.55k|      size_t peek(uint8_t out[], size_t length, size_t peek_offset) const override {
  162|  3.55k|         BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length());
  ------------------
  |  |   60|  3.55k|   do {                                                                     \
  |  |   61|  3.55k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 3.55k]
  |  |  ------------------
  |  |   62|  3.55k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  3.55k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  163|  3.55k|         const size_t bytes_left = m_obj.length() - m_offset;
  164|       |
  165|  3.55k|         if(peek_offset >= bytes_left) {
  ------------------
  |  Branch (165:13): [True: 2.43k, False: 1.11k]
  ------------------
  166|  2.43k|            return 0;
  167|  2.43k|         }
  168|       |
  169|  1.11k|         const size_t got = std::min(bytes_left - peek_offset, length);
  170|  1.11k|         copy_mem(out, m_obj.bits() + m_offset + peek_offset, got);
  171|  1.11k|         return got;
  172|  3.55k|      }
ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject11end_of_dataEv:
  179|  15.5k|      bool end_of_data() const override { return get_bytes_read() == m_obj.length(); }
ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject14get_bytes_readEv:
  181|  15.5k|      size_t get_bytes_read() const override { return m_offset; }
ber_dec.cpp:_ZN5Botan12_GLOBAL__N_125asn1_decode_binary_stringINSt3__19allocatorIhEEEEvRNS2_6vectorIhT_EERKNS_10BER_ObjectENS_9ASN1_TypeESC_NS_10ASN1_ClassE:
  476|    505|                               ASN1_Class class_tag) {
  477|    505|   obj.assert_is_a(type_tag, class_tag);
  478|       |
  479|    505|   if(real_type == ASN1_Type::OctetString) {
  ------------------
  |  Branch (479:7): [True: 0, False: 505]
  ------------------
  480|      0|      buffer.assign(obj.bits(), obj.bits() + obj.length());
  481|    505|   } else {
  482|    505|      if(obj.length() == 0) {
  ------------------
  |  Branch (482:10): [True: 1, False: 504]
  ------------------
  483|      1|         throw BER_Decoding_Error("Invalid BIT STRING");
  484|      1|      }
  485|    504|      if(obj.bits()[0] >= 8) {
  ------------------
  |  Branch (485:10): [True: 3, False: 501]
  ------------------
  486|      3|         throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
  487|      3|      }
  488|       |
  489|    501|      buffer.resize(obj.length() - 1);
  490|       |
  491|    501|      if(obj.length() > 1) {
  ------------------
  |  Branch (491:10): [True: 297, False: 204]
  ------------------
  492|    297|         copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1);
  493|    297|      }
  494|    501|   }
  495|    505|}

_ZN5Botan13base64_decodeEPKcmb:
  174|    109|secure_vector<uint8_t> base64_decode(const char input[], size_t input_length, bool ignore_ws) {
  175|    109|   return base_decode_to_vec<secure_vector<uint8_t>>(Base64(), input, input_length, ignore_ws);
  176|    109|}
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6417decode_max_outputEm:
   41|    218|      static inline size_t decode_max_output(size_t input_length) {
   42|    218|         return (round_up(input_length, m_encoding_bytes_out) * m_encoding_bytes_in) / m_encoding_bytes_out;
   43|    218|      }
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6417decoding_bytes_inEv:
   29|    109|      static inline size_t decoding_bytes_in() noexcept { return m_encoding_bytes_out; }
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6418decoding_bytes_outEv:
   31|    109|      static inline size_t decoding_bytes_out() noexcept { return m_encoding_bytes_in; }
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEc:
  103|  23.1k|uint8_t Base64::lookup_binary_value(char input) noexcept {
  104|  23.1k|   const uint8_t c = static_cast<uint8_t>(input);
  105|       |
  106|  23.1k|   const auto is_alpha_upper = CT::Mask<uint8_t>::is_within_range(c, uint8_t('A'), uint8_t('Z'));
  107|  23.1k|   const auto is_alpha_lower = CT::Mask<uint8_t>::is_within_range(c, uint8_t('a'), uint8_t('z'));
  108|  23.1k|   const auto is_decimal = CT::Mask<uint8_t>::is_within_range(c, uint8_t('0'), uint8_t('9'));
  109|       |
  110|  23.1k|   const auto is_plus = CT::Mask<uint8_t>::is_equal(c, uint8_t('+'));
  111|  23.1k|   const auto is_slash = CT::Mask<uint8_t>::is_equal(c, uint8_t('/'));
  112|  23.1k|   const auto is_equal = CT::Mask<uint8_t>::is_equal(c, uint8_t('='));
  113|       |
  114|  23.1k|   const auto is_whitespace =
  115|  23.1k|      CT::Mask<uint8_t>::is_any_of(c, {uint8_t(' '), uint8_t('\t'), uint8_t('\n'), uint8_t('\r')});
  116|       |
  117|  23.1k|   const uint8_t c_upper = c - uint8_t('A');
  118|  23.1k|   const uint8_t c_lower = c - uint8_t('a') + 26;
  119|  23.1k|   const uint8_t c_decim = c - uint8_t('0') + 2 * 26;
  120|       |
  121|  23.1k|   uint8_t ret = 0xFF;  // default value
  122|       |
  123|  23.1k|   ret = is_alpha_upper.select(c_upper, ret);
  124|  23.1k|   ret = is_alpha_lower.select(c_lower, ret);
  125|  23.1k|   ret = is_decimal.select(c_decim, ret);
  126|  23.1k|   ret = is_plus.select(62, ret);
  127|  23.1k|   ret = is_slash.select(63, ret);
  128|  23.1k|   ret = is_equal.select(0x81, ret);
  129|  23.1k|   ret = is_whitespace.select(0x80, ret);
  130|       |
  131|  23.1k|   return ret;
  132|  23.1k|}
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6414check_bad_charEhcb:
  135|  22.7k|bool Base64::check_bad_char(uint8_t bin, char input, bool ignore_ws) {
  136|  22.7k|   if(bin <= 0x3F) {
  ------------------
  |  Branch (136:7): [True: 15.9k, False: 6.82k]
  ------------------
  137|  15.9k|      return true;
  138|  15.9k|   } else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws))) {
  ------------------
  |  Branch (138:16): [True: 1.92k, False: 4.89k]
  |  Branch (138:32): [True: 4.86k, False: 36]
  |  Branch (138:47): [True: 4.86k, False: 0]
  ------------------
  139|     36|      throw Invalid_Argument(fmt("base64_decode: invalid character '{}'", format_char_for_display(input)));
  140|     36|   }
  141|  6.78k|   return false;
  142|  22.7k|}
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base646decodeEPhPKh:
   51|  3.98k|      static void decode(uint8_t* out_ptr, const uint8_t decode_buf[4]) {
   52|  3.98k|         out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4);
   53|  3.98k|         out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2);
   54|  3.98k|         out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3];
   55|  3.98k|      }
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6415bytes_to_removeEm:
   57|     73|      static inline size_t bytes_to_remove(size_t final_truncate) { return final_truncate; }
base64.cpp:_ZN5Botan12_GLOBAL__N_16Base644nameEv:
   23|     10|      static inline std::string name() noexcept { return "base64"; }

_ZN5Botan12HashFunction6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_:
  103|  8.18k|std::unique_ptr<HashFunction> HashFunction::create(std::string_view algo_spec, std::string_view provider) {
  104|       |#if defined(BOTAN_HAS_COMMONCRYPTO)
  105|       |   if(provider.empty() || provider == "commoncrypto") {
  106|       |      if(auto hash = make_commoncrypto_hash(algo_spec))
  107|       |         return hash;
  108|       |
  109|       |      if(!provider.empty())
  110|       |         return nullptr;
  111|       |   }
  112|       |#endif
  113|       |
  114|  8.18k|   if(provider.empty() == false && provider != "base") {
  ------------------
  |  Branch (114:7): [True: 0, False: 8.18k]
  |  Branch (114:36): [True: 0, False: 0]
  ------------------
  115|      0|      return nullptr;  // unknown provider
  116|      0|   }
  117|       |
  118|  8.18k|#if defined(BOTAN_HAS_SHA1)
  119|  8.18k|   if(algo_spec == "SHA-1") {
  ------------------
  |  Branch (119:7): [True: 0, False: 8.18k]
  ------------------
  120|      0|      return std::make_unique<SHA_1>();
  121|      0|   }
  122|  8.18k|#endif
  123|       |
  124|  8.18k|#if defined(BOTAN_HAS_SHA2_32)
  125|  8.18k|   if(algo_spec == "SHA-224") {
  ------------------
  |  Branch (125:7): [True: 0, False: 8.18k]
  ------------------
  126|      0|      return std::make_unique<SHA_224>();
  127|      0|   }
  128|       |
  129|  8.18k|   if(algo_spec == "SHA-256") {
  ------------------
  |  Branch (129:7): [True: 8.18k, False: 0]
  ------------------
  130|  8.18k|      return std::make_unique<SHA_256>();
  131|  8.18k|   }
  132|      0|#endif
  133|       |
  134|      0|#if defined(BOTAN_HAS_SHA2_64)
  135|      0|   if(algo_spec == "SHA-384") {
  ------------------
  |  Branch (135:7): [True: 0, False: 0]
  ------------------
  136|      0|      return std::make_unique<SHA_384>();
  137|      0|   }
  138|       |
  139|      0|   if(algo_spec == "SHA-512") {
  ------------------
  |  Branch (139:7): [True: 0, False: 0]
  ------------------
  140|      0|      return std::make_unique<SHA_512>();
  141|      0|   }
  142|       |
  143|      0|   if(algo_spec == "SHA-512-256") {
  ------------------
  |  Branch (143:7): [True: 0, False: 0]
  ------------------
  144|      0|      return std::make_unique<SHA_512_256>();
  145|      0|   }
  146|      0|#endif
  147|       |
  148|      0|#if defined(BOTAN_HAS_RIPEMD_160)
  149|      0|   if(algo_spec == "RIPEMD-160") {
  ------------------
  |  Branch (149:7): [True: 0, False: 0]
  ------------------
  150|      0|      return std::make_unique<RIPEMD_160>();
  151|      0|   }
  152|      0|#endif
  153|       |
  154|      0|#if defined(BOTAN_HAS_WHIRLPOOL)
  155|      0|   if(algo_spec == "Whirlpool") {
  ------------------
  |  Branch (155:7): [True: 0, False: 0]
  ------------------
  156|      0|      return std::make_unique<Whirlpool>();
  157|      0|   }
  158|      0|#endif
  159|       |
  160|      0|#if defined(BOTAN_HAS_MD5)
  161|      0|   if(algo_spec == "MD5") {
  ------------------
  |  Branch (161:7): [True: 0, False: 0]
  ------------------
  162|      0|      return std::make_unique<MD5>();
  163|      0|   }
  164|      0|#endif
  165|       |
  166|      0|#if defined(BOTAN_HAS_MD4)
  167|      0|   if(algo_spec == "MD4") {
  ------------------
  |  Branch (167:7): [True: 0, False: 0]
  ------------------
  168|      0|      return std::make_unique<MD4>();
  169|      0|   }
  170|      0|#endif
  171|       |
  172|      0|#if defined(BOTAN_HAS_GOST_34_11)
  173|      0|   if(algo_spec == "GOST-R-34.11-94" || algo_spec == "GOST-34.11") {
  ------------------
  |  Branch (173:7): [True: 0, False: 0]
  |  Branch (173:41): [True: 0, False: 0]
  ------------------
  174|      0|      return std::make_unique<GOST_34_11>();
  175|      0|   }
  176|      0|#endif
  177|       |
  178|      0|#if defined(BOTAN_HAS_ADLER32)
  179|      0|   if(algo_spec == "Adler32") {
  ------------------
  |  Branch (179:7): [True: 0, False: 0]
  ------------------
  180|      0|      return std::make_unique<Adler32>();
  181|      0|   }
  182|      0|#endif
  183|       |
  184|      0|#if defined(BOTAN_HAS_CRC24)
  185|      0|   if(algo_spec == "CRC24") {
  ------------------
  |  Branch (185:7): [True: 0, False: 0]
  ------------------
  186|      0|      return std::make_unique<CRC24>();
  187|      0|   }
  188|      0|#endif
  189|       |
  190|      0|#if defined(BOTAN_HAS_CRC32)
  191|      0|   if(algo_spec == "CRC32") {
  ------------------
  |  Branch (191:7): [True: 0, False: 0]
  ------------------
  192|      0|      return std::make_unique<CRC32>();
  193|      0|   }
  194|      0|#endif
  195|       |
  196|      0|#if defined(BOTAN_HAS_STREEBOG)
  197|      0|   if(algo_spec == "Streebog-256") {
  ------------------
  |  Branch (197:7): [True: 0, False: 0]
  ------------------
  198|      0|      return std::make_unique<Streebog>(256);
  199|      0|   }
  200|      0|   if(algo_spec == "Streebog-512") {
  ------------------
  |  Branch (200:7): [True: 0, False: 0]
  ------------------
  201|      0|      return std::make_unique<Streebog>(512);
  202|      0|   }
  203|      0|#endif
  204|       |
  205|      0|#if defined(BOTAN_HAS_SM3)
  206|      0|   if(algo_spec == "SM3") {
  ------------------
  |  Branch (206:7): [True: 0, False: 0]
  ------------------
  207|      0|      return std::make_unique<SM3>();
  208|      0|   }
  209|      0|#endif
  210|       |
  211|      0|   const SCAN_Name req(algo_spec);
  212|       |
  213|      0|#if defined(BOTAN_HAS_SKEIN_512)
  214|      0|   if(req.algo_name() == "Skein-512") {
  ------------------
  |  Branch (214:7): [True: 0, False: 0]
  ------------------
  215|      0|      return std::make_unique<Skein_512>(req.arg_as_integer(0, 512), req.arg(1, ""));
  216|      0|   }
  217|      0|#endif
  218|       |
  219|      0|#if defined(BOTAN_HAS_BLAKE2B)
  220|      0|   if(req.algo_name() == "Blake2b" || req.algo_name() == "BLAKE2b") {
  ------------------
  |  Branch (220:7): [True: 0, False: 0]
  |  Branch (220:7): [True: 0, False: 0]
  |  Branch (220:39): [True: 0, False: 0]
  ------------------
  221|      0|      return std::make_unique<BLAKE2b>(req.arg_as_integer(0, 512));
  222|      0|   }
  223|      0|#endif
  224|       |
  225|      0|#if defined(BOTAN_HAS_KECCAK)
  226|      0|   if(req.algo_name() == "Keccak-1600") {
  ------------------
  |  Branch (226:7): [True: 0, False: 0]
  ------------------
  227|      0|      return std::make_unique<Keccak_1600>(req.arg_as_integer(0, 512));
  228|      0|   }
  229|      0|#endif
  230|       |
  231|      0|#if defined(BOTAN_HAS_SHA3)
  232|      0|   if(req.algo_name() == "SHA-3") {
  ------------------
  |  Branch (232:7): [True: 0, False: 0]
  ------------------
  233|      0|      return std::make_unique<SHA_3>(req.arg_as_integer(0, 512));
  234|      0|   }
  235|      0|#endif
  236|       |
  237|      0|#if defined(BOTAN_HAS_SHAKE)
  238|      0|   if(req.algo_name() == "SHAKE-128" && req.arg_count() == 1) {
  ------------------
  |  Branch (238:7): [True: 0, False: 0]
  |  Branch (238:7): [True: 0, False: 0]
  |  Branch (238:41): [True: 0, False: 0]
  ------------------
  239|      0|      return std::make_unique<SHAKE_128>(req.arg_as_integer(0));
  240|      0|   }
  241|      0|   if(req.algo_name() == "SHAKE-256" && req.arg_count() == 1) {
  ------------------
  |  Branch (241:7): [True: 0, False: 0]
  |  Branch (241:7): [True: 0, False: 0]
  |  Branch (241:41): [True: 0, False: 0]
  ------------------
  242|      0|      return std::make_unique<SHAKE_256>(req.arg_as_integer(0));
  243|      0|   }
  244|      0|#endif
  245|       |
  246|      0|#if defined(BOTAN_HAS_PARALLEL_HASH)
  247|      0|   if(req.algo_name() == "Parallel") {
  ------------------
  |  Branch (247:7): [True: 0, False: 0]
  ------------------
  248|      0|      std::vector<std::unique_ptr<HashFunction>> hashes;
  249|       |
  250|      0|      for(size_t i = 0; i != req.arg_count(); ++i) {
  ------------------
  |  Branch (250:25): [True: 0, False: 0]
  ------------------
  251|      0|         auto h = HashFunction::create(req.arg(i));
  252|      0|         if(!h) {
  ------------------
  |  Branch (252:13): [True: 0, False: 0]
  ------------------
  253|      0|            return nullptr;
  254|      0|         }
  255|      0|         hashes.push_back(std::move(h));
  256|      0|      }
  257|       |
  258|      0|      return std::make_unique<Parallel>(hashes);
  259|      0|   }
  260|      0|#endif
  261|       |
  262|      0|#if defined(BOTAN_HAS_TRUNCATED_HASH)
  263|      0|   if(req.algo_name() == "Truncated" && req.arg_count() == 2) {
  ------------------
  |  Branch (263:7): [True: 0, False: 0]
  |  Branch (263:7): [True: 0, False: 0]
  |  Branch (263:41): [True: 0, False: 0]
  ------------------
  264|      0|      auto hash = HashFunction::create(req.arg(0));
  265|      0|      if(!hash) {
  ------------------
  |  Branch (265:10): [True: 0, False: 0]
  ------------------
  266|      0|         return nullptr;
  267|      0|      }
  268|       |
  269|      0|      return std::make_unique<Truncated_Hash>(std::move(hash), req.arg_as_integer(1));
  270|      0|   }
  271|      0|#endif
  272|       |
  273|      0|#if defined(BOTAN_HAS_COMB4P)
  274|      0|   if(req.algo_name() == "Comb4P" && req.arg_count() == 2) {
  ------------------
  |  Branch (274:7): [True: 0, False: 0]
  |  Branch (274:7): [True: 0, False: 0]
  |  Branch (274:38): [True: 0, False: 0]
  ------------------
  275|      0|      auto h1 = HashFunction::create(req.arg(0));
  276|      0|      auto h2 = HashFunction::create(req.arg(1));
  277|       |
  278|      0|      if(h1 && h2) {
  ------------------
  |  Branch (278:10): [True: 0, False: 0]
  |  Branch (278:16): [True: 0, False: 0]
  ------------------
  279|      0|         return std::make_unique<Comb4P>(std::move(h1), std::move(h2));
  280|      0|      }
  281|      0|   }
  282|      0|#endif
  283|       |
  284|      0|   return nullptr;
  285|      0|}
_ZN5Botan12HashFunction15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_:
  288|  8.18k|std::unique_ptr<HashFunction> HashFunction::create_or_throw(std::string_view algo, std::string_view provider) {
  289|  8.18k|   if(auto hash = HashFunction::create(algo, provider)) {
  ------------------
  |  Branch (289:12): [True: 8.18k, False: 0]
  ------------------
  290|  8.18k|      return hash;
  291|  8.18k|   }
  292|      0|   throw Lookup_Error("Hash", algo, provider);
  293|  8.18k|}

_ZN5Botan16MDx_HashFunctionC2Embbh:
   26|  8.18k|      m_position(0) {
   27|  8.18k|   if(!is_power_of_2(block_len)) {
  ------------------
  |  Branch (27:7): [True: 0, False: 8.18k]
  ------------------
   28|      0|      throw Invalid_Argument("MDx_HashFunction block length must be a power of 2");
   29|      0|   }
   30|  8.18k|   if(m_block_bits < 3 || m_block_bits > 16) {
  ------------------
  |  Branch (30:7): [True: 0, False: 8.18k]
  |  Branch (30:27): [True: 0, False: 8.18k]
  ------------------
   31|      0|      throw Invalid_Argument("MDx_HashFunction block size too large or too small");
   32|      0|   }
   33|  8.18k|   if(m_counter_size < 8 || m_counter_size > block_len) {
  ------------------
  |  Branch (33:7): [True: 0, False: 8.18k]
  |  Branch (33:29): [True: 0, False: 8.18k]
  ------------------
   34|      0|      throw Invalid_State("MDx_HashFunction invalid counter length");
   35|      0|   }
   36|  8.18k|}
_ZN5Botan16MDx_HashFunction5clearEv:
   41|  41.0k|void MDx_HashFunction::clear() {
   42|  41.0k|   zeroise(m_buffer);
   43|  41.0k|   m_count = m_position = 0;
   44|  41.0k|}
_ZN5Botan16MDx_HashFunction8add_dataEPKhm:
   49|  35.5k|void MDx_HashFunction::add_data(const uint8_t input[], size_t length) {
   50|  35.5k|   const size_t block_len = static_cast<size_t>(1) << m_block_bits;
   51|       |
   52|  35.5k|   m_count += length;
   53|       |
   54|  35.5k|   if(m_position) {
  ------------------
  |  Branch (54:7): [True: 29.8k, False: 5.75k]
  ------------------
   55|  29.8k|      buffer_insert(m_buffer, m_position, input, length);
   56|       |
   57|  29.8k|      if(m_position + length >= block_len) {
  ------------------
  |  Branch (57:10): [True: 13.0k, False: 16.7k]
  ------------------
   58|  13.0k|         compress_n(m_buffer.data(), 1);
   59|  13.0k|         input += (block_len - m_position);
   60|  13.0k|         length -= (block_len - m_position);
   61|  13.0k|         m_position = 0;
   62|  13.0k|      }
   63|  29.8k|   }
   64|       |
   65|       |   // Just in case the compiler can't figure out block_len is a power of 2
   66|  35.5k|   const size_t full_blocks = length >> m_block_bits;
   67|  35.5k|   const size_t remaining = length & (block_len - 1);
   68|       |
   69|  35.5k|   if(full_blocks > 0) {
  ------------------
  |  Branch (69:7): [True: 2.28k, False: 33.3k]
  ------------------
   70|  2.28k|      compress_n(input, full_blocks);
   71|  2.28k|   }
   72|       |
   73|  35.5k|   buffer_insert(m_buffer, m_position, input + full_blocks * block_len, remaining);
   74|  35.5k|   m_position += remaining;
   75|  35.5k|}
_ZN5Botan16MDx_HashFunction12final_resultEPh:
   80|  32.8k|void MDx_HashFunction::final_result(uint8_t output[]) {
   81|  32.8k|   const size_t block_len = static_cast<size_t>(1) << m_block_bits;
   82|       |
   83|  32.8k|   clear_mem(&m_buffer[m_position], block_len - m_position);
   84|  32.8k|   m_buffer[m_position] = m_pad_char;
   85|       |
   86|  32.8k|   if(m_position >= block_len - m_counter_size) {
  ------------------
  |  Branch (86:7): [True: 3.72k, False: 29.0k]
  ------------------
   87|  3.72k|      compress_n(m_buffer.data(), 1);
   88|  3.72k|      zeroise(m_buffer);
   89|  3.72k|   }
   90|       |
   91|  32.8k|   BOTAN_ASSERT_NOMSG(m_counter_size <= output_length());
  ------------------
  |  |   60|  32.8k|   do {                                                                     \
  |  |   61|  32.8k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 32.8k]
  |  |  ------------------
  |  |   62|  32.8k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  32.8k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
   92|  32.8k|   BOTAN_ASSERT_NOMSG(m_counter_size >= 8);
  ------------------
  |  |   60|  32.8k|   do {                                                                     \
  |  |   61|  32.8k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 32.8k]
  |  |  ------------------
  |  |   62|  32.8k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  32.8k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
   93|       |
   94|  32.8k|   const uint64_t bit_count = m_count * 8;
   95|       |
   96|  32.8k|   if(m_count_big_endian) {
  ------------------
  |  Branch (96:7): [True: 32.8k, False: 0]
  ------------------
   97|  32.8k|      store_be(bit_count, &m_buffer[block_len - 8]);
   98|  32.8k|   } else {
   99|      0|      store_le(bit_count, &m_buffer[block_len - 8]);
  100|      0|   }
  101|       |
  102|  32.8k|   compress_n(m_buffer.data(), 1);
  103|  32.8k|   copy_out(output);
  104|  32.8k|   clear();
  105|  32.8k|}

_ZNK5Botan7SHA_25610copy_stateEv:
   47|  30.0k|std::unique_ptr<HashFunction> SHA_256::copy_state() const { return std::make_unique<SHA_256>(*this); }
_ZN5Botan7SHA_25615compress_digestERNSt3__16vectorIjNS_16secure_allocatorIjEEEEPKhm:
   52|  51.9k|void SHA_256::compress_digest(secure_vector<uint32_t>& digest, const uint8_t input[], size_t blocks) {
   53|  51.9k|#if defined(BOTAN_HAS_SHA2_32_X86)
   54|  51.9k|   if(CPUID::has_intel_sha()) {
  ------------------
  |  Branch (54:7): [True: 0, False: 51.9k]
  ------------------
   55|      0|      return SHA_256::compress_digest_x86(digest, input, blocks);
   56|      0|   }
   57|  51.9k|#endif
   58|       |
   59|  51.9k|#if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
   60|  51.9k|   if(CPUID::has_bmi2()) {
  ------------------
  |  Branch (60:7): [True: 51.9k, False: 0]
  ------------------
   61|  51.9k|      return SHA_256::compress_digest_x86_bmi2(digest, input, blocks);
   62|  51.9k|   }
   63|      0|#endif
   64|       |
   65|       |#if defined(BOTAN_HAS_SHA2_32_ARMV8)
   66|       |   if(CPUID::has_arm_sha2()) {
   67|       |      return SHA_256::compress_digest_armv8(digest, input, blocks);
   68|       |   }
   69|       |#endif
   70|       |
   71|      0|   uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], G = digest[6],
   72|      0|            H = digest[7];
   73|       |
   74|      0|   for(size_t i = 0; i != blocks; ++i) {
  ------------------
  |  Branch (74:22): [True: 0, False: 0]
  ------------------
   75|      0|      uint32_t W00 = load_be<uint32_t>(input, 0);
   76|      0|      uint32_t W01 = load_be<uint32_t>(input, 1);
   77|      0|      uint32_t W02 = load_be<uint32_t>(input, 2);
   78|      0|      uint32_t W03 = load_be<uint32_t>(input, 3);
   79|      0|      uint32_t W04 = load_be<uint32_t>(input, 4);
   80|      0|      uint32_t W05 = load_be<uint32_t>(input, 5);
   81|      0|      uint32_t W06 = load_be<uint32_t>(input, 6);
   82|      0|      uint32_t W07 = load_be<uint32_t>(input, 7);
   83|      0|      uint32_t W08 = load_be<uint32_t>(input, 8);
   84|      0|      uint32_t W09 = load_be<uint32_t>(input, 9);
   85|      0|      uint32_t W10 = load_be<uint32_t>(input, 10);
   86|      0|      uint32_t W11 = load_be<uint32_t>(input, 11);
   87|      0|      uint32_t W12 = load_be<uint32_t>(input, 12);
   88|      0|      uint32_t W13 = load_be<uint32_t>(input, 13);
   89|      0|      uint32_t W14 = load_be<uint32_t>(input, 14);
   90|      0|      uint32_t W15 = load_be<uint32_t>(input, 15);
   91|       |
   92|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x428A2F98);
   93|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x71374491);
   94|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0xB5C0FBCF);
   95|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0xE9B5DBA5);
   96|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x3956C25B);
   97|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x59F111F1);
   98|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x923F82A4);
   99|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0xAB1C5ED5);
  100|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xD807AA98);
  101|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x12835B01);
  102|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x243185BE);
  103|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x550C7DC3);
  104|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x72BE5D74);
  105|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0x80DEB1FE);
  106|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x9BDC06A7);
  107|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC19BF174);
  108|       |
  109|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0xE49B69C1);
  110|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0xEFBE4786);
  111|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x0FC19DC6);
  112|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x240CA1CC);
  113|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x2DE92C6F);
  114|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4A7484AA);
  115|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5CB0A9DC);
  116|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x76F988DA);
  117|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x983E5152);
  118|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA831C66D);
  119|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xB00327C8);
  120|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xBF597FC7);
  121|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xC6E00BF3);
  122|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD5A79147);
  123|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x06CA6351);
  124|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x14292967);
  125|       |
  126|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x27B70A85);
  127|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x2E1B2138);
  128|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x4D2C6DFC);
  129|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x53380D13);
  130|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x650A7354);
  131|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x766A0ABB);
  132|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x81C2C92E);
  133|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x92722C85);
  134|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xA2BFE8A1);
  135|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA81A664B);
  136|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xC24B8B70);
  137|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xC76C51A3);
  138|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xD192E819);
  139|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD6990624);
  140|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xF40E3585);
  141|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x106AA070);
  142|       |
  143|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x19A4C116);
  144|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x1E376C08);
  145|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x2748774C);
  146|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x34B0BCB5);
  147|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x391C0CB3);
  148|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4ED8AA4A);
  149|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5B9CCA4F);
  150|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x682E6FF3);
  151|      0|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x748F82EE);
  152|      0|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x78A5636F);
  153|      0|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x84C87814);
  154|      0|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x8CC70208);
  155|      0|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x90BEFFFA);
  156|      0|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xA4506CEB);
  157|      0|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xBEF9A3F7);
  158|      0|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC67178F2);
  159|       |
  160|      0|      A = (digest[0] += A);
  161|      0|      B = (digest[1] += B);
  162|      0|      C = (digest[2] += C);
  163|      0|      D = (digest[3] += D);
  164|      0|      E = (digest[4] += E);
  165|      0|      F = (digest[5] += F);
  166|      0|      G = (digest[6] += G);
  167|      0|      H = (digest[7] += H);
  168|       |
  169|      0|      input += 64;
  170|      0|   }
  171|      0|}
_ZN5Botan7SHA_25610compress_nEPKhm:
  205|  51.9k|void SHA_256::compress_n(const uint8_t input[], size_t blocks) { SHA_256::compress_digest(m_digest, input, blocks); }
_ZN5Botan7SHA_2568copy_outEPh:
  210|  32.8k|void SHA_256::copy_out(uint8_t output[]) { copy_out_vec_be(output, output_length(), m_digest); }
_ZN5Botan7SHA_2565clearEv:
  215|  41.0k|void SHA_256::clear() {
  216|  41.0k|   MDx_HashFunction::clear();
  217|  41.0k|   m_digest[0] = 0x6A09E667;
  218|  41.0k|   m_digest[1] = 0xBB67AE85;
  219|  41.0k|   m_digest[2] = 0x3C6EF372;
  220|  41.0k|   m_digest[3] = 0xA54FF53A;
  221|  41.0k|   m_digest[4] = 0x510E527F;
  222|  41.0k|   m_digest[5] = 0x9B05688C;
  223|  41.0k|   m_digest[6] = 0x1F83D9AB;
  224|  41.0k|   m_digest[7] = 0x5BE0CD19;
  225|  41.0k|}

_ZN5Botan7SHA_25624compress_digest_x86_bmi2ERNSt3__16vectorIjNS_16secure_allocatorIjEEEEPKhm:
   23|  51.9k|void SHA_256::compress_digest_x86_bmi2(secure_vector<uint32_t>& digest, const uint8_t input[], size_t blocks) {
   24|  51.9k|   uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], G = digest[6],
   25|  51.9k|            H = digest[7];
   26|       |
   27|   106k|   for(size_t i = 0; i != blocks; ++i) {
  ------------------
  |  Branch (27:22): [True: 54.2k, False: 51.9k]
  ------------------
   28|  54.2k|      uint32_t W00 = load_be<uint32_t>(input, 0);
   29|  54.2k|      uint32_t W01 = load_be<uint32_t>(input, 1);
   30|  54.2k|      uint32_t W02 = load_be<uint32_t>(input, 2);
   31|  54.2k|      uint32_t W03 = load_be<uint32_t>(input, 3);
   32|  54.2k|      uint32_t W04 = load_be<uint32_t>(input, 4);
   33|  54.2k|      uint32_t W05 = load_be<uint32_t>(input, 5);
   34|  54.2k|      uint32_t W06 = load_be<uint32_t>(input, 6);
   35|  54.2k|      uint32_t W07 = load_be<uint32_t>(input, 7);
   36|  54.2k|      uint32_t W08 = load_be<uint32_t>(input, 8);
   37|  54.2k|      uint32_t W09 = load_be<uint32_t>(input, 9);
   38|  54.2k|      uint32_t W10 = load_be<uint32_t>(input, 10);
   39|  54.2k|      uint32_t W11 = load_be<uint32_t>(input, 11);
   40|  54.2k|      uint32_t W12 = load_be<uint32_t>(input, 12);
   41|  54.2k|      uint32_t W13 = load_be<uint32_t>(input, 13);
   42|  54.2k|      uint32_t W14 = load_be<uint32_t>(input, 14);
   43|  54.2k|      uint32_t W15 = load_be<uint32_t>(input, 15);
   44|       |
   45|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x428A2F98);
   46|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x71374491);
   47|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0xB5C0FBCF);
   48|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0xE9B5DBA5);
   49|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x3956C25B);
   50|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x59F111F1);
   51|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x923F82A4);
   52|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0xAB1C5ED5);
   53|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xD807AA98);
   54|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x12835B01);
   55|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x243185BE);
   56|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x550C7DC3);
   57|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x72BE5D74);
   58|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0x80DEB1FE);
   59|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x9BDC06A7);
   60|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC19BF174);
   61|       |
   62|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0xE49B69C1);
   63|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0xEFBE4786);
   64|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x0FC19DC6);
   65|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x240CA1CC);
   66|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x2DE92C6F);
   67|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4A7484AA);
   68|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5CB0A9DC);
   69|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x76F988DA);
   70|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x983E5152);
   71|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA831C66D);
   72|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xB00327C8);
   73|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xBF597FC7);
   74|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xC6E00BF3);
   75|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD5A79147);
   76|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x06CA6351);
   77|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x14292967);
   78|       |
   79|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x27B70A85);
   80|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x2E1B2138);
   81|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x4D2C6DFC);
   82|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x53380D13);
   83|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x650A7354);
   84|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x766A0ABB);
   85|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x81C2C92E);
   86|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x92722C85);
   87|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xA2BFE8A1);
   88|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA81A664B);
   89|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xC24B8B70);
   90|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xC76C51A3);
   91|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xD192E819);
   92|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD6990624);
   93|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xF40E3585);
   94|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x106AA070);
   95|       |
   96|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x19A4C116);
   97|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x1E376C08);
   98|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x2748774C);
   99|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x34B0BCB5);
  100|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x391C0CB3);
  101|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4ED8AA4A);
  102|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5B9CCA4F);
  103|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x682E6FF3);
  104|  54.2k|      SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x748F82EE);
  105|  54.2k|      SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x78A5636F);
  106|  54.2k|      SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x84C87814);
  107|  54.2k|      SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x8CC70208);
  108|  54.2k|      SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x90BEFFFA);
  109|  54.2k|      SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xA4506CEB);
  110|  54.2k|      SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xBEF9A3F7);
  111|  54.2k|      SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC67178F2);
  112|       |
  113|  54.2k|      A = (digest[0] += A);
  114|  54.2k|      B = (digest[1] += B);
  115|  54.2k|      C = (digest[2] += C);
  116|  54.2k|      D = (digest[3] += D);
  117|  54.2k|      E = (digest[4] += E);
  118|  54.2k|      F = (digest[5] += F);
  119|  54.2k|      G = (digest[6] += G);
  120|  54.2k|      H = (digest[7] += H);
  121|       |
  122|  54.2k|      input += 64;
  123|  54.2k|   }
  124|  51.9k|}

_ZN5Botan6BigIntC2EPKhm:
   91|    308|BigInt::BigInt(const uint8_t input[], size_t length) { binary_decode(input, length); }
_ZNK5Botan6BigInt7byte_atEm:
  119|     88|uint8_t BigInt::byte_at(size_t n) const {
  120|     88|   return get_byte_var(sizeof(word) - (n % sizeof(word)) - 1, word_at(n / sizeof(word)));
  121|     88|}
_ZNK5Botan6BigInt4Data14calc_sig_wordsEv:
  192|    279|size_t BigInt::Data::calc_sig_words() const {
  193|    279|   const size_t sz = m_reg.size();
  194|    279|   size_t sig = sz;
  195|       |
  196|    279|   word sub = 1;
  197|       |
  198|  2.54k|   for(size_t i = 0; i != sz; ++i) {
  ------------------
  |  Branch (198:22): [True: 2.26k, False: 279]
  ------------------
  199|  2.26k|      const word w = m_reg[sz - i - 1];
  200|  2.26k|      sub &= ct_is_zero(w);
  201|  2.26k|      sig -= sub;
  202|  2.26k|   }
  203|       |
  204|       |   /*
  205|       |   * This depends on the data so is poisoned, but unpoison it here as
  206|       |   * later conditionals are made on the size.
  207|       |   */
  208|    279|   CT::unpoison(sig);
  209|       |
  210|    279|   return sig;
  211|    279|}
_ZNK5Botan6BigInt13top_bits_freeEv:
  273|    113|size_t BigInt::top_bits_free() const {
  274|    113|   const size_t words = sig_words();
  275|       |
  276|    113|   const word top_word = word_at(words - 1);
  277|    113|   const size_t bits_used = high_bit(top_word);
  278|    113|   CT::unpoison(bits_used);
  279|    113|   return BOTAN_MP_WORD_BITS - bits_used;
  ------------------
  |  |   50|    113|#define BOTAN_MP_WORD_BITS 64
  ------------------
  280|    113|}
_ZNK5Botan6BigInt4bitsEv:
  282|    117|size_t BigInt::bits() const {
  283|    117|   const size_t words = sig_words();
  284|       |
  285|    117|   if(words == 0) {
  ------------------
  |  Branch (285:7): [True: 4, False: 113]
  ------------------
  286|      4|      return 0;
  287|      4|   }
  288|       |
  289|    113|   const size_t full_words = (words - 1) * BOTAN_MP_WORD_BITS;
  ------------------
  |  |   50|    113|#define BOTAN_MP_WORD_BITS 64
  ------------------
  290|    113|   const size_t top_bits = BOTAN_MP_WORD_BITS - top_bits_free();
  ------------------
  |  |   50|    113|#define BOTAN_MP_WORD_BITS 64
  ------------------
  291|       |
  292|    113|   return full_words + top_bits;
  293|    117|}
_ZN5Botan6BigInt13binary_decodeEPKhm:
  393|    308|void BigInt::binary_decode(const uint8_t buf[], size_t length) {
  394|    308|   clear();
  395|       |
  396|    308|   const size_t full_words = length / sizeof(word);
  397|    308|   const size_t extra_bytes = length % sizeof(word);
  398|       |
  399|    308|   secure_vector<word> reg((round_up(full_words + (extra_bytes > 0 ? 1 : 0), 8)));
  ------------------
  |  Branch (399:52): [True: 289, False: 19]
  ------------------
  400|       |
  401|    554|   for(size_t i = 0; i != full_words; ++i) {
  ------------------
  |  Branch (401:22): [True: 246, False: 308]
  ------------------
  402|    246|      reg[i] = load_be<word>(buf + length - sizeof(word) * (i + 1), 0);
  403|    246|   }
  404|       |
  405|    308|   if(extra_bytes > 0) {
  ------------------
  |  Branch (405:7): [True: 289, False: 19]
  ------------------
  406|  1.54k|      for(size_t i = 0; i != extra_bytes; ++i) {
  ------------------
  |  Branch (406:25): [True: 1.25k, False: 289]
  ------------------
  407|  1.25k|         reg[full_words] = (reg[full_words] << 8) | buf[i];
  408|  1.25k|      }
  409|    289|   }
  410|       |
  411|    308|   m_data.swap(reg);
  412|    308|}

_ZN5Botan8PEM_Code6decodeERNS_10DataSourceERNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEE:
   62|    243|secure_vector<uint8_t> decode(DataSource& source, std::string& label) {
   63|    243|   const size_t RANDOM_CHAR_LIMIT = 8;
   64|       |
   65|    243|   label.clear();
   66|       |
   67|    243|   const std::string PEM_HEADER1 = "-----BEGIN ";
   68|    243|   const std::string PEM_HEADER2 = "-----";
   69|    243|   size_t position = 0;
   70|       |
   71|  22.0k|   while(position != PEM_HEADER1.length()) {
  ------------------
  |  Branch (71:10): [True: 21.8k, False: 201]
  ------------------
   72|  21.8k|      uint8_t b;
   73|  21.8k|      if(!source.read_byte(b)) {
  ------------------
  |  Branch (73:10): [True: 41, False: 21.8k]
  ------------------
   74|     41|         throw Decoding_Error("PEM: No PEM header found");
   75|     41|      }
   76|  21.8k|      if(static_cast<char>(b) == PEM_HEADER1[position]) {
  ------------------
  |  Branch (76:10): [True: 2.67k, False: 19.1k]
  ------------------
   77|  2.67k|         ++position;
   78|  19.1k|      } else if(position >= RANDOM_CHAR_LIMIT) {
  ------------------
  |  Branch (78:17): [True: 1, False: 19.1k]
  ------------------
   79|      1|         throw Decoding_Error("PEM: Malformed PEM header");
   80|  19.1k|      } else {
   81|  19.1k|         position = 0;
   82|  19.1k|      }
   83|  21.8k|   }
   84|    201|   position = 0;
   85|  28.6k|   while(position != PEM_HEADER2.length()) {
  ------------------
  |  Branch (85:10): [True: 28.4k, False: 180]
  ------------------
   86|  28.4k|      uint8_t b;
   87|  28.4k|      if(!source.read_byte(b)) {
  ------------------
  |  Branch (87:10): [True: 16, False: 28.4k]
  ------------------
   88|     16|         throw Decoding_Error("PEM: No PEM header found");
   89|     16|      }
   90|  28.4k|      if(static_cast<char>(b) == PEM_HEADER2[position]) {
  ------------------
  |  Branch (90:10): [True: 910, False: 27.5k]
  ------------------
   91|    910|         ++position;
   92|  27.5k|      } else if(position) {
  ------------------
  |  Branch (92:17): [True: 5, False: 27.5k]
  ------------------
   93|      5|         throw Decoding_Error("PEM: Malformed PEM header");
   94|      5|      }
   95|       |
   96|  28.4k|      if(position == 0) {
  ------------------
  |  Branch (96:10): [True: 27.5k, False: 910]
  ------------------
   97|  27.5k|         label += static_cast<char>(b);
   98|  27.5k|      }
   99|  28.4k|   }
  100|       |
  101|    180|   std::vector<char> b64;
  102|       |
  103|    180|   const std::string PEM_TRAILER = fmt("-----END {}-----", label);
  104|    180|   position = 0;
  105|  50.1k|   while(position != PEM_TRAILER.length()) {
  ------------------
  |  Branch (105:10): [True: 49.9k, False: 109]
  ------------------
  106|  49.9k|      uint8_t b;
  107|  49.9k|      if(!source.read_byte(b)) {
  ------------------
  |  Branch (107:10): [True: 48, False: 49.9k]
  ------------------
  108|     48|         throw Decoding_Error("PEM: No PEM trailer found");
  109|     48|      }
  110|  49.9k|      if(static_cast<char>(b) == PEM_TRAILER[position]) {
  ------------------
  |  Branch (110:10): [True: 4.24k, False: 45.7k]
  ------------------
  111|  4.24k|         ++position;
  112|  45.7k|      } else if(position) {
  ------------------
  |  Branch (112:17): [True: 23, False: 45.6k]
  ------------------
  113|     23|         throw Decoding_Error("PEM: Malformed PEM trailer");
  114|     23|      }
  115|       |
  116|  49.9k|      if(position == 0) {
  ------------------
  |  Branch (116:10): [True: 45.6k, False: 4.24k]
  ------------------
  117|  45.6k|         b64.push_back(b);
  118|  45.6k|      }
  119|  49.9k|   }
  120|       |
  121|    109|   return base64_decode(b64.data(), b64.size());
  122|    180|}
_ZN5Botan8PEM_Code7matchesERNS_10DataSourceENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEEm:
  137|  1.18k|bool matches(DataSource& source, std::string_view extra, size_t search_range) {
  138|  1.18k|   const std::string PEM_HEADER = fmt("-----BEGIN {}", extra);
  139|       |
  140|  1.18k|   secure_vector<uint8_t> search_buf(search_range);
  141|  1.18k|   const size_t got = source.peek(search_buf.data(), search_buf.size(), 0);
  142|       |
  143|  1.18k|   if(got < PEM_HEADER.length()) {
  ------------------
  |  Branch (143:7): [True: 395, False: 793]
  ------------------
  144|    395|      return false;
  145|    395|   }
  146|       |
  147|    793|   size_t index = 0;
  148|       |
  149|   243k|   for(size_t j = 0; j != got; ++j) {
  ------------------
  |  Branch (149:22): [True: 242k, False: 746]
  ------------------
  150|   242k|      if(static_cast<char>(search_buf[j]) == PEM_HEADER[index]) {
  ------------------
  |  Branch (150:10): [True: 1.85k, False: 240k]
  ------------------
  151|  1.85k|         ++index;
  152|   240k|      } else {
  153|   240k|         index = 0;
  154|   240k|      }
  155|       |
  156|   242k|      if(index == PEM_HEADER.size()) {
  ------------------
  |  Branch (156:10): [True: 47, False: 242k]
  ------------------
  157|     47|         return true;
  158|     47|      }
  159|   242k|   }
  160|       |
  161|    746|   return false;
  162|    793|}

_ZN5Botan3TLS18Certificate_VerifyC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
   45|  1.85k|Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf) {
   46|  1.85k|   TLS_Data_Reader reader("CertificateVerify", buf);
   47|       |
   48|  1.85k|   m_scheme = Signature_Scheme(reader.get_uint16_t());
   49|  1.85k|   m_signature = reader.get_range<uint8_t>(2, 0, 65535);
   50|  1.85k|   reader.assert_done();
   51|       |
   52|  1.85k|   if(!m_scheme.is_set()) {
  ------------------
  |  Branch (52:7): [True: 1, False: 1.85k]
  ------------------
   53|      1|      throw Decoding_Error("Counterparty did not send hash/sig IDS");
   54|      1|   }
   55|  1.85k|}
_ZN5Botan3TLS21Certificate_Verify_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_15Connection_SideE:
  167|  1.85k|      Certificate_Verify(buf), m_side(side) {
  168|  1.85k|   if(!m_scheme.is_available()) {
  ------------------
  |  Branch (168:7): [True: 24, False: 1.82k]
  ------------------
  169|     24|      throw TLS_Exception(Alert::HandshakeFailure, "Peer sent unknown signature scheme");
  170|     24|   }
  171|       |
  172|  1.82k|   if(!m_scheme.is_compatible_with(Protocol_Version::TLS_V13)) {
  ------------------
  |  Branch (172:7): [True: 3, False: 1.82k]
  ------------------
  173|      3|      throw TLS_Exception(Alert::IllegalParameter, "Peer sent signature algorithm that is not suitable for TLS 1.3");
  174|      3|   }
  175|  1.82k|}

_ZN5Botan3TLS12Client_HelloC2EOS1_:
  168|  29.8k|Client_Hello::Client_Hello(Client_Hello&&) noexcept = default;
_ZN5Botan3TLS12Client_HelloD2Ev:
  171|  37.4k|Client_Hello::~Client_Hello() = default;
_ZN5Botan3TLS12Client_HelloC2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE:
  178|  7.63k|Client_Hello::Client_Hello(std::unique_ptr<Client_Hello_Internal> data) : m_data(std::move(data)) {
  179|  7.63k|   BOTAN_ASSERT_NONNULL(m_data);
  ------------------
  |  |   87|  7.63k|   do {                                                                                   \
  |  |   88|  7.63k|      if((ptr) == nullptr)                                                                \
  |  |  ------------------
  |  |  |  Branch (88:10): [True: 0, False: 7.63k]
  |  |  ------------------
  |  |   89|  7.63k|         Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \
  |  |   90|  7.63k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (90:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  180|  7.63k|}
_ZNK5Botan3TLS12Client_Hello13offered_suiteEt:
  244|  6.93k|bool Client_Hello::offered_suite(uint16_t ciphersuite) const {
  245|  6.93k|   return std::find(m_data->ciphersuites().cbegin(), m_data->ciphersuites().cend(), ciphersuite) !=
  246|  6.93k|          m_data->ciphersuites().cend();
  247|  6.93k|}
_ZN5Botan3TLS15Client_Hello_12C2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE:
  384|  6.93k|Client_Hello_12::Client_Hello_12(std::unique_ptr<Client_Hello_Internal> data) : Client_Hello(std::move(data)) {
  385|  6.93k|   if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) {
  ------------------
  |  Branch (385:7): [True: 1.98k, False: 4.95k]
  ------------------
  386|  1.98k|      if(Renegotiation_Extension* reneg = m_data->extensions().get<Renegotiation_Extension>()) {
  ------------------
  |  Branch (386:35): [True: 76, False: 1.90k]
  ------------------
  387|     76|         if(!reneg->renegotiation_info().empty()) {
  ------------------
  |  Branch (387:13): [True: 1, False: 75]
  ------------------
  388|      1|            throw TLS_Exception(Alert::HandshakeFailure, "Client sent renegotiation SCSV and non-empty extension");
  389|      1|         }
  390|  1.90k|      } else {
  391|       |         // add fake extension
  392|  1.90k|         m_data->extensions().add(new Renegotiation_Extension());
  393|  1.90k|      }
  394|  1.98k|   }
  395|  6.93k|}
_ZN5Botan3TLS15Client_Hello_13C2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE:
  559|    700|Client_Hello_13::Client_Hello_13(std::unique_ptr<Client_Hello_Internal> data) : Client_Hello(std::move(data)) {
  560|    700|   const auto& exts = m_data->extensions();
  561|       |
  562|       |   // RFC 8446 4.1.2
  563|       |   //    TLS 1.3 ClientHellos are identified as having a legacy_version of
  564|       |   //    0x0303 and a "supported_versions" extension present with 0x0304 as the
  565|       |   //    highest version indicated therein.
  566|       |   //
  567|       |   // Note that we already checked for "supported_versions" before entering this
  568|       |   // c'tor in `Client_Hello_13::parse()`. This is just to be doubly sure.
  569|    700|   BOTAN_ASSERT_NOMSG(exts.has<Supported_Versions>());
  ------------------
  |  |   60|    700|   do {                                                                     \
  |  |   61|    700|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 700]
  |  |  ------------------
  |  |   62|    700|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|    700|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  570|       |
  571|       |   // RFC 8446 4.2.1
  572|       |   //    Servers MAY abort the handshake upon receiving a ClientHello with
  573|       |   //    legacy_version 0x0304 or later.
  574|    700|   if(m_data->legacy_version().is_tls_13_or_later()) {
  ------------------
  |  Branch (574:7): [True: 23, False: 677]
  ------------------
  575|     23|      throw TLS_Exception(Alert::DecodeError, "TLS 1.3 Client Hello has invalid legacy_version");
  576|     23|   }
  577|       |
  578|       |   // RFC 8446 4.1.2
  579|       |   //    For every TLS 1.3 ClientHello, [the compression method] MUST contain
  580|       |   //    exactly one byte, set to zero, [...].  If a TLS 1.3 ClientHello is
  581|       |   //    received with any other value in this field, the server MUST abort the
  582|       |   //    handshake with an "illegal_parameter" alert.
  583|    677|   if(m_data->comp_methods().size() != 1 || m_data->comp_methods().front() != 0) {
  ------------------
  |  Branch (583:7): [True: 1, False: 676]
  |  Branch (583:45): [True: 11, False: 665]
  ------------------
  584|     12|      throw TLS_Exception(Alert::IllegalParameter, "Client did not offer NULL compression");
  585|     12|   }
  586|       |
  587|       |   // RFC 8446 4.2.9
  588|       |   //    A client MUST provide a "psk_key_exchange_modes" extension if it
  589|       |   //    offers a "pre_shared_key" extension. If clients offer "pre_shared_key"
  590|       |   //    without a "psk_key_exchange_modes" extension, servers MUST abort
  591|       |   //    the handshake.
  592|    665|   if(exts.has<PSK>()) {
  ------------------
  |  Branch (592:7): [True: 135, False: 530]
  ------------------
  593|    135|      if(!exts.has<PSK_Key_Exchange_Modes>()) {
  ------------------
  |  Branch (593:10): [True: 12, False: 123]
  ------------------
  594|     12|         throw TLS_Exception(Alert::MissingExtension,
  595|     12|                             "Client Hello offered a PSK without a psk_key_exchange_modes extension");
  596|     12|      }
  597|       |
  598|       |      // RFC 8446 4.2.11
  599|       |      //     The "pre_shared_key" extension MUST be the last extension in the
  600|       |      //     ClientHello [...]. Servers MUST check that it is the last extension
  601|       |      //     and otherwise fail the handshake with an "illegal_parameter" alert.
  602|    123|      if(exts.all().back()->type() != Extension_Code::PresharedKey) {
  ------------------
  |  Branch (602:10): [True: 29, False: 94]
  ------------------
  603|     29|         throw TLS_Exception(Alert::IllegalParameter, "PSK extension was not at the very end of the Client Hello");
  604|     29|      }
  605|    123|   }
  606|       |
  607|       |   // RFC 8446 9.2
  608|       |   //    [A TLS 1.3 ClientHello] message MUST meet the following requirements:
  609|       |   //
  610|       |   //     -  If not containing a "pre_shared_key" extension, it MUST contain
  611|       |   //        both a "signature_algorithms" extension and a "supported_groups"
  612|       |   //        extension.
  613|       |   //
  614|       |   //     -  If containing a "supported_groups" extension, it MUST also contain
  615|       |   //        a "key_share" extension, and vice versa.  An empty
  616|       |   //        KeyShare.client_shares vector is permitted.
  617|       |   //
  618|       |   //    Servers receiving a ClientHello which does not conform to these
  619|       |   //    requirements MUST abort the handshake with a "missing_extension"
  620|       |   //    alert.
  621|    624|   if(!exts.has<PSK>()) {
  ------------------
  |  Branch (621:7): [True: 530, False: 94]
  ------------------
  622|    530|      if(!exts.has<Supported_Groups>() || !exts.has<Signature_Algorithms>()) {
  ------------------
  |  Branch (622:10): [True: 45, False: 485]
  |  Branch (622:43): [True: 22, False: 463]
  ------------------
  623|     67|         throw TLS_Exception(
  624|     67|            Alert::MissingExtension,
  625|     67|            "Non-PSK Client Hello did not contain supported_groups and signature_algorithms extensions");
  626|     67|      }
  627|    530|   }
  628|    557|   if(exts.has<Supported_Groups>() != exts.has<Key_Share>()) {
  ------------------
  |  Branch (628:7): [True: 8, False: 549]
  ------------------
  629|      8|      throw TLS_Exception(Alert::MissingExtension,
  630|      8|                          "Client Hello must either contain both key_share and supported_groups extensions or neither");
  631|      8|   }
  632|       |
  633|    549|   if(exts.has<Key_Share>()) {
  ------------------
  |  Branch (633:7): [True: 456, False: 93]
  ------------------
  634|    456|      const auto supported_ext = exts.get<Supported_Groups>();
  635|    456|      BOTAN_ASSERT_NONNULL(supported_ext);
  ------------------
  |  |   87|    456|   do {                                                                                   \
  |  |   88|    456|      if((ptr) == nullptr)                                                                \
  |  |  ------------------
  |  |  |  Branch (88:10): [True: 0, False: 456]
  |  |  ------------------
  |  |   89|    456|         Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \
  |  |   90|    456|   } while(0)
  |  |  ------------------
  |  |  |  Branch (90:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  636|    456|      const auto supports = supported_ext->groups();
  637|    456|      const auto offers = exts.get<Key_Share>()->offered_groups();
  638|       |
  639|       |      // RFC 8446 4.2.8
  640|       |      //    Each KeyShareEntry value MUST correspond to a group offered in the
  641|       |      //    "supported_groups" extension and MUST appear in the same order.
  642|       |      //    [...]
  643|       |      //    Clients MUST NOT offer any KeyShareEntry values for groups not
  644|       |      //    listed in the client's "supported_groups" extension.
  645|       |      //
  646|       |      // Note: We can assume that both `offers` and `supports` are unique lists
  647|       |      //       as this is ensured in the parsing code of the extensions.
  648|    456|      auto found_in_supported_groups = [&supports, support_offset = -1](auto group) mutable {
  649|    456|         const auto i = std::find(supports.begin(), supports.end(), group);
  650|    456|         if(i == supports.end()) {
  651|    456|            return false;
  652|    456|         }
  653|       |
  654|    456|         const auto found_at = std::distance(supports.begin(), i);
  655|    456|         if(found_at <= support_offset) {
  656|    456|            return false;  // The order that groups appear in "key_share" and
  657|       |                           // "supported_groups" must be the same
  658|    456|         }
  659|       |
  660|    456|         support_offset = static_cast<decltype(support_offset)>(found_at);
  661|    456|         return true;
  662|    456|      };
  663|       |
  664|    669|      for(const auto offered : offers) {
  ------------------
  |  Branch (664:30): [True: 669, False: 431]
  ------------------
  665|       |         // RFC 8446 4.2.8
  666|       |         //    Servers MAY check for violations of these rules and abort the
  667|       |         //    handshake with an "illegal_parameter" alert if one is violated.
  668|    669|         if(!found_in_supported_groups(offered)) {
  ------------------
  |  Branch (668:13): [True: 25, False: 644]
  ------------------
  669|     25|            throw TLS_Exception(Alert::IllegalParameter,
  670|     25|                                "Offered key exchange groups do not align with claimed supported groups");
  671|     25|         }
  672|    669|      }
  673|    456|   }
  674|       |
  675|       |   // TODO: Reject oid_filters extension if found (which is the only known extension that
  676|       |   //       must not occur in the TLS 1.3 client hello.
  677|       |   // RFC 8446 4.2.5
  678|       |   //    [The oid_filters extension] MUST only be sent in the CertificateRequest message.
  679|    549|}
_ZN5Botan3TLS15Client_Hello_135parseERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
  789|  8.13k|std::variant<Client_Hello_13, Client_Hello_12> Client_Hello_13::parse(const std::vector<uint8_t>& buf) {
  790|  8.13k|   auto data = std::make_unique<Client_Hello_Internal>(buf);
  791|  8.13k|   const auto version = data->version();
  792|       |
  793|  8.13k|   if(version.is_pre_tls_13()) {
  ------------------
  |  Branch (793:7): [True: 6.93k, False: 1.20k]
  ------------------
  794|  6.93k|      return Client_Hello_12(std::move(data));
  795|  6.93k|   } else {
  796|  1.20k|      return Client_Hello_13(std::move(data));
  797|  1.20k|   }
  798|  8.13k|}
_ZNK5Botan3TLS21Client_Hello_Internal14legacy_versionEv:
  138|    700|      Protocol_Version legacy_version() const { return m_legacy_version; }
_ZNK5Botan3TLS21Client_Hello_Internal12comp_methodsEv:
  146|  1.35k|      const std::vector<uint8_t>& comp_methods() const { return m_comp_methods; }
_ZNK5Botan3TLS21Client_Hello_Internal12ciphersuitesEv:
  144|  20.8k|      const std::vector<uint16_t>& ciphersuites() const { return m_suites; }
_ZN5Botan3TLS21Client_Hello_Internal10extensionsEv:
  154|  4.59k|      Extensions& extensions() { return m_extensions; }
msg_client_hello.cpp:_ZZN5Botan3TLS15Client_Hello_13C1ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEEEN3$_0clINS0_12Group_ParamsEEEDaT_:
  648|    669|      auto found_in_supported_groups = [&supports, support_offset = -1](auto group) mutable {
  649|    669|         const auto i = std::find(supports.begin(), supports.end(), group);
  650|    669|         if(i == supports.end()) {
  ------------------
  |  Branch (650:13): [True: 22, False: 647]
  ------------------
  651|     22|            return false;
  652|     22|         }
  653|       |
  654|    647|         const auto found_at = std::distance(supports.begin(), i);
  655|    647|         if(found_at <= support_offset) {
  ------------------
  |  Branch (655:13): [True: 3, False: 644]
  ------------------
  656|      3|            return false;  // The order that groups appear in "key_share" and
  657|       |                           // "supported_groups" must be the same
  658|      3|         }
  659|       |
  660|    644|         support_offset = static_cast<decltype(support_offset)>(found_at);
  661|    644|         return true;
  662|    647|      };
_ZNK5Botan3TLS21Client_Hello_Internal7versionEv:
  110|  7.63k|      Protocol_Version version() const {
  111|       |         // RFC 8446 4.2.1
  112|       |         //    If [the "supported_versions"] extension is not present, servers
  113|       |         //    which are compliant with this specification and which also support
  114|       |         //    TLS 1.2 MUST negotiate TLS 1.2 or prior as specified in [RFC5246],
  115|       |         //    even if ClientHello.legacy_version is 0x0304 or later.
  116|       |         //
  117|       |         // RFC 8446 4.2.1
  118|       |         //    Servers MUST be prepared to receive ClientHellos that include
  119|       |         //    [the supported_versions] extension but do not include 0x0304 in
  120|       |         //    the list of versions.
  121|       |         //
  122|       |         // RFC 8446 4.1.2
  123|       |         //    TLS 1.3 ClientHellos are identified as having a legacy_version of
  124|       |         //    0x0303 and a supported_versions extension present with 0x0304 as
  125|       |         //    the highest version indicated therein.
  126|  7.63k|         if(!extensions().has<Supported_Versions>() ||
  ------------------
  |  Branch (126:13): [True: 6.73k, False: 896]
  ------------------
  127|  7.63k|            !extensions().get<Supported_Versions>()->supports(Protocol_Version::TLS_V13)) {
  ------------------
  |  Branch (127:13): [True: 196, False: 700]
  ------------------
  128|       |            // The exact legacy_version is ignored we just inspect it to
  129|       |            // distinguish TLS and DTLS.
  130|  6.93k|            return (m_legacy_version.is_datagram_protocol()) ? Protocol_Version::DTLS_V12 : Protocol_Version::TLS_V12;
  ------------------
  |  Branch (130:20): [True: 2.68k, False: 4.24k]
  ------------------
  131|  6.93k|         }
  132|       |
  133|       |         // Note: The Client_Hello_13 class will make sure that legacy_version
  134|       |         //       is exactly 0x0303 (aka ossified TLS 1.2)
  135|    700|         return Protocol_Version::TLS_V13;
  136|  7.63k|      }
_ZNK5Botan3TLS21Client_Hello_Internal10extensionsEv:
  152|  8.53k|      const Extensions& extensions() const { return m_extensions; }
_ZN5Botan3TLS21Client_Hello_InternalC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
   71|  8.13k|      Client_Hello_Internal(const std::vector<uint8_t>& buf) {
   72|  8.13k|         if(buf.size() < 41) {
  ------------------
  |  Branch (72:13): [True: 15, False: 8.12k]
  ------------------
   73|     15|            throw Decoding_Error("Client_Hello: Packet corrupted");
   74|     15|         }
   75|       |
   76|  8.12k|         TLS_Data_Reader reader("ClientHello", buf);
   77|       |
   78|  8.12k|         const uint8_t major_version = reader.get_byte();
   79|  8.12k|         const uint8_t minor_version = reader.get_byte();
   80|       |
   81|  8.12k|         m_legacy_version = Protocol_Version(major_version, minor_version);
   82|  8.12k|         m_random = reader.get_fixed<uint8_t>(32);
   83|  8.12k|         m_session_id = Session_ID(reader.get_range<uint8_t>(1, 0, 32));
   84|       |
   85|  8.12k|         if(m_legacy_version.is_datagram_protocol()) {
  ------------------
  |  Branch (85:13): [True: 2.77k, False: 5.34k]
  ------------------
   86|  2.77k|            auto sha256 = HashFunction::create_or_throw("SHA-256");
   87|  2.77k|            sha256->update(reader.get_data_read_so_far());
   88|       |
   89|  2.77k|            m_hello_cookie = reader.get_range<uint8_t>(1, 0, 255);
   90|       |
   91|  2.77k|            sha256->update(reader.get_remaining());
   92|  2.77k|            m_cookie_input_bits = sha256->final_stdvec();
   93|  2.77k|         }
   94|       |
   95|  8.12k|         m_suites = reader.get_range_vector<uint16_t>(2, 1, 32767);
   96|  8.12k|         m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255);
   97|       |
   98|  8.12k|         m_extensions.deserialize(reader, Connection_Side::Client, Handshake_Type::ClientHello);
   99|  8.12k|      }

_ZN5Botan3TLS8FinishedC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
   50|  6.78k|Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {}

_ZN5Botan3TLS12Server_HelloC2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE:
  167|  4.87k|Server_Hello::Server_Hello(std::unique_ptr<Server_Hello_Internal> data) : m_data(std::move(data)) {}
_ZN5Botan3TLS12Server_HelloC2EOS1_:
  169|  19.0k|Server_Hello::Server_Hello(Server_Hello&&) noexcept = default;
_ZN5Botan3TLS12Server_HelloD2Ev:
  172|  23.9k|Server_Hello::~Server_Hello() = default;
_ZNK5Botan3TLS12Server_Hello14legacy_versionEv:
  199|    326|Protocol_Version Server_Hello::legacy_version() const { return m_data->legacy_version(); }
_ZNK5Botan3TLS12Server_Hello18compression_methodEv:
  203|    244|uint8_t Server_Hello::compression_method() const { return m_data->comp_method(); }
_ZNK5Botan3TLS12Server_Hello10extensionsEv:
  211|    427|const Extensions& Server_Hello::extensions() const { return m_data->extensions(); }
_ZN5Botan3TLS15Server_Hello_12C2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE:
  338|  4.59k|Server_Hello_12::Server_Hello_12(std::unique_ptr<Server_Hello_Internal> data) : Server_Hello(std::move(data)) {
  339|  4.59k|   if(!m_data->version().is_pre_tls_13()) {
  ------------------
  |  Branch (339:7): [True: 0, False: 4.59k]
  ------------------
  340|      0|      throw TLS_Exception(Alert::ProtocolVersion, "Expected server hello of (D)TLS 1.2 or lower");
  341|      0|   }
  342|  4.59k|}
_ZN5Botan3TLS15Server_Hello_135parseERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
  471|  4.98k|   const std::vector<uint8_t>& buf) {
  472|  4.98k|   auto data = std::make_unique<Server_Hello_Internal>(buf);
  473|  4.98k|   const auto version = data->version();
  474|       |
  475|       |   // server hello that appears to be pre-TLS 1.3, takes precedence over...
  476|  4.98k|   if(version.is_pre_tls_13()) {
  ------------------
  |  Branch (476:7): [True: 4.59k, False: 395]
  ------------------
  477|  4.59k|      return Server_Hello_12(std::move(data));
  478|  4.59k|   }
  479|       |
  480|       |   // ... the TLS 1.3 "special case" aka. Hello_Retry_Request
  481|    395|   if(version == Protocol_Version::TLS_V13) {
  ------------------
  |  Branch (481:7): [True: 285, False: 110]
  ------------------
  482|    285|      if(data->is_hello_retry_request()) {
  ------------------
  |  Branch (482:10): [True: 0, False: 285]
  ------------------
  483|      0|         return Hello_Retry_Request(std::move(data));
  484|      0|      }
  485|       |
  486|    285|      return Server_Hello_13(std::move(data));
  487|    285|   }
  488|       |
  489|    110|   throw TLS_Exception(Alert::ProtocolVersion, "unexpected server hello version: " + version.to_string());
  490|    395|}
_ZNK5Botan3TLS15Server_Hello_1316basic_validationEv:
  495|    285|void Server_Hello_13::basic_validation() const {
  496|    285|   BOTAN_ASSERT_NOMSG(m_data->version() == Protocol_Version::TLS_V13);
  ------------------
  |  |   60|    285|   do {                                                                     \
  |  |   61|    285|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 285]
  |  |  ------------------
  |  |   62|    285|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|    285|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  497|       |
  498|       |   // Note: checks that cannot be performed without contextual information
  499|       |   //       are done in the specific TLS client implementation.
  500|       |   // Note: The Supported_Version extension makes sure internally that
  501|       |   //       exactly one entry is provided.
  502|       |
  503|       |   // Note: Hello Retry Request basic validation is equivalent with the
  504|       |   //       basic validations required for Server Hello
  505|       |   //
  506|       |   // RFC 8446 4.1.4
  507|       |   //    Upon receipt of a HelloRetryRequest, the client MUST check the
  508|       |   //    legacy_version, [...], and legacy_compression_method as specified in
  509|       |   //    Section 4.1.3 and then process the extensions, starting with determining
  510|       |   //    the version using "supported_versions".
  511|       |
  512|       |   // RFC 8446 4.1.3
  513|       |   //    In TLS 1.3, [...] the legacy_version field MUST be set to 0x0303
  514|    285|   if(legacy_version() != Protocol_Version::TLS_V12) {
  ------------------
  |  Branch (514:7): [True: 41, False: 244]
  ------------------
  515|     41|      throw TLS_Exception(Alert::ProtocolVersion,
  516|     41|                          "legacy_version '" + legacy_version().to_string() + "' is not allowed");
  517|     41|   }
  518|       |
  519|       |   // RFC 8446 4.1.3
  520|       |   //    legacy_compression_method:  A single byte which MUST have the value 0.
  521|    244|   if(compression_method() != 0x00) {
  ------------------
  |  Branch (521:7): [True: 8, False: 236]
  ------------------
  522|      8|      throw TLS_Exception(Alert::DecodeError, "compression is not supported in TLS 1.3");
  523|      8|   }
  524|       |
  525|       |   // RFC 8446 4.1.3
  526|       |   //    All TLS 1.3 ServerHello messages MUST contain the "supported_versions" extension.
  527|    236|   if(!extensions().has<Supported_Versions>()) {
  ------------------
  |  Branch (527:7): [True: 0, False: 236]
  ------------------
  528|      0|      throw TLS_Exception(Alert::MissingExtension, "server hello did not contain 'supported version' extension");
  529|      0|   }
  530|       |
  531|       |   // RFC 8446 4.2.1
  532|       |   //    A server which negotiates TLS 1.3 MUST respond by sending
  533|       |   //    a "supported_versions" extension containing the selected version
  534|       |   //    value (0x0304).
  535|    236|   if(selected_version() != Protocol_Version::TLS_V13) {
  ------------------
  |  Branch (535:7): [True: 45, False: 191]
  ------------------
  536|     45|      throw TLS_Exception(Alert::IllegalParameter, "TLS 1.3 Server Hello selected a different version");
  537|     45|   }
  538|    236|}
_ZN5Botan3TLS15Server_Hello_13C2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEENS1_16Server_Hello_TagE:
  541|    285|      Server_Hello(std::move(data)) {
  542|    285|   BOTAN_ASSERT_NOMSG(!m_data->is_hello_retry_request());
  ------------------
  |  |   60|    285|   do {                                                                     \
  |  |   61|    285|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 285]
  |  |  ------------------
  |  |   62|    285|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|    285|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  543|    285|   basic_validation();
  544|       |
  545|    285|   const auto& exts = extensions();
  546|       |
  547|       |   // RFC 8446 4.1.3
  548|       |   //    The ServerHello MUST only include extensions which are required to
  549|       |   //    establish the cryptographic context and negotiate the protocol version.
  550|       |   //    [...]
  551|       |   //    Other extensions (see Section 4.2) are sent separately in the
  552|       |   //    EncryptedExtensions message.
  553|       |   //
  554|       |   // Note that further validation dependent on the client hello is done in the
  555|       |   // TLS client implementation.
  556|    285|   const std::set<Extension_Code> allowed = {
  557|    285|      Extension_Code::KeyShare,
  558|    285|      Extension_Code::SupportedVersions,
  559|    285|      Extension_Code::PresharedKey,
  560|    285|   };
  561|       |
  562|       |   // As the ServerHello shall only contain essential extensions, we don't give
  563|       |   // any slack for extensions not implemented by Botan here.
  564|    285|   if(exts.contains_other_than(allowed)) {
  ------------------
  |  Branch (564:7): [True: 5, False: 280]
  ------------------
  565|      5|      throw TLS_Exception(Alert::UnsupportedExtension, "Server Hello contained an extension that is not allowed");
  566|      5|   }
  567|       |
  568|       |   // RFC 8446 4.1.3
  569|       |   //    Current ServerHello messages additionally contain
  570|       |   //    either the "pre_shared_key" extension or the "key_share"
  571|       |   //    extension, or both [...].
  572|    280|   if(!exts.has<Key_Share>() && !exts.has<PSK_Key_Exchange_Modes>()) {
  ------------------
  |  Branch (572:7): [True: 3, False: 277]
  |  Branch (572:33): [True: 3, False: 0]
  ------------------
  573|      3|      throw TLS_Exception(Alert::MissingExtension, "server hello must contain key exchange information");
  574|      3|   }
  575|    280|}
_ZNK5Botan3TLS15Server_Hello_1316selected_versionEv:
  728|    236|Protocol_Version Server_Hello_13::selected_version() const {
  729|    236|   const auto versions_ext = m_data->extensions().get<Supported_Versions>();
  730|    236|   BOTAN_ASSERT_NOMSG(versions_ext);
  ------------------
  |  |   60|    236|   do {                                                                     \
  |  |   61|    236|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 236]
  |  |  ------------------
  |  |   62|    236|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|    236|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  731|    236|   const auto& versions = versions_ext->versions();
  732|    236|   BOTAN_ASSERT_NOMSG(versions.size() == 1);
  ------------------
  |  |   60|    236|   do {                                                                     \
  |  |   61|    236|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 236]
  |  |  ------------------
  |  |   62|    236|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|    236|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  733|    236|   return versions.front();
  734|    236|}
_ZNK5Botan3TLS21Server_Hello_Internal14legacy_versionEv:
  140|    326|      Protocol_Version legacy_version() const { return m_legacy_version; }
_ZNK5Botan3TLS21Server_Hello_Internal11comp_methodEv:
  148|    244|      uint8_t comp_method() const { return m_comp_method; }
_ZN5Botan3TLS21Server_Hello_Internal10extensionsEv:
  154|    663|      Extensions& extensions() { return m_extensions; }
_ZNK5Botan3TLS21Server_Hello_Internal7versionEv:
  127|  9.80k|      Protocol_Version version() const {
  128|       |         // RFC 8446 4.2.1
  129|       |         //    A server which negotiates a version of TLS prior to TLS 1.3 MUST set
  130|       |         //    ServerHello.version and MUST NOT send the "supported_versions"
  131|       |         //    extension.  A server which negotiates TLS 1.3 MUST respond by sending
  132|       |         //    a "supported_versions" extension containing the selected version
  133|       |         //    value (0x0304).
  134|       |         //
  135|       |         // Note: Here we just take a message parsing decision, further validation of
  136|       |         //       the extension's contents is done later.
  137|  9.80k|         return (extensions().has<Supported_Versions>()) ? Protocol_Version::TLS_V13 : m_legacy_version;
  ------------------
  |  Branch (137:17): [True: 520, False: 9.28k]
  ------------------
  138|  9.80k|      }
_ZNK5Botan3TLS21Server_Hello_Internal10extensionsEv:
  152|  9.80k|      const Extensions& extensions() const { return m_extensions; }
_ZNK5Botan3TLS21Server_Hello_Internal22is_hello_retry_requestEv:
  150|    570|      bool is_hello_retry_request() const { return m_is_hello_retry_request; }
_ZN5Botan3TLS21Server_Hello_InternalC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
   80|  4.98k|      Server_Hello_Internal(const std::vector<uint8_t>& buf) {
   81|  4.98k|         if(buf.size() < 38) {
  ------------------
  |  Branch (81:13): [True: 14, False: 4.97k]
  ------------------
   82|     14|            throw Decoding_Error("Server_Hello: Packet corrupted");
   83|     14|         }
   84|       |
   85|  4.97k|         TLS_Data_Reader reader("ServerHello", buf);
   86|       |
   87|  4.97k|         const uint8_t major_version = reader.get_byte();
   88|  4.97k|         const uint8_t minor_version = reader.get_byte();
   89|       |
   90|  4.97k|         m_legacy_version = Protocol_Version(major_version, minor_version);
   91|       |
   92|       |         // RFC 8446 4.1.3
   93|       |         //    Upon receiving a message with type server_hello, implementations MUST
   94|       |         //    first examine the Random value and, if it matches this value, process
   95|       |         //    it as described in Section 4.1.4 [Hello Retry Request]).
   96|  4.97k|         m_random = reader.get_fixed<uint8_t>(32);
   97|  4.97k|         m_is_hello_retry_request = random_signals_hello_retry_request(m_random);
   98|       |
   99|  4.97k|         m_session_id = Session_ID(reader.get_range<uint8_t>(1, 0, 32));
  100|  4.97k|         m_ciphersuite = reader.get_uint16_t();
  101|  4.97k|         m_comp_method = reader.get_byte();
  102|       |
  103|       |         // Note that this code path might parse a TLS 1.2 (or older) server hello message that
  104|       |         // is nevertheless marked as being a 'hello retry request' (potentially maliciously).
  105|       |         // Extension parsing will however not be affected by the associated flag.
  106|       |         // Only after parsing the extensions will the upstream code be able to decide
  107|       |         // whether we're dealing with TLS 1.3 or older.
  108|  4.97k|         m_extensions.deserialize(
  109|  4.97k|            reader,
  110|  4.97k|            Connection_Side::Server,
  111|  4.97k|            m_is_hello_retry_request ? Handshake_Type::HelloRetryRequest : Handshake_Type::ServerHello);
  ------------------
  |  Branch (111:13): [True: 0, False: 4.97k]
  ------------------
  112|  4.97k|      }
msg_server_hello.cpp:_ZN5Botan3TLS12_GLOBAL__N_134random_signals_hello_retry_requestERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
   39|  4.97k|bool random_signals_hello_retry_request(const std::vector<uint8_t>& random) {
   40|  4.97k|   return constant_time_compare(random.data(), HELLO_RETRY_REQUEST_MARKER.data(), HELLO_RETRY_REQUEST_MARKER.size());
   41|  4.97k|}

_ZN5Botan3TLS24handshake_type_to_stringENS0_14Handshake_TypeE:
   21|      4|const char* handshake_type_to_string(Handshake_Type type) {
   22|      4|   switch(type) {
  ------------------
  |  Branch (22:11): [True: 0, False: 4]
  ------------------
   23|      0|      case Handshake_Type::HelloVerifyRequest:
  ------------------
  |  Branch (23:7): [True: 0, False: 4]
  ------------------
   24|      0|         return "hello_verify_request";
   25|       |
   26|      0|      case Handshake_Type::HelloRequest:
  ------------------
  |  Branch (26:7): [True: 0, False: 4]
  ------------------
   27|      0|         return "hello_request";
   28|       |
   29|      0|      case Handshake_Type::ClientHello:
  ------------------
  |  Branch (29:7): [True: 0, False: 4]
  ------------------
   30|      0|         return "client_hello";
   31|       |
   32|      0|      case Handshake_Type::ServerHello:
  ------------------
  |  Branch (32:7): [True: 0, False: 4]
  ------------------
   33|      0|         return "server_hello";
   34|       |
   35|      0|      case Handshake_Type::HelloRetryRequest:
  ------------------
  |  Branch (35:7): [True: 0, False: 4]
  ------------------
   36|      0|         return "hello_retry_request";
   37|       |
   38|      0|      case Handshake_Type::Certificate:
  ------------------
  |  Branch (38:7): [True: 0, False: 4]
  ------------------
   39|      0|         return "certificate";
   40|       |
   41|      0|      case Handshake_Type::CertificateUrl:
  ------------------
  |  Branch (41:7): [True: 0, False: 4]
  ------------------
   42|      0|         return "certificate_url";
   43|       |
   44|      0|      case Handshake_Type::CertificateStatus:
  ------------------
  |  Branch (44:7): [True: 0, False: 4]
  ------------------
   45|      0|         return "certificate_status";
   46|       |
   47|      0|      case Handshake_Type::ServerKeyExchange:
  ------------------
  |  Branch (47:7): [True: 0, False: 4]
  ------------------
   48|      0|         return "server_key_exchange";
   49|       |
   50|      2|      case Handshake_Type::CertificateRequest:
  ------------------
  |  Branch (50:7): [True: 2, False: 2]
  ------------------
   51|      2|         return "certificate_request";
   52|       |
   53|      0|      case Handshake_Type::ServerHelloDone:
  ------------------
  |  Branch (53:7): [True: 0, False: 4]
  ------------------
   54|      0|         return "server_hello_done";
   55|       |
   56|      0|      case Handshake_Type::CertificateVerify:
  ------------------
  |  Branch (56:7): [True: 0, False: 4]
  ------------------
   57|      0|         return "certificate_verify";
   58|       |
   59|      0|      case Handshake_Type::ClientKeyExchange:
  ------------------
  |  Branch (59:7): [True: 0, False: 4]
  ------------------
   60|      0|         return "client_key_exchange";
   61|       |
   62|      0|      case Handshake_Type::NewSessionTicket:
  ------------------
  |  Branch (62:7): [True: 0, False: 4]
  ------------------
   63|      0|         return "new_session_ticket";
   64|       |
   65|      0|      case Handshake_Type::HandshakeCCS:
  ------------------
  |  Branch (65:7): [True: 0, False: 4]
  ------------------
   66|      0|         return "change_cipher_spec";
   67|       |
   68|      0|      case Handshake_Type::Finished:
  ------------------
  |  Branch (68:7): [True: 0, False: 4]
  ------------------
   69|      0|         return "finished";
   70|       |
   71|      0|      case Handshake_Type::EndOfEarlyData:
  ------------------
  |  Branch (71:7): [True: 0, False: 4]
  ------------------
   72|      0|         return "end_of_early_data";
   73|       |
   74|      2|      case Handshake_Type::EncryptedExtensions:
  ------------------
  |  Branch (74:7): [True: 2, False: 2]
  ------------------
   75|      2|         return "encrypted_extensions";
   76|       |
   77|      0|      case Handshake_Type::KeyUpdate:
  ------------------
  |  Branch (77:7): [True: 0, False: 4]
  ------------------
   78|      0|         return "key_update";
   79|       |
   80|      0|      case Handshake_Type::None:
  ------------------
  |  Branch (80:7): [True: 0, False: 4]
  ------------------
   81|      0|         return "invalid";
   82|      4|   }
   83|       |
   84|      0|   throw TLS_Exception(Alert::UnexpectedMessage,
   85|      0|                       "Unknown TLS handshake message type " + std::to_string(static_cast<size_t>(type)));
   86|      4|}

_ZN5Botan3TLS14Certificate_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEERKNS0_6PolicyENS0_15Connection_SideE:
  191|  1.44k|      m_side(side) {
  192|  1.44k|   TLS_Data_Reader reader("cert message reader", buf);
  193|       |
  194|  1.44k|   m_request_context = reader.get_range<uint8_t>(1, 0, 255);
  195|       |
  196|       |   // RFC 8446 4.4.2
  197|       |   //    [...] in the case of server authentication, this field SHALL be zero length.
  198|  1.44k|   if(m_side == Connection_Side::Server && !m_request_context.empty()) {
  ------------------
  |  Branch (198:7): [True: 1.44k, False: 5]
  |  Branch (198:44): [True: 6, False: 1.43k]
  ------------------
  199|      6|      throw TLS_Exception(Alert::IllegalParameter, "Server Certificate message must not contain a request context");
  200|      6|   }
  201|       |
  202|  1.44k|   const auto cert_entries_len = reader.get_uint24_t();
  203|       |
  204|  1.44k|   if(reader.remaining_bytes() != cert_entries_len) {
  ------------------
  |  Branch (204:7): [True: 35, False: 1.40k]
  ------------------
  205|     35|      throw TLS_Exception(Alert::DecodeError, "Certificate: Message malformed");
  206|     35|   }
  207|       |
  208|  1.40k|   const size_t max_size = policy.maximum_certificate_chain_size();
  209|  1.40k|   if(max_size > 0 && cert_entries_len > max_size) {
  ------------------
  |  Branch (209:7): [True: 0, False: 1.40k]
  |  Branch (209:23): [True: 0, False: 0]
  ------------------
  210|      0|      throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
  211|      0|   }
  212|       |
  213|  2.80k|   while(reader.has_remaining()) {
  ------------------
  |  Branch (213:10): [True: 1.39k, False: 1.40k]
  ------------------
  214|  1.39k|      Certificate_Entry entry;
  215|  1.39k|      entry.certificate = X509_Certificate(reader.get_tls_length_value(3));
  216|       |
  217|       |      // RFC 8446 4.4.2.2
  218|       |      //    The certificate type MUST be X.509v3 [RFC5280], unless explicitly
  219|       |      //    negotiated otherwise (e.g., [RFC7250]).
  220|       |      //
  221|       |      // TLS 1.0 through 1.3 all seem to require that the certificate be
  222|       |      // precisely a v3 certificate. In fact the strict wording would seem
  223|       |      // to require that every certificate in the chain be v3. But often
  224|       |      // the intermediates are outside of the control of the server.
  225|       |      // But, require that the leaf certificate be v3.
  226|  1.39k|      if(m_entries.empty() && entry.certificate.x509_version() != 3) {
  ------------------
  |  Branch (226:10): [True: 0, False: 1.39k]
  |  Branch (226:31): [True: 0, False: 0]
  ------------------
  227|      0|         throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3");
  228|      0|      }
  229|       |
  230|       |      // Extensions are simply tacked at the end of the certificate entry. This
  231|       |      // is a departure from the typical "tag-length-value" in a sense that the
  232|       |      // Extensions deserializer needs the length value of the extensions.
  233|  1.39k|      const auto extensions_length = reader.peek_uint16_t();
  234|  1.39k|      const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
  235|  1.39k|      TLS_Data_Reader exts_reader("extensions reader", exts_buf);
  236|  1.39k|      entry.extensions.deserialize(exts_reader, m_side, type());
  237|       |
  238|       |      // RFC 8446 4.4.2
  239|       |      //    Valid extensions for server certificates at present include the
  240|       |      //    OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
  241|       |      //    extension [RFC6962]; future extensions may be defined for this
  242|       |      //    message as well.
  243|       |      //
  244|       |      // RFC 8446 4.4.2.1
  245|       |      //    A server MAY request that a client present an OCSP response with its
  246|       |      //    certificate by sending an empty "status_request" extension in its
  247|       |      //    CertificateRequest message.
  248|  1.39k|      if(entry.extensions.contains_implemented_extensions_other_than({
  ------------------
  |  Branch (248:10): [True: 0, False: 1.39k]
  ------------------
  249|  1.39k|            Extension_Code::CertificateStatusRequest,
  250|       |            // Extension_Code::SignedCertificateTimestamp
  251|  1.39k|         })) {
  252|      0|         throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
  253|      0|      }
  254|       |
  255|  1.39k|      m_entries.push_back(std::move(entry));
  256|  1.39k|   }
  257|       |
  258|       |   // RFC 8446 4.4.2
  259|       |   //    The server's certificate_list MUST always be non-empty.  A client
  260|       |   //    will send an empty certificate_list if it does not have an
  261|       |   //    appropriate certificate to send in response to the server's
  262|       |   //    authentication request.
  263|  1.40k|   if(m_entries.empty()) {
  ------------------
  |  Branch (263:7): [True: 1, False: 1.40k]
  ------------------
  264|       |      // RFC 8446 4.4.2.4
  265|       |      //    If the server supplies an empty Certificate message, the client MUST
  266|       |      //    abort the handshake with a "decode_error" alert.
  267|      1|      if(m_side == Connection_Side::Server) {
  ------------------
  |  Branch (267:10): [True: 1, False: 0]
  ------------------
  268|      1|         throw TLS_Exception(Alert::DecodeError, "No certificates sent by server");
  269|      1|      }
  270|  1.40k|   } else {
  271|       |      /* validation of provided certificate public key */
  272|  1.40k|      auto key = m_entries.front().certificate.subject_public_key();
  273|       |
  274|  1.40k|      policy.check_peer_key_acceptable(*key);
  275|       |
  276|  1.40k|      if(!policy.allowed_signature_method(key->algo_name())) {
  ------------------
  |  Branch (276:10): [True: 0, False: 1.40k]
  ------------------
  277|      0|         throw TLS_Exception(Alert::HandshakeFailure, "Rejecting " + key->algo_name() + " signature");
  278|      0|      }
  279|  1.40k|   }
  280|  1.40k|}

_ZNK5Botan3TLS22Certificate_Request_134typeEv:
   17|  1.27k|Handshake_Type Certificate_Request_13::type() const { return TLS::Handshake_Type::CertificateRequest; }
_ZN5Botan3TLS22Certificate_Request_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_15Connection_SideE:
   19|  1.28k|Certificate_Request_13::Certificate_Request_13(const std::vector<uint8_t>& buf, const Connection_Side side) {
   20|  1.28k|   TLS_Data_Reader reader("Certificate_Request_13", buf);
   21|       |
   22|       |   // RFC 8446 4.3.2
   23|       |   //    A server which is authenticating with a certificate MAY optionally
   24|       |   //    request a certificate from the client.
   25|  1.28k|   if(side != Connection_Side::Server) {
  ------------------
  |  Branch (25:7): [True: 0, False: 1.28k]
  ------------------
   26|      0|      throw TLS_Exception(Alert::UnexpectedMessage, "Received a Certificate_Request message from a client");
   27|      0|   }
   28|       |
   29|  1.28k|   m_context = reader.get_tls_length_value(1);
   30|  1.28k|   m_extensions.deserialize(reader, side, type());
   31|       |
   32|       |   // RFC 8446 4.3.2
   33|       |   //    The "signature_algorithms" extension MUST be specified, and other
   34|       |   //    extensions may optionally be included if defined for this message.
   35|       |   //    Clients MUST ignore unrecognized extensions.
   36|       |
   37|  1.28k|   if(!m_extensions.has<Signature_Algorithms>()) {
  ------------------
  |  Branch (37:7): [True: 68, False: 1.21k]
  ------------------
   38|     68|      throw TLS_Exception(Alert::MissingExtension,
   39|     68|                          "Certificate_Request message did not provide a signature_algorithms extension");
   40|     68|   }
   41|       |
   42|       |   // RFC 8446 4.2.
   43|       |   //    The table below indicates the messages where a given extension may
   44|       |   //    appear [...].  If an implementation receives an extension which it
   45|       |   //    recognizes and which is not specified for the message in which it
   46|       |   //    appears, it MUST abort the handshake with an "illegal_parameter" alert.
   47|       |   //
   48|       |   // For Certificate Request said table states:
   49|       |   //    "status_request", "signature_algorithms", "signed_certificate_timestamp",
   50|       |   //     "certificate_authorities", "oid_filters", "signature_algorithms_cert",
   51|  1.21k|   std::set<Extension_Code> allowed_extensions = {
   52|  1.21k|      Extension_Code::CertificateStatusRequest,
   53|  1.21k|      Extension_Code::SignatureAlgorithms,
   54|       |      // Extension_Code::SignedCertificateTimestamp,  // NYI
   55|  1.21k|      Extension_Code::CertificateAuthorities,
   56|       |      // Extension_Code::OidFilters,                   // NYI
   57|  1.21k|      Extension_Code::CertSignatureAlgorithms,
   58|  1.21k|   };
   59|       |
   60|  1.21k|   if(m_extensions.contains_implemented_extensions_other_than(allowed_extensions)) {
  ------------------
  |  Branch (60:7): [True: 9, False: 1.20k]
  ------------------
   61|      9|      throw TLS_Exception(Alert::IllegalParameter, "Certificate Request contained an extension that is not allowed");
   62|      9|   }
   63|  1.21k|}

_ZN5Botan3TLS20Encrypted_ExtensionsC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE:
   69|  8.49k|Encrypted_Extensions::Encrypted_Extensions(const std::vector<uint8_t>& buf) {
   70|  8.49k|   TLS_Data_Reader reader("encrypted extensions reader", buf);
   71|       |
   72|       |   // Encrypted Extensions contains a list of extensions. This list may legally
   73|       |   // be empty. However, in that case we should at least see a two-byte length
   74|       |   // field that reads 0x00 0x00.
   75|  8.49k|   if(buf.size() < 2) {
  ------------------
  |  Branch (75:7): [True: 10, False: 8.48k]
  ------------------
   76|     10|      throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message");
   77|     10|   }
   78|       |
   79|  8.48k|   m_extensions.deserialize(reader, Connection_Side::Server, type());
   80|       |
   81|       |   // RFC 8446 4.2
   82|       |   //    If an implementation receives an extension which it recognizes and
   83|       |   //    which is not specified for the message in which it appears, it MUST
   84|       |   //    abort the handshake with an "illegal_parameter" alert.
   85|       |   //
   86|       |   // Note that we cannot encounter any extensions that we don't recognize here,
   87|       |   // since only extensions we previously offered are allowed in EE.
   88|  8.48k|   const auto allowed_exts = std::set<Extension_Code>{
   89|       |      // Allowed extensions listed in RFC 8446 and implemented in Botan
   90|  8.48k|      Extension_Code::ServerNameIndication,
   91|       |      // MAX_FRAGMENT_LENGTH
   92|  8.48k|      Extension_Code::SupportedGroups,
   93|  8.48k|      Extension_Code::UseSrtp,
   94|       |      // HEARTBEAT
   95|  8.48k|      Extension_Code::ApplicationLayerProtocolNegotiation,
   96|       |      // CLIENT_CERTIFICATE_TYPE
   97|       |      // SERVER_CERTIFICATE_TYPE
   98|       |      // EARLY_DATA
   99|       |
  100|       |      // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them
  101|  8.48k|      Extension_Code::RecordSizeLimit,
  102|  8.48k|   };
  103|  8.48k|   if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) {
  ------------------
  |  Branch (103:7): [True: 222, False: 8.26k]
  ------------------
  104|    222|      throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed");
  105|    222|   }
  106|  8.48k|}

_ZN5Botan3TLS9Key_ShareC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE:
  391|  1.76k|Key_Share::Key_Share(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type) {
  392|  1.76k|   if(message_type == Handshake_Type::ClientHello) {
  ------------------
  |  Branch (392:7): [True: 1.24k, False: 522]
  ------------------
  393|  1.24k|      m_impl = std::make_unique<Key_Share_Impl>(Key_Share_ClientHello(reader, extension_size));
  394|  1.24k|   } else if(message_type == Handshake_Type::HelloRetryRequest)  // Connection_Side::Server
  ------------------
  |  Branch (394:14): [True: 0, False: 522]
  ------------------
  395|      0|   {
  396|      0|      m_impl = std::make_unique<Key_Share_Impl>(Key_Share_HelloRetryRequest(reader, extension_size));
  397|    522|   } else if(message_type == Handshake_Type::ServerHello)  // Connection_Side::Server
  ------------------
  |  Branch (397:14): [True: 518, False: 4]
  ------------------
  398|    518|   {
  399|    518|      m_impl = std::make_unique<Key_Share_Impl>(Key_Share_ServerHello(reader, extension_size));
  400|    518|   } else {
  401|      4|      throw Invalid_Argument(std::string("cannot create a Key_Share extension for message of type: ") +
  402|      4|                             handshake_type_to_string(message_type));
  403|      4|   }
  404|  1.76k|}
_ZN5Botan3TLS9Key_ShareD2Ev:
  418|  1.64k|Key_Share::~Key_Share() = default;
_ZNK5Botan3TLS9Key_Share14offered_groupsEv:
  446|    456|std::vector<Named_Group> Key_Share::offered_groups() const {
  447|    456|   return std::visit([](const auto& keyshare) { return keyshare.offered_groups(); }, m_impl->key_share);
  448|    456|}
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC2ERNS0_15TLS_Data_ReaderEt:
  161|  1.24k|      Key_Share_ClientHello(TLS_Data_Reader& reader, uint16_t /* extension_size */) {
  162|       |         // This construction is a crutch to make working with the incoming
  163|       |         // TLS_Data_Reader bearable. Currently, this reader spans the entire
  164|       |         // Client_Hello message. Hence, if offset or length fields are skewed
  165|       |         // or maliciously fabricated, it is possible to read further than the
  166|       |         // bounds of the current extension.
  167|       |         // Note that this aplies to many locations in the code base.
  168|       |         //
  169|       |         // TODO: Overhaul the TLS_Data_Reader to allow for cheap "sub-readers"
  170|       |         //       that enforce read bounds of sub-structures while parsing.
  171|  1.24k|         const auto client_key_share_length = reader.get_uint16_t();
  172|  1.24k|         const auto read_bytes_so_far_begin = reader.read_so_far();
  173|  1.24k|         auto remaining = [&] {
  174|  1.24k|            const auto read_so_far = reader.read_so_far() - read_bytes_so_far_begin;
  175|  1.24k|            BOTAN_STATE_CHECK(read_so_far <= client_key_share_length);
  176|  1.24k|            return client_key_share_length - read_so_far;
  177|  1.24k|         };
  178|       |
  179|  4.06k|         while(reader.has_remaining() && remaining() > 0) {
  ------------------
  |  Branch (179:16): [True: 2.84k, False: 1.22k]
  |  Branch (179:42): [True: 2.82k, False: 15]
  ------------------
  180|  2.82k|            if(remaining() < 4) {
  ------------------
  |  Branch (180:16): [True: 4, False: 2.82k]
  ------------------
  181|      4|               throw TLS_Exception(Alert::DecodeError, "Not enough data to read another KeyShareEntry");
  182|      4|            }
  183|       |
  184|  2.82k|            Key_Share_Entry new_entry(reader);
  185|       |
  186|       |            // RFC 8446 4.2.8
  187|       |            //    Clients MUST NOT offer multiple KeyShareEntry values for the same
  188|       |            //    group. [...]
  189|       |            //    Servers MAY check for violations of these rules and abort the
  190|       |            //    handshake with an "illegal_parameter" alert if one is violated.
  191|  2.82k|            if(std::find_if(m_client_shares.begin(), m_client_shares.end(), [&](const auto& entry) {
  ------------------
  |  Branch (191:16): [True: 6, False: 2.81k]
  ------------------
  192|  2.82k|                  return entry.group() == new_entry.group();
  193|  2.82k|               }) != m_client_shares.end()) {
  194|      6|               throw TLS_Exception(Alert::IllegalParameter, "Received multiple key share entries for the same group");
  195|      6|            }
  196|       |
  197|  2.81k|            m_client_shares.emplace_back(std::move(new_entry));
  198|  2.81k|         }
  199|       |
  200|  1.23k|         if((reader.read_so_far() - read_bytes_so_far_begin) != client_key_share_length) {
  ------------------
  |  Branch (200:13): [True: 36, False: 1.20k]
  ------------------
  201|     36|            throw Decoding_Error("Read bytes are not equal client KeyShare length");
  202|     36|         }
  203|  1.23k|      }
tls_extensions_key_share.cpp:_ZZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC1ERNS0_15TLS_Data_ReaderEtENKUlvE_clEv:
  173|  5.66k|         auto remaining = [&] {
  174|  5.66k|            const auto read_so_far = reader.read_so_far() - read_bytes_so_far_begin;
  175|  5.66k|            BOTAN_STATE_CHECK(read_so_far <= client_key_share_length);
  ------------------
  |  |   42|  5.66k|   do {                                                         \
  |  |   43|  5.66k|      if(!(expr))                                               \
  |  |  ------------------
  |  |  |  Branch (43:10): [True: 14, False: 5.65k]
  |  |  ------------------
  |  |   44|  5.66k|         Botan::throw_invalid_state(#expr, __func__, __FILE__); \
  |  |   45|  5.66k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (45:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  176|  5.66k|            return client_key_share_length - read_so_far;
  177|  5.66k|         };
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_115Key_Share_EntryC2ERNS0_15TLS_Data_ReaderE:
   38|  3.34k|      Key_Share_Entry(TLS_Data_Reader& reader) {
   39|       |         // TODO check that the group actually exists before casting...
   40|  3.34k|         m_group = static_cast<Named_Group>(reader.get_uint16_t());
   41|  3.34k|         m_key_exchange = reader.get_tls_length_value(2);
   42|  3.34k|      }
tls_extensions_key_share.cpp:_ZZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC1ERNS0_15TLS_Data_ReaderEtENKUlRKT_E_clINS1_15Key_Share_EntryEEEDaS7_:
  191|  10.8k|            if(std::find_if(m_client_shares.begin(), m_client_shares.end(), [&](const auto& entry) {
  192|  10.8k|                  return entry.group() == new_entry.group();
  193|  10.8k|               }) != m_client_shares.end()) {
tls_extensions_key_share.cpp:_ZNK5Botan3TLS12_GLOBAL__N_115Key_Share_Entry5groupEv:
   84|  22.4k|      Named_Group group() const { return m_group; }
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloD2Ev:
  228|  3.38k|      ~Key_Share_ClientHello() = default;
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloC2ERNS0_15TLS_Data_ReaderEt:
  125|    518|      Key_Share_ServerHello(TLS_Data_Reader& reader, uint16_t) : m_server_share(reader) {}
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloD2Ev:
  130|  1.54k|      ~Key_Share_ServerHello() = default;
tls_extensions_key_share.cpp:_ZZNK5Botan3TLS9Key_Share14offered_groupsEvENK3$_5clINS0_12_GLOBAL__N_121Key_Share_ClientHelloEEEDaRKT_:
  447|    456|   return std::visit([](const auto& keyshare) { return keyshare.offered_groups(); }, m_impl->key_share);
tls_extensions_key_share.cpp:_ZNK5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHello14offered_groupsEv:
  250|    456|      std::vector<Named_Group> offered_groups() const {
  251|    456|         std::vector<Named_Group> offered_groups;
  252|    456|         offered_groups.reserve(m_client_shares.size());
  253|    696|         for(const auto& share : m_client_shares) {
  ------------------
  |  Branch (253:32): [True: 696, False: 456]
  ------------------
  254|    696|            offered_groups.push_back(share.group());
  255|    696|         }
  256|    456|         return offered_groups;
  257|    456|      }
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC2EOS2_:
  233|  2.25k|      Key_Share_ClientHello(Key_Share_ClientHello&&) = default;
tls_extensions_key_share.cpp:_ZN5Botan3TLS9Key_Share14Key_Share_ImplC2ENSt3__17variantIJNS0_12_GLOBAL__N_121Key_Share_ClientHelloENS5_21Key_Share_ServerHelloENS5_27Key_Share_HelloRetryRequestEEEE:
  386|  1.64k|      Key_Share_Impl(Key_Share_Type ks) : key_share(std::move(ks)) {}
tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloC2EOS2_:
  135|  1.03k|      Key_Share_ServerHello(Key_Share_ServerHello&&) = default;

_ZN5Botan3TLS3PSKC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE:
   56|    701|PSK::PSK(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type) {
   57|    701|   if(message_type == Handshake_Type::ServerHello) {
  ------------------
  |  Branch (57:7): [True: 231, False: 470]
  ------------------
   58|    231|      if(extension_size != 2) {
  ------------------
  |  Branch (58:10): [True: 10, False: 221]
  ------------------
   59|     10|         throw TLS_Exception(Alert::DecodeError, "Server provided a malformed PSK extension");
   60|     10|      }
   61|       |
   62|    221|      m_impl = std::make_unique<PSK_Internal>(
   63|    221|         Server_PSK{.selected_identity = reader.get_uint16_t(), .session_to_resume = std::nullopt});
   64|    470|   } else if(message_type == Handshake_Type::ClientHello) {
  ------------------
  |  Branch (64:14): [True: 465, False: 5]
  ------------------
   65|    465|      std::vector<Client_PSK> psks;
   66|       |
   67|    465|      const auto identities_length = reader.get_uint16_t();
   68|    465|      const auto identities_offset = reader.read_so_far();
   69|       |
   70|  3.67k|      while(reader.has_remaining() && (reader.read_so_far() - identities_offset) < identities_length) {
  ------------------
  |  Branch (70:13): [True: 3.61k, False: 63]
  |  Branch (70:39): [True: 3.21k, False: 402]
  ------------------
   71|  3.21k|         auto identity = Opaque_Session_Handle(reader.get_tls_length_value(2));
   72|  3.21k|         const auto obfuscated_ticket_age = reader.get_uint32_t();
   73|       |
   74|  3.21k|         psks.emplace_back(Client_PSK{
   75|  3.21k|            .ticket = Ticket(std::move(identity), obfuscated_ticket_age), .binder = {}, .cipher_state = nullptr});
   76|  3.21k|      }
   77|       |
   78|    465|      if(psks.empty()) {
  ------------------
  |  Branch (78:10): [True: 3, False: 462]
  ------------------
   79|      3|         throw TLS_Exception(Alert::DecodeError, "Empty PSK list");
   80|      3|      }
   81|       |
   82|    462|      if(reader.read_so_far() - identities_offset != identities_length) {
  ------------------
  |  Branch (82:10): [True: 35, False: 427]
  ------------------
   83|     35|         throw TLS_Exception(Alert::DecodeError, "Inconsistent PSK identity list");
   84|     35|      }
   85|       |
   86|    427|      const auto binders_length = reader.get_uint16_t();
   87|    427|      const auto binders_offset = reader.read_so_far();
   88|       |
   89|    427|      if(binders_length == 0) {
  ------------------
  |  Branch (89:10): [True: 1, False: 426]
  ------------------
   90|      1|         throw TLS_Exception(Alert::DecodeError, "Empty PSK binders list");
   91|      1|      }
   92|       |
   93|  1.86k|      for(auto& psk : psks) {
  ------------------
  |  Branch (93:21): [True: 1.86k, False: 421]
  ------------------
   94|  1.86k|         if(!reader.has_remaining() || reader.read_so_far() - binders_offset >= binders_length) {
  ------------------
  |  Branch (94:13): [True: 3, False: 1.86k]
  |  Branch (94:40): [True: 2, False: 1.86k]
  ------------------
   95|      5|            throw TLS_Exception(Alert::IllegalParameter, "Not enough PSK binders");
   96|      5|         }
   97|       |
   98|  1.86k|         psk.binder = reader.get_tls_length_value(1);
   99|  1.86k|      }
  100|       |
  101|    421|      if(reader.read_so_far() - binders_offset != binders_length) {
  ------------------
  |  Branch (101:10): [True: 41, False: 380]
  ------------------
  102|     41|         throw TLS_Exception(Alert::IllegalParameter, "Too many PSK binders");
  103|     41|      }
  104|       |
  105|    380|      m_impl = std::make_unique<PSK_Internal>(std::move(psks));
  106|    380|   } else {
  107|      5|      throw TLS_Exception(Alert::DecodeError, "Found a PSK extension in an unexpected handshake message");
  108|      5|   }
  109|    701|}
_ZN5Botan3TLS3PSKD2Ev:
  151|    554|PSK::~PSK() = default;
tls_extensions_psk.cpp:_ZN5Botan3TLS3PSK12PSK_InternalC2ENS0_12_GLOBAL__N_110Server_PSKE:
   49|    221|      PSK_Internal(Server_PSK srv_psk) : psk(srv_psk) {}
tls_extensions_psk.cpp:_ZN5Botan3TLS3PSK12PSK_InternalC2ENSt3__16vectorINS0_12_GLOBAL__N_110Client_PSKENS3_9allocatorIS6_EEEE:
   51|    333|      PSK_Internal(std::vector<Client_PSK> clt_psks) : psk(std::move(clt_psks)) {}

_ZN5Botan3TLS15Handshake_Layer9copy_dataENSt3__14spanIKhLm18446744073709551615EEE:
   19|  6.92k|void Handshake_Layer::copy_data(std::span<const uint8_t> data_from_peer) {
   20|  6.92k|   m_read_buffer.insert(m_read_buffer.end(), data_from_peer.begin(), data_from_peer.end());
   21|  6.92k|}
_ZN5Botan3TLS15Handshake_Layer12next_messageERKNS0_6PolicyERNS0_21Transcript_Hash_StateE:
  119|  34.5k|                                                                  Transcript_Hash_State& transcript_hash) {
  120|  34.5k|   TLS::TLS_Data_Reader reader("handshake message", m_read_buffer);
  121|       |
  122|  34.5k|   auto msg = parse_message<Handshake_Message_13>(reader, policy, m_peer);
  123|  34.5k|   if(msg.has_value()) {
  ------------------
  |  Branch (123:7): [True: 29.2k, False: 5.31k]
  ------------------
  124|  29.2k|      BOTAN_ASSERT_NOMSG(m_read_buffer.size() >= reader.read_so_far());
  ------------------
  |  |   60|  29.2k|   do {                                                                     \
  |  |   61|  29.2k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 29.2k]
  |  |  ------------------
  |  |   62|  29.2k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  29.2k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  125|  29.2k|      transcript_hash.update(std::span{m_read_buffer.data(), reader.read_so_far()});
  126|  29.2k|      m_read_buffer.erase(m_read_buffer.cbegin(), m_read_buffer.cbegin() + reader.read_so_far());
  127|  29.2k|   }
  128|       |
  129|  34.5k|   return msg;
  130|  34.5k|}
_ZN5Botan3TLS15Handshake_Layer27next_post_handshake_messageERKNS0_6PolicyE:
  132|  1.51k|std::optional<Post_Handshake_Message_13> Handshake_Layer::next_post_handshake_message(const Policy& policy) {
  133|  1.51k|   TLS::TLS_Data_Reader reader("post handshake message", m_read_buffer);
  134|       |
  135|  1.51k|   auto msg = parse_message<Post_Handshake_Message_13>(reader, policy, m_peer);
  136|  1.51k|   if(msg.has_value()) {
  ------------------
  |  Branch (136:7): [True: 0, False: 1.51k]
  ------------------
  137|      0|      m_read_buffer.erase(m_read_buffer.cbegin(), m_read_buffer.cbegin() + reader.read_so_far());
  138|      0|   }
  139|       |
  140|  1.51k|   return msg;
  141|  1.51k|}
tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_113parse_messageINSt3__17variantIJNS0_15Client_Hello_13ENS0_15Client_Hello_12ENS0_15Server_Hello_13ENS0_15Server_Hello_12ENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEEENS3_8optionalIT_EERNS0_15TLS_Data_ReaderERKNS0_6PolicyENS0_15Connection_SideE:
   60|  34.5k|                                      const Connection_Side peer_side) {
   61|       |   // read the message header
   62|  34.5k|   if(reader.remaining_bytes() < HEADER_LENGTH) {
  ------------------
  |  Branch (62:7): [True: 1.43k, False: 33.0k]
  ------------------
   63|  1.43k|      return std::nullopt;
   64|  1.43k|   }
   65|       |
   66|  33.0k|   Handshake_Type type = handshake_type_from_byte<Msg_Type>(reader.get_byte());
   67|       |
   68|       |   // make sure we have received the full message
   69|  33.0k|   const size_t msg_len = reader.get_uint24_t();
   70|  33.0k|   if(reader.remaining_bytes() < msg_len) {
  ------------------
  |  Branch (70:7): [True: 76, False: 33.0k]
  ------------------
   71|     76|      return std::nullopt;
   72|     76|   }
   73|       |
   74|       |   // create the message
   75|  33.0k|   const auto msg = reader.get_fixed<uint8_t>(msg_len);
   76|  33.0k|   if constexpr(std::is_same_v<Msg_Type, Handshake_Message_13>) {
  ------------------
  |  Branch (76:17): [Folded - Ignored]
  ------------------
   77|  32.9k|      switch(type) {
   78|       |         // Client Hello and Server Hello messages are ambiguous. Both may come
   79|       |         // from non-TLS 1.3 peers. Hence, their parsing is somewhat different.
   80|  8.13k|         case Handshake_Type::ClientHello:
  ------------------
  |  Branch (80:10): [True: 8.13k, False: 24.8k]
  ------------------
   81|       |            // ... might be TLS 1.2 Client Hello or TLS 1.3 Client Hello
   82|  8.13k|            return generalize_to<Handshake_Message_13>(Client_Hello_13::parse(msg));
   83|  4.98k|         case Handshake_Type::ServerHello:
  ------------------
  |  Branch (83:10): [True: 4.98k, False: 27.9k]
  ------------------
   84|       |            // ... might be TLS 1.2 Server Hello or TLS 1.3 Server Hello or
   85|       |            // a TLS 1.3 Hello Retry Request disguising as a Server Hello
   86|  4.98k|            return generalize_to<Handshake_Message_13>(Server_Hello_13::parse(msg));
   87|       |         // case Handshake_Type::EndOfEarlyData:
   88|       |         //    return End_Of_Early_Data(msg);
   89|  8.49k|         case Handshake_Type::EncryptedExtensions:
  ------------------
  |  Branch (89:10): [True: 8.49k, False: 24.4k]
  ------------------
   90|  8.49k|            return Encrypted_Extensions(msg);
   91|  1.44k|         case Handshake_Type::Certificate:
  ------------------
  |  Branch (91:10): [True: 1.44k, False: 31.5k]
  ------------------
   92|  1.44k|            return Certificate_13(msg, policy, peer_side);
   93|  1.28k|         case Handshake_Type::CertificateRequest:
  ------------------
  |  Branch (93:10): [True: 1.28k, False: 31.7k]
  ------------------
   94|  1.28k|            return Certificate_Request_13(msg, peer_side);
   95|  1.85k|         case Handshake_Type::CertificateVerify:
  ------------------
  |  Branch (95:10): [True: 1.85k, False: 31.1k]
  ------------------
   96|  1.85k|            return Certificate_Verify_13(msg, peer_side);
   97|  6.78k|         case Handshake_Type::Finished:
  ------------------
  |  Branch (97:10): [True: 6.78k, False: 26.2k]
  ------------------
   98|  6.78k|            return Finished_13(msg);
   99|      0|         default:
  ------------------
  |  Branch (99:10): [True: 0, False: 32.9k]
  ------------------
  100|      0|            BOTAN_ASSERT(false, "cannot be reached");  // make sure to update handshake_type_from_byte
  ------------------
  |  |   51|      0|   do {                                                                                 \
  |  |   52|      0|      if(!(expr))                                                                       \
  |  |  ------------------
  |  |  |  Branch (52:10): [Folded - Ignored]
  |  |  ------------------
  |  |   53|      0|         Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \
  |  |   54|      0|   } while(0)
  |  |  ------------------
  |  |  |  Branch (54:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  101|  32.9k|      }
  102|  32.9k|   } else {
  103|  33.0k|      BOTAN_UNUSED(peer_side);
  104|       |
  105|  33.0k|      switch(type) {
  106|  33.0k|         case Handshake_Type::NewSessionTicket:
  107|  33.0k|            return New_Session_Ticket_13(msg, peer_side);
  108|  33.0k|         case Handshake_Type::KeyUpdate:
  109|  33.0k|            return Key_Update(msg);
  110|  33.0k|         default:
  111|  33.0k|            BOTAN_ASSERT(false, "cannot be reached");  // make sure to update handshake_type_from_byte
  112|  33.0k|      }
  113|  33.0k|   }
  114|  33.0k|}
tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_124handshake_type_from_byteINSt3__17variantIJNS0_15Client_Hello_13ENS0_15Client_Hello_12ENS0_15Server_Hello_13ENS0_15Server_Hello_12ENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEEENS0_14Handshake_TypeEh:
   28|  33.0k|Handshake_Type handshake_type_from_byte(uint8_t byte_value) {
   29|  33.0k|   const auto type = static_cast<Handshake_Type>(byte_value);
   30|       |
   31|  33.0k|   if constexpr(std::is_same_v<Msg_Type, Handshake_Message_13>) {
  ------------------
  |  Branch (31:17): [Folded - Ignored]
  ------------------
   32|  33.0k|      switch(type) {
   33|  8.15k|         case Handshake_Type::ClientHello:
  ------------------
  |  Branch (33:10): [True: 8.15k, False: 24.9k]
  ------------------
   34|  13.1k|         case Handshake_Type::ServerHello:
  ------------------
  |  Branch (34:10): [True: 5.00k, False: 28.0k]
  ------------------
   35|       |         // case Handshake_Type::EndOfEarlyData:  // NYI: needs PSK/resumption support -- won't be offered in Client Hello for now
   36|  21.6k|         case Handshake_Type::EncryptedExtensions:
  ------------------
  |  Branch (36:10): [True: 8.51k, False: 24.5k]
  ------------------
   37|  23.1k|         case Handshake_Type::Certificate:
  ------------------
  |  Branch (37:10): [True: 1.45k, False: 31.6k]
  ------------------
   38|  24.4k|         case Handshake_Type::CertificateRequest:
  ------------------
  |  Branch (38:10): [True: 1.28k, False: 31.7k]
  ------------------
   39|  26.2k|         case Handshake_Type::CertificateVerify:
  ------------------
  |  Branch (39:10): [True: 1.86k, False: 31.2k]
  ------------------
   40|  33.0k|         case Handshake_Type::Finished:
  ------------------
  |  Branch (40:10): [True: 6.79k, False: 26.2k]
  ------------------
   41|  33.0k|            return type;
   42|     21|         default:
  ------------------
  |  Branch (42:10): [True: 21, False: 33.0k]
  ------------------
   43|     21|            throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown handshake message received");
   44|  33.0k|      }
   45|  33.0k|   } else {
   46|  33.0k|      switch(type) {
   47|  33.0k|         case Handshake_Type::NewSessionTicket:
   48|  33.0k|         case Handshake_Type::KeyUpdate:
   49|       |            // case Handshake_Type::CertificateRequest:  // NYI: post-handshake client auth (RFC 8446 4.6.2) -- won't be offered in Client Hello for now
   50|  33.0k|            return type;
   51|  33.0k|         default:
   52|  33.0k|            throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown post-handshake message received");
   53|  33.0k|      }
   54|  33.0k|   }
   55|  33.0k|}
tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_113parse_messageINSt3__17variantIJNS0_21New_Session_Ticket_13ENS0_10Key_UpdateEEEEEENS3_8optionalIT_EERNS0_15TLS_Data_ReaderERKNS0_6PolicyENS0_15Connection_SideE:
   60|  1.51k|                                      const Connection_Side peer_side) {
   61|       |   // read the message header
   62|  1.51k|   if(reader.remaining_bytes() < HEADER_LENGTH) {
  ------------------
  |  Branch (62:7): [True: 3, False: 1.51k]
  ------------------
   63|      3|      return std::nullopt;
   64|      3|   }
   65|       |
   66|  1.51k|   Handshake_Type type = handshake_type_from_byte<Msg_Type>(reader.get_byte());
   67|       |
   68|       |   // make sure we have received the full message
   69|  1.51k|   const size_t msg_len = reader.get_uint24_t();
   70|  1.51k|   if(reader.remaining_bytes() < msg_len) {
  ------------------
  |  Branch (70:7): [True: 0, False: 1.51k]
  ------------------
   71|      0|      return std::nullopt;
   72|      0|   }
   73|       |
   74|       |   // create the message
   75|  1.51k|   const auto msg = reader.get_fixed<uint8_t>(msg_len);
   76|  1.51k|   if constexpr(std::is_same_v<Msg_Type, Handshake_Message_13>) {
  ------------------
  |  Branch (76:17): [Folded - Ignored]
  ------------------
   77|  1.51k|      switch(type) {
   78|       |         // Client Hello and Server Hello messages are ambiguous. Both may come
   79|       |         // from non-TLS 1.3 peers. Hence, their parsing is somewhat different.
   80|  1.51k|         case Handshake_Type::ClientHello:
   81|       |            // ... might be TLS 1.2 Client Hello or TLS 1.3 Client Hello
   82|  1.51k|            return generalize_to<Handshake_Message_13>(Client_Hello_13::parse(msg));
   83|  1.51k|         case Handshake_Type::ServerHello:
   84|       |            // ... might be TLS 1.2 Server Hello or TLS 1.3 Server Hello or
   85|       |            // a TLS 1.3 Hello Retry Request disguising as a Server Hello
   86|  1.51k|            return generalize_to<Handshake_Message_13>(Server_Hello_13::parse(msg));
   87|       |         // case Handshake_Type::EndOfEarlyData:
   88|       |         //    return End_Of_Early_Data(msg);
   89|  1.51k|         case Handshake_Type::EncryptedExtensions:
   90|  1.51k|            return Encrypted_Extensions(msg);
   91|  1.51k|         case Handshake_Type::Certificate:
   92|  1.51k|            return Certificate_13(msg, policy, peer_side);
   93|  1.51k|         case Handshake_Type::CertificateRequest:
   94|  1.51k|            return Certificate_Request_13(msg, peer_side);
   95|  1.51k|         case Handshake_Type::CertificateVerify:
   96|  1.51k|            return Certificate_Verify_13(msg, peer_side);
   97|  1.51k|         case Handshake_Type::Finished:
   98|  1.51k|            return Finished_13(msg);
   99|  1.51k|         default:
  100|  1.51k|            BOTAN_ASSERT(false, "cannot be reached");  // make sure to update handshake_type_from_byte
  101|  1.51k|      }
  102|  1.51k|   } else {
  103|  1.51k|      BOTAN_UNUSED(peer_side);
  ------------------
  |  |  118|  1.51k|#define BOTAN_UNUSED Botan::ignore_params
  ------------------
  104|       |
  105|  1.51k|      switch(type) {
  106|      0|         case Handshake_Type::NewSessionTicket:
  ------------------
  |  Branch (106:10): [True: 0, False: 1.51k]
  ------------------
  107|      0|            return New_Session_Ticket_13(msg, peer_side);
  108|      0|         case Handshake_Type::KeyUpdate:
  ------------------
  |  Branch (108:10): [True: 0, False: 1.51k]
  ------------------
  109|      0|            return Key_Update(msg);
  110|      0|         default:
  ------------------
  |  Branch (110:10): [True: 0, False: 1.51k]
  ------------------
  111|      0|            BOTAN_ASSERT(false, "cannot be reached");  // make sure to update handshake_type_from_byte
  ------------------
  |  |   51|      0|   do {                                                                                 \
  |  |   52|      0|      if(!(expr))                                                                       \
  |  |  ------------------
  |  |  |  Branch (52:10): [Folded - Ignored]
  |  |  ------------------
  |  |   53|      0|         Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \
  |  |   54|      0|   } while(0)
  |  |  ------------------
  |  |  |  Branch (54:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  112|  1.51k|      }
  113|  1.51k|   }
  114|  1.51k|}
tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_124handshake_type_from_byteINSt3__17variantIJNS0_21New_Session_Ticket_13ENS0_10Key_UpdateEEEEEENS0_14Handshake_TypeEh:
   28|  1.51k|Handshake_Type handshake_type_from_byte(uint8_t byte_value) {
   29|  1.51k|   const auto type = static_cast<Handshake_Type>(byte_value);
   30|       |
   31|  1.51k|   if constexpr(std::is_same_v<Msg_Type, Handshake_Message_13>) {
  ------------------
  |  Branch (31:17): [Folded - Ignored]
  ------------------
   32|  1.51k|      switch(type) {
   33|  1.51k|         case Handshake_Type::ClientHello:
   34|  1.51k|         case Handshake_Type::ServerHello:
   35|       |         // case Handshake_Type::EndOfEarlyData:  // NYI: needs PSK/resumption support -- won't be offered in Client Hello for now
   36|  1.51k|         case Handshake_Type::EncryptedExtensions:
   37|  1.51k|         case Handshake_Type::Certificate:
   38|  1.51k|         case Handshake_Type::CertificateRequest:
   39|  1.51k|         case Handshake_Type::CertificateVerify:
   40|  1.51k|         case Handshake_Type::Finished:
   41|  1.51k|            return type;
   42|  1.51k|         default:
   43|  1.51k|            throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown handshake message received");
   44|  1.51k|      }
   45|  1.51k|   } else {
   46|  1.51k|      switch(type) {
   47|      0|         case Handshake_Type::NewSessionTicket:
  ------------------
  |  Branch (47:10): [True: 0, False: 1.51k]
  ------------------
   48|      0|         case Handshake_Type::KeyUpdate:
  ------------------
  |  Branch (48:10): [True: 0, False: 1.51k]
  ------------------
   49|       |            // case Handshake_Type::CertificateRequest:  // NYI: post-handshake client auth (RFC 8446 4.6.2) -- won't be offered in Client Hello for now
   50|      0|            return type;
   51|  1.51k|         default:
  ------------------
  |  Branch (51:10): [True: 1.51k, False: 0]
  ------------------
   52|  1.51k|            throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown post-handshake message received");
   53|  1.51k|      }
   54|  1.51k|   }
   55|  1.51k|}

_ZN5Botan3TLS21Transcript_Hash_StateC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE:
   19|  5.41k|Transcript_Hash_State::Transcript_Hash_State(std::string_view algo_spec) { set_algorithm(algo_spec); }
_ZN5Botan3TLS21Transcript_Hash_State6updateENSt3__14spanIKhLm18446744073709551615EEE:
  145|  29.2k|void Transcript_Hash_State::update(std::span<const uint8_t> serialized_message_s) {
  146|  29.2k|   auto serialized_message = serialized_message_s.data();
  147|  29.2k|   auto serialized_message_length = serialized_message_s.size();
  148|  29.2k|   if(m_hash != nullptr) {
  ------------------
  |  Branch (148:7): [True: 29.2k, False: 0]
  ------------------
  149|  29.2k|      auto truncation_mark = serialized_message_length;
  150|       |
  151|       |      // Check whether we should generate a truncated hash for supporting PSK
  152|       |      // binder calculation or verification. See RFC 8446 4.2.11.2.
  153|  29.2k|      if(serialized_message_length > 0 && *serialized_message == static_cast<uint8_t>(Handshake_Type::ClientHello)) {
  ------------------
  |  Branch (153:10): [True: 29.2k, False: 0]
  |  Branch (153:43): [True: 7.45k, False: 21.7k]
  ------------------
  154|  7.45k|         truncation_mark = find_client_hello_truncation_mark(serialized_message_s);
  155|  7.45k|      }
  156|       |
  157|  29.2k|      if(truncation_mark < serialized_message_length) {
  ------------------
  |  Branch (157:10): [True: 952, False: 28.2k]
  ------------------
  158|    952|         m_hash->update(serialized_message, truncation_mark);
  159|    952|         m_truncated = read_hash_state(m_hash);
  160|    952|         m_hash->update(serialized_message + truncation_mark, serialized_message_length - truncation_mark);
  161|  28.2k|      } else {
  162|  28.2k|         m_truncated.clear();
  163|  28.2k|         m_hash->update(serialized_message, serialized_message_length);
  164|  28.2k|      }
  165|       |
  166|  29.2k|      m_previous = std::exchange(m_current, read_hash_state(m_hash));
  167|  29.2k|   } else {
  168|      0|      m_unprocessed_transcript.push_back(
  169|      0|         std::vector(serialized_message, serialized_message + serialized_message_length));
  170|      0|   }
  171|  29.2k|}
_ZN5Botan3TLS21Transcript_Hash_State13set_algorithmENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE:
  188|  5.41k|void Transcript_Hash_State::set_algorithm(std::string_view algo_spec) {
  189|  5.41k|   BOTAN_STATE_CHECK(m_hash == nullptr || m_hash->name() == algo_spec);
  ------------------
  |  |   42|  5.41k|   do {                                                         \
  |  |   43|  5.41k|      if(!(expr))                                               \
  |  |  ------------------
  |  |  |  Branch (43:10): [True: 0, False: 5.41k]
  |  |  |  Branch (43:12): [True: 5.41k, False: 0]
  |  |  |  Branch (43:12): [True: 0, False: 0]
  |  |  ------------------
  |  |   44|  5.41k|         Botan::throw_invalid_state(#expr, __func__, __FILE__); \
  |  |   45|  5.41k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (45:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  190|  5.41k|   if(m_hash != nullptr) {
  ------------------
  |  Branch (190:7): [True: 0, False: 5.41k]
  ------------------
  191|      0|      return;
  192|      0|   }
  193|       |
  194|  5.41k|   m_hash = HashFunction::create_or_throw(algo_spec);
  195|  5.41k|   for(const auto& msg : m_unprocessed_transcript) {
  ------------------
  |  Branch (195:24): [True: 0, False: 5.41k]
  ------------------
  196|      0|      update(msg);
  197|      0|   }
  198|  5.41k|   m_unprocessed_transcript.clear();
  199|  5.41k|}
tls_transcript_hash_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_133find_client_hello_truncation_markENSt3__14spanIKhLm18446744073709551615EEE:
   74|  7.45k|size_t find_client_hello_truncation_mark(std::span<const uint8_t> client_hello) {
   75|  7.45k|   TLS_Data_Reader reader("Client Hello Truncation", client_hello);
   76|       |
   77|       |   // handshake message type
   78|  7.45k|   BOTAN_ASSERT_NOMSG(reader.get_byte() == static_cast<uint8_t>(Handshake_Type::ClientHello));
  ------------------
  |  |   60|  7.45k|   do {                                                                     \
  |  |   61|  7.45k|      if(!(expr))                                                           \
  |  |  ------------------
  |  |  |  Branch (61:10): [True: 0, False: 7.45k]
  |  |  ------------------
  |  |   62|  7.45k|         Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \
  |  |   63|  7.45k|   } while(0)
  |  |  ------------------
  |  |  |  Branch (63:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
   79|       |
   80|       |   // message length
   81|  7.45k|   reader.discard_next(3);
   82|       |
   83|       |   // legacy version
   84|  7.45k|   reader.discard_next(2);
   85|       |
   86|       |   // random
   87|  7.45k|   reader.discard_next(32);
   88|       |
   89|       |   // session ID
   90|  7.45k|   const auto session_id_length = reader.get_byte();
   91|  7.45k|   reader.discard_next(session_id_length);
   92|       |
   93|       |   // TODO: DTLS contains a hello_cookie in this location
   94|       |   //       Currently we don't support DTLS 1.3
   95|       |
   96|       |   // cipher suites
   97|  7.45k|   const auto ciphersuites_length = reader.get_uint16_t();
   98|  7.45k|   reader.discard_next(ciphersuites_length);
   99|       |
  100|       |   // compression methods
  101|  7.45k|   const auto compression_methods_length = reader.get_byte();
  102|  7.45k|   reader.discard_next(compression_methods_length);
  103|       |
  104|       |   // extensions
  105|  7.45k|   const auto extensions_length = reader.get_uint16_t();
  106|  7.45k|   const auto extensions_offset = reader.read_so_far();
  107|  21.7k|   while(reader.has_remaining() && reader.read_so_far() - extensions_offset < extensions_length) {
  ------------------
  |  Branch (107:10): [True: 15.2k, False: 6.46k]
  |  Branch (107:36): [True: 15.1k, False: 53]
  ------------------
  108|  15.1k|      const auto ext_type = static_cast<Extension_Code>(reader.get_uint16_t());
  109|  15.1k|      const auto ext_length = reader.get_uint16_t();
  110|       |
  111|       |      // skip over all extensions, finding the PSK extension to be truncated
  112|  15.1k|      if(ext_type != Extension_Code::PresharedKey) {
  ------------------
  |  Branch (112:10): [True: 14.2k, False: 939]
  ------------------
  113|  14.2k|         reader.discard_next(ext_length);
  114|  14.2k|         continue;
  115|  14.2k|      }
  116|       |
  117|       |      // PSK identities list
  118|    939|      const auto identities_length = reader.get_uint16_t();
  119|    939|      reader.discard_next(identities_length);
  120|       |
  121|       |      // check that only the binders are left in the buffer...
  122|    939|      const auto binders_length = reader.peek_uint16_t();
  123|    939|      if(binders_length != reader.remaining_bytes() - 2 /* binders_length */) {
  ------------------
  |  Branch (123:10): [True: 29, False: 910]
  ------------------
  124|     29|         throw TLS_Exception(Alert::IllegalParameter,
  125|     29|                             "Failed to truncate Client Hello that doesn't end on the PSK binders list");
  126|     29|      }
  127|       |
  128|       |      // the reader now points to the truncation point
  129|    910|      break;
  130|    939|   }
  131|       |
  132|       |   // if no PSK extension was found, this will point to the end of the buffer
  133|  7.42k|   return reader.read_so_far();
  134|  7.45k|}
tls_transcript_hash_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_115read_hash_stateERNSt3__110unique_ptrINS_12HashFunctionENS2_14default_deleteIS4_EEEE:
  136|  30.0k|std::vector<uint8_t> read_hash_state(std::unique_ptr<HashFunction>& hash) {
  137|       |   // Botan does not support finalizing a HashFunction without resetting
  138|       |   // the internal state of the hash. Hence we first copy the internal
  139|       |   // state and then finalize the transient HashFunction.
  140|  30.0k|   return hash->copy_state()->final_stdvec();
  141|  30.0k|}

_ZN5Botan3TLS10Extensions3addENSt3__110unique_ptrINS0_9ExtensionENS2_14default_deleteIS4_EEEE:
  101|  51.6k|void Extensions::add(std::unique_ptr<Extension> extn) {
  102|  51.6k|   if(has(extn->type())) {
  ------------------
  |  Branch (102:7): [True: 0, False: 51.6k]
  ------------------
  103|      0|      throw Invalid_Argument("cannot add the same extension twice: " +
  104|      0|                             std::to_string(static_cast<uint16_t>(extn->type())));
  105|      0|   }
  106|       |
  107|  51.6k|   m_extensions.emplace_back(extn.release());
  108|  51.6k|}
_ZN5Botan3TLS10Extensions11deserializeERNS0_15TLS_Data_ReaderENS0_15Connection_SideENS0_14Handshake_TypeE:
  110|  22.7k|void Extensions::deserialize(TLS_Data_Reader& reader, const Connection_Side from, const Handshake_Type message_type) {
  111|  22.7k|   if(reader.has_remaining()) {
  ------------------
  |  Branch (111:7): [True: 18.4k, False: 4.32k]
  ------------------
  112|  18.4k|      const uint16_t all_extn_size = reader.get_uint16_t();
  113|       |
  114|  18.4k|      if(reader.remaining_bytes() != all_extn_size) {
  ------------------
  |  Branch (114:10): [True: 54, False: 18.3k]
  ------------------
  115|     54|         throw Decoding_Error("Bad extension size");
  116|     54|      }
  117|       |
  118|  69.4k|      while(reader.has_remaining()) {
  ------------------
  |  Branch (118:13): [True: 51.0k, False: 18.3k]
  ------------------
  119|  51.0k|         const uint16_t extension_code = reader.get_uint16_t();
  120|  51.0k|         const uint16_t extension_size = reader.get_uint16_t();
  121|       |
  122|  51.0k|         const auto type = static_cast<Extension_Code>(extension_code);
  123|       |
  124|  51.0k|         if(this->has(type)) {
  ------------------
  |  Branch (124:13): [True: 10, False: 51.0k]
  ------------------
  125|     10|            throw TLS_Exception(TLS::Alert::DecodeError, "Peer sent duplicated extensions");
  126|     10|         }
  127|       |
  128|       |         // TODO offer a function on reader that returns a byte range as a reference
  129|       |         // to avoid this copy of the extension data
  130|  51.0k|         const std::vector<uint8_t> extn_data = reader.get_fixed<uint8_t>(extension_size);
  131|  51.0k|         TLS_Data_Reader extn_reader("Extension", extn_data);
  132|  51.0k|         this->add(make_extension(extn_reader, type, from, message_type));
  133|  51.0k|         extn_reader.assert_done();
  134|  51.0k|      }
  135|  18.3k|   }
  136|  22.7k|}
_ZNK5Botan3TLS10Extensions19contains_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEEb:
  139|  8.83k|                                     const bool allow_unknown_extensions) const {
  140|  8.83k|   const auto found = extension_types();
  141|       |
  142|  8.83k|   std::vector<Extension_Code> diff;
  143|  8.83k|   std::set_difference(
  144|  8.83k|      found.cbegin(), found.end(), allowed_extensions.cbegin(), allowed_extensions.cend(), std::back_inserter(diff));
  145|       |
  146|  8.83k|   if(allow_unknown_extensions) {
  ------------------
  |  Branch (146:7): [True: 8.64k, False: 191]
  ------------------
  147|       |      // Go through the found unexpected extensions whether any of those
  148|       |      // is known to this TLS implementation.
  149|  8.64k|      const auto itr = std::find_if(diff.cbegin(), diff.cend(), [this](const auto ext_type) {
  150|  8.64k|         const auto ext = get(ext_type);
  151|  8.64k|         return ext && ext->is_implemented();
  152|  8.64k|      });
  153|       |
  154|       |      // ... if yes, `contains_other_than` is true
  155|  8.64k|      return itr != diff.cend();
  156|  8.64k|   }
  157|       |
  158|    191|   return !diff.empty();
  159|  8.83k|}
_ZNK5Botan3TLS10Extensions15extension_typesEv:
  208|  8.83k|std::set<Extension_Code> Extensions::extension_types() const {
  209|  8.83k|   std::set<Extension_Code> offers;
  210|  8.83k|   std::transform(
  211|  8.83k|      m_extensions.cbegin(), m_extensions.cend(), std::inserter(offers, offers.begin()), [](const auto& ext) {
  212|  8.83k|         return ext->type();
  213|  8.83k|      });
  214|  8.83k|   return offers;
  215|  8.83k|}
_ZN5Botan3TLS17Unknown_ExtensionC2ENS0_14Extension_CodeERNS0_15TLS_Data_ReaderEt:
  218|  29.5k|      m_type(type), m_value(reader.get_fixed<uint8_t>(extension_size)) {}
_ZN5Botan3TLS21Server_Name_IndicatorC2ERNS0_15TLS_Data_ReaderEt:
  222|  3.57k|Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, uint16_t extension_size) {
  223|       |   /*
  224|       |   * This is used by the server to confirm that it knew the name
  225|       |   */
  226|  3.57k|   if(extension_size == 0) {
  ------------------
  |  Branch (226:7): [True: 2.54k, False: 1.03k]
  ------------------
  227|  2.54k|      return;
  228|  2.54k|   }
  229|       |
  230|  1.03k|   uint16_t name_bytes = reader.get_uint16_t();
  231|       |
  232|  1.03k|   if(name_bytes + 2 != extension_size) {
  ------------------
  |  Branch (232:7): [True: 33, False: 1.00k]
  ------------------
  233|     33|      throw Decoding_Error("Bad encoding of SNI extension");
  234|     33|   }
  235|       |
  236|  2.76k|   while(name_bytes) {
  ------------------
  |  Branch (236:10): [True: 1.76k, False: 1.00k]
  ------------------
  237|  1.76k|      uint8_t name_type = reader.get_byte();
  238|  1.76k|      name_bytes--;
  239|       |
  240|  1.76k|      if(name_type == 0)  // DNS
  ------------------
  |  Branch (240:10): [True: 1.10k, False: 657]
  ------------------
  241|  1.10k|      {
  242|  1.10k|         m_sni_host_name = reader.get_string(2, 1, 65535);
  243|  1.10k|         name_bytes -= static_cast<uint16_t>(2 + m_sni_host_name.size());
  244|  1.10k|      } else  // some other unknown name type
  245|    657|      {
  246|    657|         reader.discard_next(name_bytes);
  247|    657|         name_bytes = 0;
  248|    657|      }
  249|  1.76k|   }
  250|  1.00k|}
_ZN5Botan3TLS23Renegotiation_ExtensionC2ERNS0_15TLS_Data_ReaderEt:
  278|    332|      m_reneg_data(reader.get_range<uint8_t>(1, 0, 255)) {
  279|    332|   if(m_reneg_data.size() + 1 != extension_size) {
  ------------------
  |  Branch (279:7): [True: 13, False: 319]
  ------------------
  280|     13|      throw Decoding_Error("Bad encoding for secure renegotiation extn");
  281|     13|   }
  282|    332|}
_ZN5Botan3TLS39Application_Layer_Protocol_NotificationC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE:
  292|  1.81k|                                                                                 Connection_Side from) {
  293|  1.81k|   if(extension_size == 0) {
  ------------------
  |  Branch (293:7): [True: 1.36k, False: 451]
  ------------------
  294|  1.36k|      return;  // empty extension
  295|  1.36k|   }
  296|       |
  297|    451|   const uint16_t name_bytes = reader.get_uint16_t();
  298|       |
  299|    451|   size_t bytes_remaining = extension_size - 2;
  300|       |
  301|    451|   if(name_bytes != bytes_remaining) {
  ------------------
  |  Branch (301:7): [True: 35, False: 416]
  ------------------
  302|     35|      throw Decoding_Error("Bad encoding of ALPN extension, bad length field");
  303|     35|   }
  304|       |
  305|  3.59k|   while(bytes_remaining) {
  ------------------
  |  Branch (305:10): [True: 3.20k, False: 391]
  ------------------
  306|  3.20k|      const std::string p = reader.get_string(1, 0, 255);
  307|       |
  308|  3.20k|      if(bytes_remaining < p.size() + 1) {
  ------------------
  |  Branch (308:10): [True: 0, False: 3.20k]
  ------------------
  309|      0|         throw Decoding_Error("Bad encoding of ALPN, length field too long");
  310|      0|      }
  311|       |
  312|  3.20k|      if(p.empty()) {
  ------------------
  |  Branch (312:10): [True: 25, False: 3.17k]
  ------------------
  313|     25|         throw Decoding_Error("Empty ALPN protocol not allowed");
  314|     25|      }
  315|       |
  316|  3.17k|      bytes_remaining -= (p.size() + 1);
  317|       |
  318|  3.17k|      m_protocols.push_back(p);
  319|  3.17k|   }
  320|       |
  321|       |   // RFC 7301 3.1
  322|       |   //    The "extension_data" field of the [...] extension is structured the
  323|       |   //    same as described above for the client "extension_data", except that
  324|       |   //    the "ProtocolNameList" MUST contain exactly one "ProtocolName".
  325|    391|   if(from == Connection_Side::Server && m_protocols.size() != 1) {
  ------------------
  |  Branch (325:7): [True: 237, False: 154]
  |  Branch (325:42): [True: 21, False: 216]
  ------------------
  326|     21|      throw TLS_Exception(
  327|     21|         Alert::DecodeError,
  328|     21|         "Server sent " + std::to_string(m_protocols.size()) + " protocols in ALPN extension response");
  329|     21|   }
  330|    391|}
_ZNK5Botan3TLS16Supported_Groups6groupsEv:
  357|    456|const std::vector<Group_Params>& Supported_Groups::groups() const { return m_groups; }
_ZN5Botan3TLS16Supported_GroupsC2ERNS0_15TLS_Data_ReaderEt:
  397|  1.17k|Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, uint16_t extension_size) {
  398|  1.17k|   const uint16_t len = reader.get_uint16_t();
  399|       |
  400|  1.17k|   if(len + 2 != extension_size) {
  ------------------
  |  Branch (400:7): [True: 20, False: 1.15k]
  ------------------
  401|     20|      throw Decoding_Error("Inconsistent length field in supported groups list");
  402|     20|   }
  403|       |
  404|  1.15k|   if(len % 2 == 1) {
  ------------------
  |  Branch (404:7): [True: 1, False: 1.15k]
  ------------------
  405|      1|      throw Decoding_Error("Supported groups list of strange size");
  406|      1|   }
  407|       |
  408|  1.15k|   const size_t elems = len / 2;
  409|       |
  410|  5.04k|   for(size_t i = 0; i != elems; ++i) {
  ------------------
  |  Branch (410:22): [True: 3.89k, False: 1.15k]
  ------------------
  411|  3.89k|      const auto group = static_cast<Group_Params>(reader.get_uint16_t());
  412|       |      // Note: RFC 8446 does not explicitly enforce that groups must be unique.
  413|  3.89k|      if(!value_exists(m_groups, group)) {
  ------------------
  |  Branch (413:10): [True: 3.00k, False: 894]
  ------------------
  414|  3.00k|         m_groups.push_back(group);
  415|  3.00k|      }
  416|  3.89k|   }
  417|  1.15k|}
_ZN5Botan3TLS23Supported_Point_FormatsC2ERNS0_15TLS_Data_ReaderEt:
  428|    395|Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, uint16_t extension_size) {
  429|    395|   uint8_t len = reader.get_byte();
  430|       |
  431|    395|   if(len + 1 != extension_size) {
  ------------------
  |  Branch (431:7): [True: 8, False: 387]
  ------------------
  432|      8|      throw Decoding_Error("Inconsistent length field in supported point formats list");
  433|      8|   }
  434|       |
  435|    387|   bool includes_uncompressed = false;
  436|    790|   for(size_t i = 0; i != len; ++i) {
  ------------------
  |  Branch (436:22): [True: 774, False: 16]
  ------------------
  437|    774|      uint8_t format = reader.get_byte();
  438|       |
  439|    774|      if(static_cast<ECPointFormat>(format) == UNCOMPRESSED) {
  ------------------
  |  Branch (439:10): [True: 218, False: 556]
  ------------------
  440|    218|         m_prefers_compressed = false;
  441|    218|         reader.discard_next(len - i - 1);
  442|    218|         return;
  443|    556|      } else if(static_cast<ECPointFormat>(format) == ANSIX962_COMPRESSED_PRIME) {
  ------------------
  |  Branch (443:17): [True: 153, False: 403]
  ------------------
  444|    153|         m_prefers_compressed = true;
  445|    153|         std::vector<uint8_t> remaining_formats = reader.get_fixed<uint8_t>(len - i - 1);
  446|    153|         includes_uncompressed =
  447|    153|            std::any_of(std::begin(remaining_formats), std::end(remaining_formats), [](uint8_t remaining_format) {
  448|    153|               return static_cast<ECPointFormat>(remaining_format) == UNCOMPRESSED;
  449|    153|            });
  450|    153|         break;
  451|    153|      }
  452|       |
  453|       |      // ignore ANSIX962_COMPRESSED_CHAR2, we don't support these curves
  454|    774|   }
  455|       |
  456|       |   // RFC 4492 5.1.:
  457|       |   //   If the Supported Point Formats Extension is indeed sent, it MUST contain the value 0 (uncompressed)
  458|       |   //   as one of the items in the list of point formats.
  459|       |   // Note:
  460|       |   //   RFC 8422 5.1.2. explicitly requires this check,
  461|       |   //   but only if the Supported Groups extension was sent.
  462|    169|   if(!includes_uncompressed) {
  ------------------
  |  Branch (462:7): [True: 30, False: 139]
  ------------------
  463|     30|      throw TLS_Exception(Alert::IllegalParameter,
  464|     30|                          "Supported Point Formats Extension must contain the uncompressed point format");
  465|     30|   }
  466|    169|}
_ZN5Botan3TLS20Signature_AlgorithmsC2ERNS0_15TLS_Data_ReaderEt:
  512|  1.77k|      m_schemes(parse_signature_algorithms(reader, extension_size)) {}
_ZN5Botan3TLS25Signature_Algorithms_CertC2ERNS0_15TLS_Data_ReaderEt:
  519|    330|      m_schemes(parse_signature_algorithms(reader, extension_size)) {}
_ZN5Botan3TLS24Session_Ticket_ExtensionC2ERNS0_15TLS_Data_ReaderEt:
  522|    522|      m_ticket(Session_Ticket(reader.get_elem<uint8_t, std::vector<uint8_t>>(extension_size))) {}
_ZN5Botan3TLS24SRTP_Protection_ProfilesC2ERNS0_15TLS_Data_ReaderEt:
  525|    571|      m_pp(reader.get_range<uint16_t>(2, 0, 65535)) {
  526|    571|   const std::vector<uint8_t> mki = reader.get_range<uint8_t>(1, 0, 255);
  527|       |
  528|    571|   if(m_pp.size() * 2 + mki.size() + 3 != extension_size) {
  ------------------
  |  Branch (528:7): [True: 14, False: 557]
  ------------------
  529|     14|      throw Decoding_Error("Bad encoding for SRTP protection extension");
  530|     14|   }
  531|       |
  532|    557|   if(!mki.empty()) {
  ------------------
  |  Branch (532:7): [True: 2, False: 555]
  ------------------
  533|      2|      throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension");
  534|      2|   }
  535|    557|}
_ZN5Botan3TLS22Extended_Master_SecretC2ERNS0_15TLS_Data_ReaderEt:
  554|    565|Extended_Master_Secret::Extended_Master_Secret(TLS_Data_Reader& /*unused*/, uint16_t extension_size) {
  555|    565|   if(extension_size != 0) {
  ------------------
  |  Branch (555:7): [True: 11, False: 554]
  ------------------
  556|     11|      throw Decoding_Error("Invalid extended_master_secret extension");
  557|     11|   }
  558|    565|}
_ZN5Botan3TLS16Encrypt_then_MACC2ERNS0_15TLS_Data_ReaderEt:
  564|    311|Encrypt_then_MAC::Encrypt_then_MAC(TLS_Data_Reader& /*unused*/, uint16_t extension_size) {
  565|    311|   if(extension_size != 0) {
  ------------------
  |  Branch (565:7): [True: 12, False: 299]
  ------------------
  566|     12|      throw Decoding_Error("Invalid encrypt_then_mac extension");
  567|     12|   }
  568|    311|}
_ZN5Botan3TLS18Supported_VersionsC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE:
  615|  1.19k|Supported_Versions::Supported_Versions(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) {
  616|  1.19k|   if(from == Connection_Side::Server) {
  ------------------
  |  Branch (616:7): [True: 273, False: 926]
  ------------------
  617|    273|      if(extension_size != 2) {
  ------------------
  |  Branch (617:10): [True: 2, False: 271]
  ------------------
  618|      2|         throw Decoding_Error("Server sent invalid supported_versions extension");
  619|      2|      }
  620|    271|      m_versions.push_back(Protocol_Version(reader.get_uint16_t()));
  621|    926|   } else {
  622|    926|      auto versions = reader.get_range<uint16_t>(1, 1, 127);
  623|       |
  624|  4.80k|      for(auto v : versions) {
  ------------------
  |  Branch (624:18): [True: 4.80k, False: 926]
  ------------------
  625|  4.80k|         m_versions.push_back(Protocol_Version(v));
  626|  4.80k|      }
  627|       |
  628|    926|      if(extension_size != 1 + 2 * versions.size()) {
  ------------------
  |  Branch (628:10): [True: 18, False: 908]
  ------------------
  629|     18|         throw Decoding_Error("Client sent invalid supported_versions extension");
  630|     18|      }
  631|    926|   }
  632|  1.19k|}
_ZNK5Botan3TLS18Supported_Versions8supportsENS0_16Protocol_VersionE:
  634|    896|bool Supported_Versions::supports(Protocol_Version version) const {
  635|  2.77k|   for(auto v : m_versions) {
  ------------------
  |  Branch (635:15): [True: 2.77k, False: 196]
  ------------------
  636|  2.77k|      if(version == v) {
  ------------------
  |  Branch (636:10): [True: 700, False: 2.07k]
  ------------------
  637|    700|         return true;
  638|    700|      }
  639|  2.77k|   }
  640|    196|   return false;
  641|    896|}
_ZN5Botan3TLS17Record_Size_LimitC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE:
  649|    525|Record_Size_Limit::Record_Size_Limit(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) {
  650|    525|   if(extension_size != 2) {
  ------------------
  |  Branch (650:7): [True: 8, False: 517]
  ------------------
  651|      8|      throw TLS_Exception(Alert::DecodeError, "invalid record_size_limit extension");
  652|      8|   }
  653|       |
  654|    517|   m_limit = reader.get_uint16_t();
  655|       |
  656|       |   // RFC 8449 4.
  657|       |   //    This value is the length of the plaintext of a protected record.
  658|       |   //    The value includes the content type and padding added in TLS 1.3 (that
  659|       |   //    is, the complete length of TLSInnerPlaintext).
  660|       |   //
  661|       |   //    A server MUST NOT enforce this restriction; a client might advertise
  662|       |   //    a higher limit that is enabled by an extension or version the server
  663|       |   //    does not understand. A client MAY abort the handshake with an
  664|       |   //    "illegal_parameter" alert.
  665|       |   //
  666|       |   // Note: We are currently supporting this extension in TLS 1.3 only, hence
  667|       |   //       we check for the TLS 1.3 limit. The TLS 1.2 limit would not include
  668|       |   //       the "content type byte" and hence be one byte less!
  669|    517|   if(m_limit > MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */ && from == Connection_Side::Server) {
  ------------------
  |  Branch (669:7): [True: 83, False: 434]
  |  Branch (669:77): [True: 3, False: 80]
  ------------------
  670|      3|      throw TLS_Exception(Alert::IllegalParameter,
  671|      3|                          "Server requested a record size limit larger than the protocol's maximum");
  672|      3|   }
  673|       |
  674|       |   // RFC 8449 4.
  675|       |   //    Endpoints MUST NOT send a "record_size_limit" extension with a value
  676|       |   //    smaller than 64.  An endpoint MUST treat receipt of a smaller value
  677|       |   //    as a fatal error and generate an "illegal_parameter" alert.
  678|    514|   if(m_limit < 64) {
  ------------------
  |  Branch (678:7): [True: 8, False: 506]
  ------------------
  679|      8|      throw TLS_Exception(Alert::IllegalParameter, "Received a record size limit smaller than 64 bytes");
  680|      8|   }
  681|    514|}
_ZN5Botan3TLS6CookieC2ERNS0_15TLS_Data_ReaderEt:
  695|    622|Cookie::Cookie(TLS_Data_Reader& reader, uint16_t extension_size) {
  696|    622|   if(extension_size == 0) {
  ------------------
  |  Branch (696:7): [True: 289, False: 333]
  ------------------
  697|    289|      return;
  698|    289|   }
  699|       |
  700|    333|   const uint16_t len = reader.get_uint16_t();
  701|       |
  702|    333|   if(len == 0) {
  ------------------
  |  Branch (702:7): [True: 1, False: 332]
  ------------------
  703|       |      // Based on RFC 8446 4.2.2, len of the Cookie buffer must be at least 1
  704|      1|      throw Decoding_Error("Cookie length must be at least 1 byte");
  705|      1|   }
  706|       |
  707|    332|   if(len > reader.remaining_bytes()) {
  ------------------
  |  Branch (707:7): [True: 17, False: 315]
  ------------------
  708|     17|      throw Decoding_Error("Not enough bytes in the buffer to decode Cookie");
  709|     17|   }
  710|       |
  711|  12.4k|   for(size_t i = 0; i < len; ++i) {
  ------------------
  |  Branch (711:22): [True: 12.0k, False: 315]
  ------------------
  712|  12.0k|      m_cookie.push_back(reader.get_byte());
  713|  12.0k|   }
  714|    315|}
_ZN5Botan3TLS22PSK_Key_Exchange_ModesC2ERNS0_15TLS_Data_ReaderEt:
  743|    575|PSK_Key_Exchange_Modes::PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size) {
  744|    575|   if(extension_size < 2) {
  ------------------
  |  Branch (744:7): [True: 2, False: 573]
  ------------------
  745|      2|      throw Decoding_Error("Empty psk_key_exchange_modes extension is illegal");
  746|      2|   }
  747|       |
  748|    573|   const auto mode_count = reader.get_byte();
  749|  3.51k|   for(uint16_t i = 0; i < mode_count; ++i) {
  ------------------
  |  Branch (749:24): [True: 2.94k, False: 573]
  ------------------
  750|  2.94k|      const auto mode = static_cast<PSK_Key_Exchange_Mode>(reader.get_byte());
  751|  2.94k|      if(mode == PSK_Key_Exchange_Mode::PSK_KE || mode == PSK_Key_Exchange_Mode::PSK_DHE_KE) {
  ------------------
  |  Branch (751:10): [True: 1.68k, False: 1.26k]
  |  Branch (751:51): [True: 309, False: 956]
  ------------------
  752|  1.93k|         m_modes.push_back(mode);
  753|  1.93k|      }
  754|  2.94k|   }
  755|    573|}
_ZN5Botan3TLS23Certificate_AuthoritiesC2ERNS0_15TLS_Data_ReaderEt:
  761|  1.71k|Certificate_Authorities::Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size) {
  762|  1.71k|   if(extension_size < 2) {
  ------------------
  |  Branch (762:7): [True: 2, False: 1.71k]
  ------------------
  763|      2|      throw Decoding_Error("Empty certificate_authorities extension is illegal");
  764|      2|   }
  765|       |
  766|  1.71k|   const uint16_t purported_size = reader.get_uint16_t();
  767|       |
  768|  1.71k|   if(reader.remaining_bytes() != purported_size) {
  ------------------
  |  Branch (768:7): [True: 33, False: 1.67k]
  ------------------
  769|     33|      throw Decoding_Error("Inconsistent length in certificate_authorities extension");
  770|     33|   }
  771|       |
  772|  7.67k|   while(reader.has_remaining()) {
  ------------------
  |  Branch (772:10): [True: 5.99k, False: 1.67k]
  ------------------
  773|  5.99k|      std::vector<uint8_t> name_bits = reader.get_tls_length_value(2);
  774|       |
  775|  5.99k|      BER_Decoder decoder(name_bits.data(), name_bits.size());
  776|  5.99k|      m_distinguished_names.emplace_back();
  777|  5.99k|      decoder.decode(m_distinguished_names.back());
  778|  5.99k|   }
  779|  1.67k|}
_ZN5Botan3TLS19EarlyDataIndicationC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE:
  798|  1.12k|                                         Handshake_Type message_type) {
  799|  1.12k|   if(message_type == Handshake_Type::NewSessionTicket) {
  ------------------
  |  Branch (799:7): [True: 0, False: 1.12k]
  ------------------
  800|      0|      if(extension_size != 4) {
  ------------------
  |  Branch (800:10): [True: 0, False: 0]
  ------------------
  801|      0|         throw TLS_Exception(Alert::DecodeError,
  802|      0|                             "Received an early_data extension in a NewSessionTicket message "
  803|      0|                             "without maximum early data size indication");
  804|      0|      }
  805|       |
  806|      0|      m_max_early_data_size = reader.get_uint32_t();
  807|  1.12k|   } else if(extension_size != 0) {
  ------------------
  |  Branch (807:14): [True: 1, False: 1.12k]
  ------------------
  808|      1|      throw TLS_Exception(Alert::DecodeError,
  809|      1|                          "Received an early_data extension containing an unexpected data "
  810|      1|                          "size indication");
  811|      1|   }
  812|  1.12k|}
tls_extensions.cpp:_ZN5Botan3TLS12_GLOBAL__N_114make_extensionERNS0_15TLS_Data_ReaderENS0_14Extension_CodeENS0_15Connection_SideENS0_14Handshake_TypeE:
   28|  50.9k|                                          const Handshake_Type message_type) {
   29|       |   // This cast is safe because we read exactly a 16 bit length field for
   30|       |   // the extension in Extensions::deserialize
   31|  50.9k|   const uint16_t size = static_cast<uint16_t>(reader.remaining_bytes());
   32|  50.9k|   switch(code) {
  ------------------
  |  Branch (32:11): [True: 29.5k, False: 21.4k]
  ------------------
   33|  3.57k|      case Extension_Code::ServerNameIndication:
  ------------------
  |  Branch (33:7): [True: 3.57k, False: 47.3k]
  ------------------
   34|  3.57k|         return std::make_unique<Server_Name_Indicator>(reader, size);
   35|       |
   36|  1.17k|      case Extension_Code::SupportedGroups:
  ------------------
  |  Branch (36:7): [True: 1.17k, False: 49.7k]
  ------------------
   37|  1.17k|         return std::make_unique<Supported_Groups>(reader, size);
   38|       |
   39|  1.82k|      case Extension_Code::CertificateStatusRequest:
  ------------------
  |  Branch (39:7): [True: 1.82k, False: 49.1k]
  ------------------
   40|  1.82k|         return std::make_unique<Certificate_Status_Request>(reader, size, message_type, from);
   41|       |
   42|    395|      case Extension_Code::EcPointFormats:
  ------------------
  |  Branch (42:7): [True: 395, False: 50.5k]
  ------------------
   43|    395|         return std::make_unique<Supported_Point_Formats>(reader, size);
   44|       |
   45|    332|      case Extension_Code::SafeRenegotiation:
  ------------------
  |  Branch (45:7): [True: 332, False: 50.6k]
  ------------------
   46|    332|         return std::make_unique<Renegotiation_Extension>(reader, size);
   47|       |
   48|  1.77k|      case Extension_Code::SignatureAlgorithms:
  ------------------
  |  Branch (48:7): [True: 1.77k, False: 49.1k]
  ------------------
   49|  1.77k|         return std::make_unique<Signature_Algorithms>(reader, size);
   50|       |
   51|    330|      case Extension_Code::CertSignatureAlgorithms:
  ------------------
  |  Branch (51:7): [True: 330, False: 50.6k]
  ------------------
   52|    330|         return std::make_unique<Signature_Algorithms_Cert>(reader, size);
   53|       |
   54|    571|      case Extension_Code::UseSrtp:
  ------------------
  |  Branch (54:7): [True: 571, False: 50.3k]
  ------------------
   55|    571|         return std::make_unique<SRTP_Protection_Profiles>(reader, size);
   56|       |
   57|  1.81k|      case Extension_Code::ApplicationLayerProtocolNegotiation:
  ------------------
  |  Branch (57:7): [True: 1.81k, False: 49.1k]
  ------------------
   58|  1.81k|         return std::make_unique<Application_Layer_Protocol_Notification>(reader, size, from);
   59|       |
   60|    565|      case Extension_Code::ExtendedMasterSecret:
  ------------------
  |  Branch (60:7): [True: 565, False: 50.4k]
  ------------------
   61|    565|         return std::make_unique<Extended_Master_Secret>(reader, size);
   62|       |
   63|    525|      case Extension_Code::RecordSizeLimit:
  ------------------
  |  Branch (63:7): [True: 525, False: 50.4k]
  ------------------
   64|    525|         return std::make_unique<Record_Size_Limit>(reader, size, from);
   65|       |
   66|    311|      case Extension_Code::EncryptThenMac:
  ------------------
  |  Branch (66:7): [True: 311, False: 50.6k]
  ------------------
   67|    311|         return std::make_unique<Encrypt_then_MAC>(reader, size);
   68|       |
   69|    522|      case Extension_Code::SessionTicket:
  ------------------
  |  Branch (69:7): [True: 522, False: 50.4k]
  ------------------
   70|    522|         return std::make_unique<Session_Ticket_Extension>(reader, size);
   71|       |
   72|  1.19k|      case Extension_Code::SupportedVersions:
  ------------------
  |  Branch (72:7): [True: 1.19k, False: 49.7k]
  ------------------
   73|  1.19k|         return std::make_unique<Supported_Versions>(reader, size, from);
   74|       |
   75|      0|#if defined(BOTAN_HAS_TLS_13)
   76|    701|      case Extension_Code::PresharedKey:
  ------------------
  |  Branch (76:7): [True: 701, False: 50.2k]
  ------------------
   77|    701|         return std::make_unique<PSK>(reader, size, message_type);
   78|       |
   79|  1.12k|      case Extension_Code::EarlyData:
  ------------------
  |  Branch (79:7): [True: 1.12k, False: 49.8k]
  ------------------
   80|  1.12k|         return std::make_unique<EarlyDataIndication>(reader, size, message_type);
   81|       |
   82|    622|      case Extension_Code::Cookie:
  ------------------
  |  Branch (82:7): [True: 622, False: 50.3k]
  ------------------
   83|    622|         return std::make_unique<Cookie>(reader, size);
   84|       |
   85|    575|      case Extension_Code::PskKeyExchangeModes:
  ------------------
  |  Branch (85:7): [True: 575, False: 50.3k]
  ------------------
   86|    575|         return std::make_unique<PSK_Key_Exchange_Modes>(reader, size);
   87|       |
   88|  1.71k|      case Extension_Code::CertificateAuthorities:
  ------------------
  |  Branch (88:7): [True: 1.71k, False: 49.2k]
  ------------------
   89|  1.71k|         return std::make_unique<Certificate_Authorities>(reader, size);
   90|       |
   91|  1.76k|      case Extension_Code::KeyShare:
  ------------------
  |  Branch (91:7): [True: 1.76k, False: 49.2k]
  ------------------
   92|  1.76k|         return std::make_unique<Key_Share>(reader, size, message_type);
   93|  50.9k|#endif
   94|  50.9k|   }
   95|       |
   96|  29.5k|   return std::make_unique<Unknown_Extension>(static_cast<Extension_Code>(code), reader, size);
   97|  50.9k|}
tls_extensions.cpp:_ZZNK5Botan3TLS10Extensions19contains_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEEbENK3$_0clIS4_EEDaT_:
  149|  22.3k|      const auto itr = std::find_if(diff.cbegin(), diff.cend(), [this](const auto ext_type) {
  150|  22.3k|         const auto ext = get(ext_type);
  151|  22.3k|         return ext && ext->is_implemented();
  ------------------
  |  Branch (151:17): [True: 22.3k, False: 0]
  |  Branch (151:24): [True: 231, False: 22.1k]
  ------------------
  152|  22.3k|      });
tls_extensions.cpp:_ZZNK5Botan3TLS10Extensions15extension_typesEvENK3$_2clINSt3__110unique_ptrINS0_9ExtensionENS4_14default_deleteIS6_EEEEEEDaRKT_:
  211|  30.1k|      m_extensions.cbegin(), m_extensions.cend(), std::inserter(offers, offers.begin()), [](const auto& ext) {
  212|  30.1k|         return ext->type();
  213|  30.1k|      });
tls_extensions.cpp:_ZZN5Botan3TLS23Supported_Point_FormatsC1ERNS0_15TLS_Data_ReaderEtENK3$_3clEh:
  447|    469|            std::any_of(std::begin(remaining_formats), std::end(remaining_formats), [](uint8_t remaining_format) {
  448|    469|               return static_cast<ECPointFormat>(remaining_format) == UNCOMPRESSED;
  449|    469|            });
tls_extensions.cpp:_ZN5Botan3TLS12_GLOBAL__N_126parse_signature_algorithmsERNS0_15TLS_Data_ReaderEt:
  488|  2.10k|std::vector<Signature_Scheme> parse_signature_algorithms(TLS_Data_Reader& reader, uint16_t extension_size) {
  489|  2.10k|   uint16_t len = reader.get_uint16_t();
  490|       |
  491|  2.10k|   if(len + 2 != extension_size || len % 2 == 1 || len == 0) {
  ------------------
  |  Branch (491:7): [True: 32, False: 2.07k]
  |  Branch (491:36): [True: 1, False: 2.07k]
  |  Branch (491:52): [True: 1, False: 2.07k]
  ------------------
  492|     30|      throw Decoding_Error("Bad encoding on signature algorithms extension");
  493|     30|   }
  494|       |
  495|  2.07k|   std::vector<Signature_Scheme> schemes;
  496|  2.07k|   schemes.reserve(len / 2);
  497|  4.65k|   while(len) {
  ------------------
  |  Branch (497:10): [True: 2.57k, False: 2.07k]
  ------------------
  498|  2.57k|      schemes.emplace_back(reader.get_uint16_t());
  499|  2.57k|      len -= 2;
  500|  2.57k|   }
  501|       |
  502|  2.07k|   return schemes;
  503|  2.10k|}

_ZN5Botan3TLS26Certificate_Status_RequestC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeENS0_15Connection_SideE:
   89|  1.82k|                                                       Connection_Side from) {
   90|       |   // This parser needs to take TLS 1.2 and TLS 1.3 into account. The
   91|       |   // extension's content and structure is dependent on the context it
   92|       |   // was sent in (i.e. the enclosing handshake message). Below is a list
   93|       |   // of handshake messages this can appear in.
   94|       |   //
   95|       |   // TLS 1.2
   96|       |   //  * Client Hello
   97|       |   //  * Server Hello
   98|       |   //
   99|       |   // TLS 1.3
  100|       |   //  * Client Hello
  101|       |   //  * Certificate Request
  102|       |   //  * Certificate (Entry)
  103|       |
  104|       |   // RFC 6066 8.
  105|       |   //    In order to indicate their desire to receive certificate status
  106|       |   //    information, clients MAY include an extension of type "status_request"
  107|       |   //    in the (extended) client hello.
  108|  1.82k|   if(message_type == Handshake_Type::ClientHello) {
  ------------------
  |  Branch (108:7): [True: 1.32k, False: 496]
  ------------------
  109|  1.32k|      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
  110|  1.32k|         RFC6066_Certificate_Status_Request(reader, extension_size));
  111|  1.32k|   }
  112|       |
  113|       |   // RFC 6066 8.
  114|       |   //    If a server returns a "CertificateStatus" message, then the server MUST
  115|       |   //    have included an extension of type "status_request" with empty
  116|       |   //    "extension_data" in the extended server hello.
  117|       |   //
  118|       |   // RFC 8446 4.4.2.1
  119|       |   //    A server MAY request that a client present an OCSP response with its
  120|       |   //    certificate by sending an empty "status_request" extension in its
  121|       |   //    CertificateRequest message.
  122|    496|   else if(message_type == Handshake_Type::ServerHello || message_type == Handshake_Type::CertificateRequest) {
  ------------------
  |  Branch (122:12): [True: 199, False: 297]
  |  Branch (122:59): [True: 295, False: 2]
  ------------------
  123|    494|      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
  124|    494|         RFC6066_Empty_Certificate_Status_Request(extension_size));
  125|    494|   }
  126|       |
  127|       |   // RFC 8446 4.4.2.1
  128|       |   //    In TLS 1.3, the server's OCSP information is carried in an extension
  129|       |   //    in the CertificateEntry [in a Certificate handshake message] [...].
  130|       |   //    Specifically, the body of the "status_request" extension from the
  131|       |   //    server MUST be a CertificateStatus structure as defined in [RFC6066]
  132|       |   //    [...].
  133|       |   //
  134|       |   // RFC 8446 4.4.2.1
  135|       |   //    If the client opts to send an OCSP response, the body of its
  136|       |   //    "status_request" extension MUST be a CertificateStatus structure as
  137|       |   //    defined in [RFC6066].
  138|      2|   else if(message_type == Handshake_Type::Certificate) {
  ------------------
  |  Branch (138:12): [True: 0, False: 2]
  ------------------
  139|      0|      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
  140|      0|         Certificate_Status(reader.get_fixed<uint8_t>(extension_size), from));
  141|      0|   }
  142|       |
  143|       |   // all other contexts are not allowed for this extension
  144|      2|   else {
  145|      2|      throw TLS_Exception(Alert::UnsupportedExtension,
  146|      2|                          "Server sent a Certificate_Status_Request extension in an unsupported context");
  147|      2|   }
  148|  1.82k|}
_ZN5Botan3TLS26Certificate_Status_RequestD2Ev:
  161|  1.80k|Certificate_Status_Request::~Certificate_Status_Request() = default;
tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS12_GLOBAL__N_134RFC6066_Certificate_Status_RequestC2ERNS0_15TLS_Data_ReaderEt:
   38|  1.32k|      RFC6066_Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size) {
   39|  1.32k|         if(extension_size == 0) {
  ------------------
  |  Branch (39:13): [True: 1, False: 1.32k]
  ------------------
   40|      1|            throw Decoding_Error("Received an unexpectedly empty Certificate_Status_Request");
   41|      1|         }
   42|       |
   43|  1.32k|         const uint8_t type = reader.get_byte();
   44|  1.32k|         if(type == 1 /* ocsp */) {
  ------------------
  |  Branch (44:13): [True: 648, False: 680]
  ------------------
   45|    648|            const size_t len_resp_id_list = reader.get_uint16_t();
   46|    648|            ocsp_names = reader.get_fixed<uint8_t>(len_resp_id_list);
   47|    648|            const size_t len_requ_ext = reader.get_uint16_t();
   48|    648|            extension_bytes = reader.get_fixed<uint8_t>(len_requ_ext);
   49|    680|         } else {
   50|       |            // RFC 6066 does not specify anything but 'ocsp' and we
   51|       |            // don't support anything else either.
   52|    680|            reader.discard_next(extension_size - 1);
   53|    680|         }
   54|  1.32k|      }
tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestC2Et:
   24|    494|      RFC6066_Empty_Certificate_Status_Request(uint16_t extension_size) {
   25|    494|         if(extension_size != 0) {
  ------------------
  |  Branch (25:13): [True: 9, False: 485]
  ------------------
   26|      9|            throw Decoding_Error("Received an unexpectedly non-empty Certificate_Status_Request");
   27|      9|         }
   28|    494|      }
tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS35Certificate_Status_Request_InternalC2ENSt3__17variantIJNS0_12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestENS4_34RFC6066_Certificate_Status_RequestENS0_18Certificate_StatusEEEE:
   81|  1.80k|      Certificate_Status_Request_Internal(Contents c) : content(std::move(c)) {}

_ZNK5Botan3TLS6Policy30maximum_certificate_chain_sizeEv:
  342|  1.40k|size_t Policy::maximum_certificate_chain_size() const { return 0; }

_ZN5Botan3TLS16Signature_Scheme21all_available_schemesEv:
   21|  1.80k|const std::vector<Signature_Scheme>& Signature_Scheme::all_available_schemes() {
   22|       |   /*
   23|       |   * This is ordered in some approximate order of preference
   24|       |   */
   25|  1.80k|   static const std::vector<Signature_Scheme> all_schemes = {
   26|       |
   27|       |      // EdDSA 25519 is currently not supported as a signature scheme for certificates
   28|       |      // certificate authentication.
   29|       |      // See: https://github.com/randombit/botan/pull/2958#discussion_r851294715
   30|       |      //
   31|       |      // #if defined(BOTAN_HAS_ED25519)
   32|       |      //       EDDSA_25519,
   33|       |      // #endif
   34|       |
   35|  1.80k|      RSA_PSS_SHA384,
   36|  1.80k|      RSA_PSS_SHA256,
   37|  1.80k|      RSA_PSS_SHA512,
   38|       |
   39|  1.80k|      RSA_PKCS1_SHA384,
   40|  1.80k|      RSA_PKCS1_SHA512,
   41|  1.80k|      RSA_PKCS1_SHA256,
   42|       |
   43|  1.80k|      ECDSA_SHA384,
   44|  1.80k|      ECDSA_SHA512,
   45|  1.80k|      ECDSA_SHA256,
   46|  1.80k|   };
   47|       |
   48|  1.80k|   return all_schemes;
   49|  1.80k|}
_ZN5Botan3TLS16Signature_SchemeC2Ev:
   51|  1.85k|Signature_Scheme::Signature_Scheme() : m_code(NONE) {}
_ZN5Botan3TLS16Signature_SchemeC2Et:
   53|  4.41k|Signature_Scheme::Signature_Scheme(uint16_t wire_code) : Signature_Scheme(Signature_Scheme::Code(wire_code)) {}
_ZN5Botan3TLS16Signature_SchemeC2ENS1_4CodeE:
   55|  4.42k|Signature_Scheme::Signature_Scheme(Signature_Scheme::Code wire_code) : m_code(wire_code) {}
_ZNK5Botan3TLS16Signature_Scheme12is_availableEv:
   57|  1.80k|bool Signature_Scheme::is_available() const noexcept {
   58|  1.80k|   return value_exists(Signature_Scheme::all_available_schemes(), *this);
   59|  1.80k|}
_ZNK5Botan3TLS16Signature_Scheme6is_setEv:
   61|  1.80k|bool Signature_Scheme::is_set() const noexcept { return m_code != NONE; }
_ZNK5Botan3TLS16Signature_Scheme18hash_function_nameEv:
  100|  1.78k|std::string Signature_Scheme::hash_function_name() const noexcept {
  101|  1.78k|   switch(m_code) {
  102|      0|      case RSA_PKCS1_SHA1:
  ------------------
  |  Branch (102:7): [True: 0, False: 1.78k]
  ------------------
  103|      0|      case ECDSA_SHA1:
  ------------------
  |  Branch (103:7): [True: 0, False: 1.78k]
  ------------------
  104|      0|         return "SHA-1";
  105|       |
  106|    421|      case ECDSA_SHA256:
  ------------------
  |  Branch (106:7): [True: 421, False: 1.36k]
  ------------------
  107|    422|      case RSA_PKCS1_SHA256:
  ------------------
  |  Branch (107:7): [True: 1, False: 1.78k]
  ------------------
  108|    821|      case RSA_PSS_SHA256:
  ------------------
  |  Branch (108:7): [True: 399, False: 1.38k]
  ------------------
  109|    821|         return "SHA-256";
  110|       |
  111|    331|      case ECDSA_SHA384:
  ------------------
  |  Branch (111:7): [True: 331, False: 1.45k]
  ------------------
  112|    332|      case RSA_PKCS1_SHA384:
  ------------------
  |  Branch (112:7): [True: 1, False: 1.78k]
  ------------------
  113|    543|      case RSA_PSS_SHA384:
  ------------------
  |  Branch (113:7): [True: 211, False: 1.57k]
  ------------------
  114|    543|         return "SHA-384";
  115|       |
  116|    204|      case ECDSA_SHA512:
  ------------------
  |  Branch (116:7): [True: 204, False: 1.57k]
  ------------------
  117|    205|      case RSA_PKCS1_SHA512:
  ------------------
  |  Branch (117:7): [True: 1, False: 1.78k]
  ------------------
  118|    417|      case RSA_PSS_SHA512:
  ------------------
  |  Branch (118:7): [True: 212, False: 1.56k]
  ------------------
  119|    417|         return "SHA-512";
  120|       |
  121|      0|      case EDDSA_25519:
  ------------------
  |  Branch (121:7): [True: 0, False: 1.78k]
  ------------------
  122|      0|      case EDDSA_448:
  ------------------
  |  Branch (122:7): [True: 0, False: 1.78k]
  ------------------
  123|      0|         return "Pure";
  124|       |
  125|      0|      default:
  ------------------
  |  Branch (125:7): [True: 0, False: 1.78k]
  ------------------
  126|      0|         return "Unknown hash function";
  127|  1.78k|   }
  128|  1.78k|}
_ZNK5Botan3TLS16Signature_Scheme18is_compatible_withERKNS0_16Protocol_VersionE:
  279|  1.78k|bool Signature_Scheme::is_compatible_with(const Protocol_Version& protocol_version) const noexcept {
  280|       |   // RFC 8446 4.4.3:
  281|       |   //   The SHA-1 algorithm MUST NOT be used in any signatures of
  282|       |   //   CertificateVerify messages.
  283|       |   //
  284|       |   // Note that Botan enforces that for TLS 1.2 as well.
  285|  1.78k|   if(hash_function_name() == "SHA-1") {
  ------------------
  |  Branch (285:7): [True: 0, False: 1.78k]
  ------------------
  286|      0|      return false;
  287|      0|   }
  288|       |
  289|       |   // RFC 8446 4.4.3:
  290|       |   //   RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
  291|       |   //   RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
  292|       |   //
  293|       |   // Note that this is enforced for TLS 1.3 and above only.
  294|  1.78k|   if(!protocol_version.is_pre_tls_13() && (m_code == RSA_PKCS1_SHA1 || m_code == RSA_PKCS1_SHA256 ||
  ------------------
  |  Branch (294:7): [True: 1.78k, False: 0]
  |  Branch (294:45): [True: 0, False: 1.78k]
  |  Branch (294:73): [True: 1, False: 1.78k]
  ------------------
  295|  1.78k|                                            m_code == RSA_PKCS1_SHA384 || m_code == RSA_PKCS1_SHA512)) {
  ------------------
  |  Branch (295:45): [True: 1, False: 1.77k]
  |  Branch (295:75): [True: 1, False: 1.77k]
  ------------------
  296|      3|      return false;
  297|      3|   }
  298|       |
  299|  1.77k|   return true;
  300|  1.78k|}

_ZNK5Botan3TLS16Protocol_Version9to_stringEv:
   16|     96|std::string Protocol_Version::to_string() const {
   17|     96|   const uint8_t maj = major_version();
   18|     96|   const uint8_t min = minor_version();
   19|       |
   20|     96|   if(maj == 3 && min == 0) {
  ------------------
  |  Branch (20:7): [True: 38, False: 58]
  |  Branch (20:19): [True: 1, False: 37]
  ------------------
   21|      1|      return "SSL v3";
   22|      1|   }
   23|       |
   24|     95|   if(maj == 3 && min >= 1) {  // TLS v1.x
  ------------------
  |  Branch (24:7): [True: 37, False: 58]
  |  Branch (24:19): [True: 37, False: 0]
  ------------------
   25|     37|      return "TLS v1." + std::to_string(min - 1);
   26|     37|   }
   27|       |
   28|     58|   if(maj == 254) {  // DTLS 1.x
  ------------------
  |  Branch (28:7): [True: 10, False: 48]
  ------------------
   29|     10|      return "DTLS v1." + std::to_string(255 - min);
   30|     10|   }
   31|       |
   32|       |   // Some very new or very old protocol (or bogus data)
   33|     48|   return "Unknown " + std::to_string(maj) + "." + std::to_string(min);
   34|     58|}
_ZNK5Botan3TLS16Protocol_Version20is_datagram_protocolEv:
   36|  74.0k|bool Protocol_Version::is_datagram_protocol() const { return major_version() > 250; }
_ZNK5Botan3TLS16Protocol_Version13is_pre_tls_13Ev:
   38|  18.9k|bool Protocol_Version::is_pre_tls_13() const {
   39|  18.9k|   return (!is_datagram_protocol() && *this <= Protocol_Version::TLS_V12) ||
  ------------------
  |  Branch (39:12): [True: 13.0k, False: 5.92k]
  |  Branch (39:39): [True: 10.2k, False: 2.80k]
  ------------------
   40|  18.9k|          (is_datagram_protocol() && *this <= Protocol_Version::DTLS_V12);
  ------------------
  |  Branch (40:12): [True: 5.92k, False: 2.80k]
  |  Branch (40:38): [True: 5.90k, False: 16]
  ------------------
   41|  18.9k|}
_ZNK5Botan3TLS16Protocol_Version18is_tls_13_or_laterEv:
   43|    700|bool Protocol_Version::is_tls_13_or_later() const {
   44|    700|   return (!is_datagram_protocol() && *this >= Protocol_Version::TLS_V13) ||
  ------------------
  |  Branch (44:12): [True: 693, False: 7]
  |  Branch (44:39): [True: 18, False: 675]
  ------------------
   45|    700|          (is_datagram_protocol() && *this >= Protocol_Version::DTLS_V13);
  ------------------
  |  Branch (45:12): [True: 7, False: 675]
  |  Branch (45:38): [True: 5, False: 2]
  ------------------
   46|    700|}
_ZNK5Botan3TLS16Protocol_VersiongtERKS1_:
   48|  9.97k|bool Protocol_Version::operator>(const Protocol_Version& other) const {
   49|  9.97k|   if(this->is_datagram_protocol() != other.is_datagram_protocol()) {
  ------------------
  |  Branch (49:7): [True: 0, False: 9.97k]
  ------------------
   50|      0|      throw TLS_Exception(Alert::ProtocolVersion, "Version comparing " + to_string() + " with " + other.to_string());
   51|      0|   }
   52|       |
   53|  9.97k|   if(this->is_datagram_protocol()) {
  ------------------
  |  Branch (53:7): [True: 2.61k, False: 7.36k]
  ------------------
   54|  2.61k|      return m_version < other.m_version;  // goes backwards
   55|  2.61k|   }
   56|       |
   57|  7.36k|   return m_version > other.m_version;
   58|  9.97k|}

_ZN5Botan22throw_invalid_argumentEPKcS1_S1_:
   21|     62|void throw_invalid_argument(const char* message, const char* func, const char* file) {
   22|     62|   throw Invalid_Argument(fmt("{} in {}:{}", message, func, file));
   23|     62|}
_ZN5Botan19throw_invalid_stateEPKcS1_S1_:
   25|     14|void throw_invalid_state(const char* expr, const char* func, const char* file) {
   26|     14|   throw Invalid_State(fmt("Invalid state: expr {} was false in {}:{}", expr, func, file));
   27|     14|}

_ZN5Botan12ucs2_to_utf8EPKhm:
   54|    526|std::string ucs2_to_utf8(const uint8_t ucs2[], size_t len) {
   55|    526|   if(len % 2 != 0) {
  ------------------
  |  Branch (55:7): [True: 4, False: 522]
  ------------------
   56|      4|      throw Decoding_Error("Invalid length for UCS-2 string");
   57|      4|   }
   58|       |
   59|    522|   const size_t chars = len / 2;
   60|       |
   61|    522|   std::string s;
   62|  2.80k|   for(size_t i = 0; i != chars; ++i) {
  ------------------
  |  Branch (62:22): [True: 2.27k, False: 522]
  ------------------
   63|  2.27k|      const uint32_t c = load_be<uint16_t>(ucs2, i);
   64|  2.27k|      append_utf8_for(s, c);
   65|  2.27k|   }
   66|       |
   67|    522|   return s;
   68|    526|}
_ZN5Botan12ucs4_to_utf8EPKhm:
   70|    235|std::string ucs4_to_utf8(const uint8_t ucs4[], size_t len) {
   71|    235|   if(len % 4 != 0) {
  ------------------
  |  Branch (71:7): [True: 3, False: 232]
  ------------------
   72|      3|      throw Decoding_Error("Invalid length for UCS-4 string");
   73|      3|   }
   74|       |
   75|    232|   const size_t chars = len / 4;
   76|       |
   77|    232|   std::string s;
   78|    583|   for(size_t i = 0; i != chars; ++i) {
  ------------------
  |  Branch (78:22): [True: 351, False: 232]
  ------------------
   79|    351|      const uint32_t c = load_be<uint32_t>(ucs4, i);
   80|    351|      append_utf8_for(s, c);
   81|    351|   }
   82|       |
   83|    232|   return s;
   84|    235|}
_ZN5Botan14latin1_to_utf8EPKhm:
   89|    383|std::string latin1_to_utf8(const uint8_t chars[], size_t len) {
   90|    383|   std::string s;
   91|  14.0k|   for(size_t i = 0; i != len; ++i) {
  ------------------
  |  Branch (91:22): [True: 13.7k, False: 383]
  ------------------
   92|  13.7k|      const uint32_t c = static_cast<uint8_t>(chars[i]);
   93|  13.7k|      append_utf8_for(s, c);
   94|  13.7k|   }
   95|    383|   return s;
   96|    383|}
_ZN5Botan23format_char_for_displayEc:
   98|     36|std::string format_char_for_display(char c) {
   99|     36|   std::ostringstream oss;
  100|       |
  101|     36|   oss << "'";
  102|       |
  103|     36|   if(c == '\t') {
  ------------------
  |  Branch (103:7): [True: 0, False: 36]
  ------------------
  104|      0|      oss << "\\t";
  105|     36|   } else if(c == '\n') {
  ------------------
  |  Branch (105:14): [True: 0, False: 36]
  ------------------
  106|      0|      oss << "\\n";
  107|     36|   } else if(c == '\r') {
  ------------------
  |  Branch (107:14): [True: 0, False: 36]
  ------------------
  108|      0|      oss << "\\r";
  109|     36|   } else if(static_cast<unsigned char>(c) >= 128) {
  ------------------
  |  Branch (109:14): [True: 20, False: 16]
  ------------------
  110|     20|      unsigned char z = static_cast<unsigned char>(c);
  111|     20|      oss << "\\x" << std::hex << std::uppercase << static_cast<int>(z);
  112|     20|   } else {
  113|     16|      oss << c;
  114|     16|   }
  115|       |
  116|     36|   oss << "'";
  117|       |
  118|     36|   return oss.str();
  119|     36|}
charset.cpp:_ZN5Botan12_GLOBAL__N_115append_utf8_forERNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEj:
   18|  16.3k|void append_utf8_for(std::string& s, uint32_t c) {
   19|  16.3k|   if(c >= 0xD800 && c < 0xE000) {
  ------------------
  |  Branch (19:7): [True: 636, False: 15.6k]
  |  Branch (19:22): [True: 17, False: 619]
  ------------------
   20|     17|      throw Decoding_Error("Invalid Unicode character");
   21|     17|   }
   22|       |
   23|  16.3k|   if(c <= 0x7F) {
  ------------------
  |  Branch (23:7): [True: 11.7k, False: 4.52k]
  ------------------
   24|  11.7k|      const uint8_t b0 = static_cast<uint8_t>(c);
   25|  11.7k|      s.push_back(static_cast<char>(b0));
   26|  11.7k|   } else if(c <= 0x7FF) {
  ------------------
  |  Branch (26:14): [True: 2.52k, False: 1.99k]
  ------------------
   27|  2.52k|      const uint8_t b0 = 0xC0 | static_cast<uint8_t>(c >> 6);
   28|  2.52k|      const uint8_t b1 = 0x80 | static_cast<uint8_t>(c & 0x3F);
   29|  2.52k|      s.push_back(static_cast<char>(b0));
   30|  2.52k|      s.push_back(static_cast<char>(b1));
   31|  2.52k|   } else if(c <= 0xFFFF) {
  ------------------
  |  Branch (31:14): [True: 1.78k, False: 216]
  ------------------
   32|  1.78k|      const uint8_t b0 = 0xE0 | static_cast<uint8_t>(c >> 12);
   33|  1.78k|      const uint8_t b1 = 0x80 | static_cast<uint8_t>((c >> 6) & 0x3F);
   34|  1.78k|      const uint8_t b2 = 0x80 | static_cast<uint8_t>(c & 0x3F);
   35|  1.78k|      s.push_back(static_cast<char>(b0));
   36|  1.78k|      s.push_back(static_cast<char>(b1));
   37|  1.78k|      s.push_back(static_cast<char>(b2));
   38|  1.78k|   } else if(c <= 0x10FFFF) {
  ------------------
  |  Branch (38:14): [True: 151, False: 65]
  ------------------
   39|    151|      const uint8_t b0 = 0xF0 | static_cast<uint8_t>(c >> 18);
   40|    151|      const uint8_t b1 = 0x80 | static_cast<uint8_t>((c >> 12) & 0x3F);
   41|    151|      const uint8_t b2 = 0x80 | static_cast<uint8_t>((c >> 6) & 0x3F);
   42|    151|      const uint8_t b3 = 0x80 | static_cast<uint8_t>(c & 0x3F);
   43|    151|      s.push_back(static_cast<char>(b0));
   44|    151|      s.push_back(static_cast<char>(b1));
   45|    151|      s.push_back(static_cast<char>(b2));
   46|    151|      s.push_back(static_cast<char>(b3));
   47|    151|   } else {
   48|     65|      throw Decoding_Error("Invalid Unicode character");
   49|     65|   }
   50|  16.3k|}

_ZN5Botan5CPUID10CPUID_DataC2Ev:
  120|      1|CPUID::CPUID_Data::CPUID_Data() {
  121|      1|   m_processor_features = 0;
  122|       |
  123|      1|#if defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY) || defined(BOTAN_TARGET_CPU_IS_ARM_FAMILY) || \
  124|      1|   defined(BOTAN_TARGET_CPU_IS_X86_FAMILY)
  125|       |
  126|      1|   m_processor_features = detect_cpu_features();
  127|       |
  128|      1|#endif
  129|       |
  130|      1|   m_processor_features |= CPUID::CPUID_INITIALIZED_BIT;
  131|       |
  132|      1|   if(runtime_check_if_big_endian()) {
  ------------------
  |  Branch (132:7): [True: 0, False: 1]
  ------------------
  133|      0|      m_processor_features |= CPUID::CPUID_IS_BIG_ENDIAN_BIT;
  134|      0|   }
  135|       |
  136|      1|   std::string clear_cpuid_env;
  137|      1|   if(OS::read_env_variable(clear_cpuid_env, "BOTAN_CLEAR_CPUID")) {
  ------------------
  |  Branch (137:7): [True: 0, False: 1]
  ------------------
  138|      0|      for(const auto& cpuid : split_on(clear_cpuid_env, ',')) {
  ------------------
  |  Branch (138:29): [True: 0, False: 0]
  ------------------
  139|      0|         for(auto& bit : CPUID::bit_from_string(cpuid)) {
  ------------------
  |  Branch (139:24): [True: 0, False: 0]
  ------------------
  140|      0|            const uint32_t cleared = ~static_cast<uint32_t>(bit);
  141|      0|            m_processor_features &= cleared;
  142|      0|         }
  143|      0|      }
  144|      0|   }
  145|      1|}
cpuid.cpp:_ZN5Botan12_GLOBAL__N_127runtime_check_if_big_endianEv:
   93|      1|bool runtime_check_if_big_endian() {
   94|       |   // Check runtime endian
   95|      1|   const uint32_t endian32 = 0x01234567;
   96|      1|   const uint8_t* e8 = reinterpret_cast<const uint8_t*>(&endian32);
   97|       |
   98|      1|   bool is_big_endian = false;
   99|       |
  100|      1|   if(e8[0] == 0x01 && e8[1] == 0x23 && e8[2] == 0x45 && e8[3] == 0x67) {
  ------------------
  |  Branch (100:7): [True: 0, False: 1]
  |  Branch (100:24): [True: 0, False: 0]
  |  Branch (100:41): [True: 0, False: 0]
  |  Branch (100:58): [True: 0, False: 0]
  ------------------
  101|      0|      is_big_endian = true;
  102|      1|   } else if(e8[0] == 0x67 && e8[1] == 0x45 && e8[2] == 0x23 && e8[3] == 0x01) {
  ------------------
  |  Branch (102:14): [True: 1, False: 0]
  |  Branch (102:31): [True: 1, False: 0]
  |  Branch (102:48): [True: 1, False: 0]
  |  Branch (102:65): [True: 1, False: 0]
  ------------------
  103|      1|      is_big_endian = false;
  104|      1|   } else {
  105|      0|      throw Internal_Error("Unexpected endian at runtime, neither big nor little");
  106|      0|   }
  107|       |
  108|       |   // If we were compiled with a known endian, verify it matches at runtime
  109|      1|#if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)
  110|      1|   BOTAN_ASSERT(!is_big_endian, "Build and runtime endian match");
  ------------------
  |  |   51|      1|   do {                                                                                 \
  |  |   52|      1|      if(!(expr))                                                                       \
  |  |  ------------------
  |  |  |  Branch (52:10): [True: 0, False: 1]
  |  |  ------------------
  |  |   53|      1|         Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \
  |  |   54|      1|   } while(0)
  |  |  ------------------
  |  |  |  Branch (54:12): [Folded - Ignored]
  |  |  ------------------
  ------------------
  111|       |#elif defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)
  112|       |   BOTAN_ASSERT(is_big_endian, "Build and runtime endian match");
  113|       |#endif
  114|       |
  115|      1|   return is_big_endian;
  116|      1|}

_ZN5Botan5CPUID10CPUID_Data19detect_cpu_featuresEv:
   69|      1|uint32_t CPUID::CPUID_Data::detect_cpu_features() {
   70|      1|   uint32_t features_detected = 0;
   71|      1|   uint32_t cpuid[4] = {0};
   72|      1|   bool has_os_ymm_support = false;
   73|      1|   bool has_os_zmm_support = false;
   74|       |
   75|       |   // CPUID 0: vendor identification, max sublevel
   76|      1|   invoke_cpuid(0, cpuid);
   77|       |
   78|      1|   const uint32_t max_supported_sublevel = cpuid[0];
   79|       |
   80|      1|   if(max_supported_sublevel >= 1) {
  ------------------
  |  Branch (80:7): [True: 1, False: 0]
  ------------------
   81|       |      // CPUID 1: feature bits
   82|      1|      invoke_cpuid(1, cpuid);
   83|      1|      const uint64_t flags0 = (static_cast<uint64_t>(cpuid[2]) << 32) | cpuid[3];
   84|       |
   85|      1|      enum x86_CPUID_1_bits : uint64_t {
   86|      1|         RDTSC = (1ULL << 4),
   87|      1|         SSE2 = (1ULL << 26),
   88|      1|         CLMUL = (1ULL << 33),
   89|      1|         SSSE3 = (1ULL << 41),
   90|      1|         AESNI = (1ULL << 57),
   91|      1|         OSXSAVE = (1ULL << 59),
   92|      1|         AVX = (1ULL << 60),
   93|      1|         RDRAND = (1ULL << 62)
   94|      1|      };
   95|       |
   96|      1|      if(flags0 & x86_CPUID_1_bits::RDTSC) {
  ------------------
  |  Branch (96:10): [True: 1, False: 0]
  ------------------
   97|      1|         features_detected |= CPUID::CPUID_RDTSC_BIT;
   98|      1|      }
   99|      1|      if(flags0 & x86_CPUID_1_bits::SSE2) {
  ------------------
  |  Branch (99:10): [True: 1, False: 0]
  ------------------
  100|      1|         features_detected |= CPUID::CPUID_SSE2_BIT;
  101|      1|      }
  102|      1|      if(flags0 & x86_CPUID_1_bits::CLMUL) {
  ------------------
  |  Branch (102:10): [True: 1, False: 0]
  ------------------
  103|      1|         features_detected |= CPUID::CPUID_CLMUL_BIT;
  104|      1|      }
  105|      1|      if(flags0 & x86_CPUID_1_bits::SSSE3) {
  ------------------
  |  Branch (105:10): [True: 1, False: 0]
  ------------------
  106|      1|         features_detected |= CPUID::CPUID_SSSE3_BIT;
  107|      1|      }
  108|      1|      if(flags0 & x86_CPUID_1_bits::AESNI) {
  ------------------
  |  Branch (108:10): [True: 1, False: 0]
  ------------------
  109|      1|         features_detected |= CPUID::CPUID_AESNI_BIT;
  110|      1|      }
  111|      1|      if(flags0 & x86_CPUID_1_bits::RDRAND) {
  ------------------
  |  Branch (111:10): [True: 1, False: 0]
  ------------------
  112|      1|         features_detected |= CPUID::CPUID_RDRAND_BIT;
  113|      1|      }
  114|       |
  115|      1|      if((flags0 & x86_CPUID_1_bits::AVX) && (flags0 & x86_CPUID_1_bits::OSXSAVE)) {
  ------------------
  |  Branch (115:10): [True: 1, False: 0]
  |  Branch (115:46): [True: 1, False: 0]
  ------------------
  116|      1|         const uint64_t xcr_flags = xgetbv();
  117|      1|         if((xcr_flags & 0x6) == 0x6) {
  ------------------
  |  Branch (117:13): [True: 1, False: 0]
  ------------------
  118|      1|            has_os_ymm_support = true;
  119|      1|            has_os_zmm_support = (xcr_flags & 0xE0) == 0xE0;
  120|      1|         }
  121|      1|      }
  122|      1|   }
  123|       |
  124|      1|   if(max_supported_sublevel >= 7) {
  ------------------
  |  Branch (124:7): [True: 1, False: 0]
  ------------------
  125|      1|      clear_mem(cpuid, 4);
  126|      1|      invoke_cpuid_sublevel(7, 0, cpuid);
  127|       |
  128|      1|      enum x86_CPUID_7_bits : uint64_t {
  129|      1|         BMI1 = (1ULL << 3),
  130|      1|         AVX2 = (1ULL << 5),
  131|      1|         BMI2 = (1ULL << 8),
  132|      1|         AVX512_F = (1ULL << 16),
  133|      1|         AVX512_DQ = (1ULL << 17),
  134|      1|         RDSEED = (1ULL << 18),
  135|      1|         ADX = (1ULL << 19),
  136|      1|         AVX512_IFMA = (1ULL << 21),
  137|      1|         SHA = (1ULL << 29),
  138|      1|         AVX512_BW = (1ULL << 30),
  139|      1|         AVX512_VL = (1ULL << 31),
  140|      1|         AVX512_VBMI = (1ULL << 33),
  141|      1|         AVX512_VBMI2 = (1ULL << 38),
  142|      1|         AVX512_VAES = (1ULL << 41),
  143|      1|         AVX512_VCLMUL = (1ULL << 42),
  144|      1|         AVX512_VBITALG = (1ULL << 44),
  145|      1|      };
  146|       |
  147|      1|      const uint64_t flags7 = (static_cast<uint64_t>(cpuid[2]) << 32) | cpuid[1];
  148|       |
  149|      1|      if((flags7 & x86_CPUID_7_bits::AVX2) && has_os_ymm_support) {
  ------------------
  |  Branch (149:10): [True: 1, False: 0]
  |  Branch (149:47): [True: 1, False: 0]
  ------------------
  150|      1|         features_detected |= CPUID::CPUID_AVX2_BIT;
  151|      1|      }
  152|      1|      if(flags7 & x86_CPUID_7_bits::RDSEED) {
  ------------------
  |  Branch (152:10): [True: 1, False: 0]
  ------------------
  153|      1|         features_detected |= CPUID::CPUID_RDSEED_BIT;
  154|      1|      }
  155|      1|      if(flags7 & x86_CPUID_7_bits::ADX) {
  ------------------
  |  Branch (155:10): [True: 1, False: 0]
  ------------------
  156|      1|         features_detected |= CPUID::CPUID_ADX_BIT;
  157|      1|      }
  158|      1|      if(flags7 & x86_CPUID_7_bits::SHA) {
  ------------------
  |  Branch (158:10): [True: 0, False: 1]
  ------------------
  159|      0|         features_detected |= CPUID::CPUID_SHA_BIT;
  160|      0|      }
  161|       |
  162|       |      /*
  163|       |      We only set the BMI bit if both BMI1 and BMI2 are supported, since
  164|       |      typically we want to use both extensions in the same code.
  165|       |      */
  166|      1|      if((flags7 & x86_CPUID_7_bits::BMI1) && (flags7 & x86_CPUID_7_bits::BMI2)) {
  ------------------
  |  Branch (166:10): [True: 1, False: 0]
  |  Branch (166:47): [True: 1, False: 0]
  ------------------
  167|      1|         features_detected |= CPUID::CPUID_BMI_BIT;
  168|      1|      }
  169|       |
  170|      1|      if((flags7 & x86_CPUID_7_bits::AVX512_F) && has_os_zmm_support) {
  ------------------
  |  Branch (170:10): [True: 0, False: 1]
  |  Branch (170:51): [True: 0, False: 0]
  ------------------
  171|      0|         const uint64_t AVX512_PROFILE_FLAGS = x86_CPUID_7_bits::AVX512_F | x86_CPUID_7_bits::AVX512_DQ |
  172|      0|                                               x86_CPUID_7_bits::AVX512_IFMA | x86_CPUID_7_bits::AVX512_BW |
  173|      0|                                               x86_CPUID_7_bits::AVX512_VL | x86_CPUID_7_bits::AVX512_VBMI |
  174|      0|                                               x86_CPUID_7_bits::AVX512_VBMI2 | x86_CPUID_7_bits::AVX512_VBITALG;
  175|       |
  176|       |         /*
  177|       |         We only enable AVX512 support if all of the above flags are available
  178|       |
  179|       |         This is more than we strictly need for most uses, however it also has
  180|       |         the effect of preventing execution of AVX512 codepaths on cores that
  181|       |         have serious downclocking problems when AVX512 code executes,
  182|       |         especially Intel Skylake.
  183|       |
  184|       |         VBMI2/VBITALG are the key flags here as they restrict us to Intel Ice
  185|       |         Lake/Rocket Lake, or AMD Zen4, all of which do not have penalties for
  186|       |         executing AVX512.
  187|       |
  188|       |         There is nothing stopping some future processor from supporting the
  189|       |         above flags and having AVX512 penalties, but maybe you should not have
  190|       |         bought such a processor.
  191|       |         */
  192|      0|         if((flags7 & AVX512_PROFILE_FLAGS) == AVX512_PROFILE_FLAGS) {
  ------------------
  |  Branch (192:13): [True: 0, False: 0]
  ------------------
  193|      0|            features_detected |= CPUID::CPUID_AVX512_BIT;
  194|       |
  195|      0|            if(flags7 & x86_CPUID_7_bits::AVX512_VAES) {
  ------------------
  |  Branch (195:16): [True: 0, False: 0]
  ------------------
  196|      0|               features_detected |= CPUID::CPUID_AVX512_AES_BIT;
  197|      0|            }
  198|      0|            if(flags7 & x86_CPUID_7_bits::AVX512_VCLMUL) {
  ------------------
  |  Branch (198:16): [True: 0, False: 0]
  ------------------
  199|      0|               features_detected |= CPUID::CPUID_AVX512_CLMUL_BIT;
  200|      0|            }
  201|      0|         }
  202|      0|      }
  203|      1|   }
  204|       |
  205|       |   /*
  206|       |   * If we don't have access to CPUID, we can still safely assume that
  207|       |   * any x86-64 processor has SSE2 and RDTSC
  208|       |   */
  209|      1|   #if defined(BOTAN_TARGET_ARCH_IS_X86_64)
  210|      1|   if(features_detected == 0) {
  ------------------
  |  Branch (210:7): [True: 0, False: 1]
  ------------------
  211|      0|      features_detected |= CPUID::CPUID_SSE2_BIT;
  212|      0|      features_detected |= CPUID::CPUID_RDTSC_BIT;
  213|      0|   }
  214|      1|   #endif
  215|       |
  216|      1|   return features_detected;
  217|      1|}
cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_112invoke_cpuidEjPj:
   33|      2|void invoke_cpuid(uint32_t type, uint32_t out[4]) {
   34|       |   #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) || defined(BOTAN_BUILD_COMPILER_IS_INTEL)
   35|       |   __cpuid((int*)out, type);
   36|       |
   37|       |   #elif defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG)
   38|      2|   __get_cpuid(type, out, out + 1, out + 2, out + 3);
   39|       |
   40|       |   #elif defined(BOTAN_USE_GCC_INLINE_ASM)
   41|       |   asm("cpuid\n\t" : "=a"(out[0]), "=b"(out[1]), "=c"(out[2]), "=d"(out[3]) : "0"(type));
   42|       |
   43|       |   #else
   44|       |      #warning "No way of calling x86 cpuid instruction for this compiler"
   45|       |   clear_mem(out, 4);
   46|       |   #endif
   47|      2|}
cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_16xgetbvEv:
   49|      1|BOTAN_FUNC_ISA("xsave") uint64_t xgetbv() { return _xgetbv(0); }
cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_121invoke_cpuid_sublevelEjjPj:
   51|      1|void invoke_cpuid_sublevel(uint32_t type, uint32_t level, uint32_t out[4]) {
   52|       |   #if defined(BOTAN_BUILD_COMPILER_IS_MSVC)
   53|       |   __cpuidex((int*)out, type, level);
   54|       |
   55|       |   #elif defined(BOTAN_BUILD_COMPILER_IS_GCC) || defined(BOTAN_BUILD_COMPILER_IS_CLANG)
   56|      1|   __cpuid_count(type, level, out[0], out[1], out[2], out[3]);
   57|       |
   58|       |   #elif defined(BOTAN_USE_GCC_INLINE_ASM)
   59|       |   asm("cpuid\n\t" : "=a"(out[0]), "=b"(out[1]), "=c"(out[2]), "=d"(out[3]) : "0"(type), "2"(level));
   60|       |
   61|       |   #else
   62|       |      #warning "No way of calling x86 cpuid instruction for this compiler"
   63|       |   clear_mem(out, 4);
   64|       |   #endif
   65|      1|}

_ZN5Botan10DataSource9read_byteERh:
   25|   363k|size_t DataSource::read_byte(uint8_t& out) { return read(&out, 1); }
_ZNK5Botan10DataSource9peek_byteERh:
   30|  1.38k|size_t DataSource::peek_byte(uint8_t& out) const { return peek(&out, 1, 0); }
_ZN5Botan10DataSource12discard_nextEm:
   35|  23.0k|size_t DataSource::discard_next(size_t n) {
   36|  23.0k|   uint8_t buf[64] = {0};
   37|  23.0k|   size_t discarded = 0;
   38|       |
   39|  58.7k|   while(n) {
  ------------------
  |  Branch (39:10): [True: 35.8k, False: 22.9k]
  ------------------
   40|  35.8k|      const size_t got = this->read(buf, std::min(n, sizeof(buf)));
   41|  35.8k|      discarded += got;
   42|  35.8k|      n -= got;
   43|       |
   44|  35.8k|      if(got == 0) {
  ------------------
  |  Branch (44:10): [True: 94, False: 35.7k]
  ------------------
   45|     94|         break;
   46|     94|      }
   47|  35.8k|   }
   48|       |
   49|  23.0k|   return discarded;
   50|  23.0k|}
_ZN5Botan17DataSource_Memory4readEPhm:
   55|   235k|size_t DataSource_Memory::read(uint8_t out[], size_t length) {
   56|   235k|   const size_t got = std::min<size_t>(m_source.size() - m_offset, length);
   57|   235k|   copy_mem(out, m_source.data() + m_offset, got);
   58|   235k|   m_offset += got;
   59|   235k|   return got;
   60|   235k|}
_ZN5Botan17DataSource_Memory15check_availableEm:
   62|  12.1k|bool DataSource_Memory::check_available(size_t n) { return (n <= (m_source.size() - m_offset)); }
_ZNK5Botan17DataSource_Memory4peekEPhmm:
   67|  27.2k|size_t DataSource_Memory::peek(uint8_t out[], size_t length, size_t peek_offset) const {
   68|  27.2k|   const size_t bytes_left = m_source.size() - m_offset;
   69|  27.2k|   if(peek_offset >= bytes_left) {
  ------------------
  |  Branch (69:7): [True: 14.3k, False: 12.8k]
  ------------------
   70|  14.3k|      return 0;
   71|  14.3k|   }
   72|       |
   73|  12.8k|   const size_t got = std::min(bytes_left - peek_offset, length);
   74|  12.8k|   copy_mem(out, &m_source[m_offset + peek_offset], got);
   75|  12.8k|   return got;
   76|  27.2k|}
_ZNK5Botan17DataSource_Memory11end_of_dataEv:
   81|  8.63k|bool DataSource_Memory::end_of_data() const { return (m_offset == m_source.size()); }

_ZN5Botan9ExceptionC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
   71|  5.40k|Exception::Exception(std::string_view msg) : m_msg(msg) {}
_ZN5Botan9ExceptionC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKSt9exception:
   73|  1.22k|Exception::Exception(std::string_view msg, const std::exception& e) : m_msg(fmt("{} failed with {}", msg, e.what())) {}
_ZN5Botan9ExceptionC2EPKcNSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE:
   75|      1|Exception::Exception(const char* prefix, std::string_view msg) : m_msg(fmt("{} {}", prefix, msg)) {}
_ZN5Botan16Invalid_ArgumentC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
   77|    165|Invalid_Argument::Invalid_Argument(std::string_view msg) : Exception(msg) {}
_ZN5Botan14Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
  125|  2.76k|Decoding_Error::Decoding_Error(std::string_view name) : Exception(name) {}
_ZN5Botan14Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKSt9exception:
  130|  1.22k|Decoding_Error::Decoding_Error(std::string_view msg, const std::exception& e) : Exception(msg, e) {}
_ZN5Botan15Stream_IO_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE:
  135|      1|Stream_IO_Error::Stream_IO_Error(std::string_view err) : Exception("I/O error:", err) {}

_ZN5Botan15allocate_memoryEmm:
   20|   143k|BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size) {
   21|   143k|   if(elems == 0 || elem_size == 0) {
  ------------------
  |  Branch (21:7): [True: 0, False: 143k]
  |  Branch (21:21): [True: 0, False: 143k]
  ------------------
   22|      0|      return nullptr;
   23|      0|   }
   24|       |
   25|       |   // Some calloc implementations do not check for overflow (?!?)
   26|       |
   27|   143k|   if(!BOTAN_CHECKED_MUL(elems, elem_size).has_value()) {
  ------------------
  |  |   73|   143k|#define BOTAN_CHECKED_MUL(x, y) checked_mul(x, y)
  ------------------
  |  Branch (27:7): [True: 0, False: 143k]
  ------------------
   28|      0|      throw std::bad_alloc();
   29|      0|   }
   30|       |
   31|       |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
   32|       |   if(void* p = mlock_allocator::instance().allocate(elems, elem_size)) {
   33|       |      return p;
   34|       |   }
   35|       |#endif
   36|       |
   37|       |#if defined(BOTAN_TARGET_OS_HAS_ALLOC_CONCEAL)
   38|       |   void* ptr = ::calloc_conceal(elems, elem_size);
   39|       |#else
   40|   143k|   void* ptr = std::calloc(elems, elem_size);  // NOLINT(*-no-malloc)
   41|   143k|#endif
   42|   143k|   if(!ptr) {
  ------------------
  |  Branch (42:7): [True: 0, False: 143k]
  ------------------
   43|      0|      [[unlikely]] throw std::bad_alloc();
   44|      0|   }
   45|   143k|   return ptr;
   46|   143k|}
_ZN5Botan17deallocate_memoryEPvmm:
   48|   143k|void deallocate_memory(void* p, size_t elems, size_t elem_size) {
   49|   143k|   if(p == nullptr) {
  ------------------
  |  Branch (49:7): [True: 0, False: 143k]
  ------------------
   50|      0|      [[unlikely]] return;
   51|      0|   }
   52|       |
   53|   143k|   secure_scrub_memory(p, elems * elem_size);
   54|       |
   55|       |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
   56|       |   if(mlock_allocator::instance().deallocate(p, elems, elem_size)) {
   57|       |      return;
   58|       |   }
   59|       |#endif
   60|       |
   61|   143k|   std::free(p);  // NOLINT(*-no-malloc)
   62|   143k|}
_ZN5Botan13ct_compare_u8EPKhS1_m:
   70|  4.97k|uint8_t ct_compare_u8(const uint8_t x[], const uint8_t y[], size_t len) {
   71|  4.97k|   volatile uint8_t difference = 0;
   72|       |
   73|   164k|   for(size_t i = 0; i != len; ++i) {
  ------------------
  |  Branch (73:22): [True: 159k, False: 4.97k]
  ------------------
   74|   159k|      difference = difference | (x[i] ^ y[i]);
   75|   159k|   }
   76|       |
   77|  4.97k|   return CT::Mask<uint8_t>::is_zero(difference).value();
   78|  4.97k|}

_ZN5Botan19secure_scrub_memoryEPvm:
   78|   143k|void secure_scrub_memory(void* ptr, size_t n) {
   79|       |#if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY)
   80|       |   ::RtlSecureZeroMemory(ptr, n);
   81|       |
   82|       |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO)
   83|   143k|   ::explicit_bzero(ptr, n);
   84|       |
   85|       |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET)
   86|       |   (void)::explicit_memset(ptr, 0, n);
   87|       |
   88|       |#elif defined(BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO) && (BOTAN_USE_VOLATILE_MEMSET_FOR_ZERO == 1)
   89|       |   /*
   90|       |   Call memset through a static volatile pointer, which the compiler
   91|       |   should not elide. This construct should be safe in conforming
   92|       |   compilers, but who knows. I did confirm that on x86-64 GCC 6.1 and
   93|       |   Clang 3.8 both create code that saves the memset address in the
   94|       |   data segment and unconditionally loads and jumps to that address.
   95|       |   */
   96|       |   static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset;
   97|       |   (memset_ptr)(ptr, 0, n);
   98|       |#else
   99|       |
  100|       |   volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(ptr);
  101|       |
  102|       |   for(size_t i = 0; i != n; ++i)
  103|       |      p[i] = 0;
  104|       |#endif
  105|   143k|}
_ZN5Botan2OS10get_auxvalEm:
  119|      1|unsigned long OS::get_auxval(unsigned long id) {
  120|      1|#if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL)
  121|      1|   return ::getauxval(id);
  122|       |#elif defined(BOTAN_TARGET_OS_IS_ANDROID) && defined(BOTAN_TARGET_ARCH_IS_ARM32)
  123|       |
  124|       |   if(id == 0)
  125|       |      return 0;
  126|       |
  127|       |   char** p = environ;
  128|       |
  129|       |   while(*p++ != nullptr)
  130|       |      ;
  131|       |
  132|       |   Elf32_auxv_t* e = reinterpret_cast<Elf32_auxv_t*>(p);
  133|       |
  134|       |   while(e != nullptr) {
  135|       |      if(e->a_type == id)
  136|       |         return e->a_un.a_val;
  137|       |      e++;
  138|       |   }
  139|       |
  140|       |   return 0;
  141|       |#elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO)
  142|       |   unsigned long auxinfo = 0;
  143|       |   ::elf_aux_info(static_cast<int>(id), &auxinfo, sizeof(auxinfo));
  144|       |   return auxinfo;
  145|       |#elif defined(BOTAN_TARGET_OS_HAS_AUXINFO)
  146|       |   for(const AuxInfo* auxinfo = static_cast<AuxInfo*>(::_dlauxinfo()); auxinfo != AT_NULL; ++auxinfo) {
  147|       |      if(id == auxinfo->a_type)
  148|       |         return auxinfo->a_v;
  149|       |   }
  150|       |
  151|       |   return 0;
  152|       |#else
  153|       |   BOTAN_UNUSED(id);
  154|       |   return 0;
  155|       |#endif
  156|      1|}
_ZN5Botan2OS27running_in_privileged_stateEv:
  158|      1|bool OS::running_in_privileged_state() {
  159|      1|#if defined(AT_SECURE)
  160|      1|   return OS::get_auxval(AT_SECURE) != 0;
  161|       |#elif defined(BOTAN_TARGET_OS_HAS_POSIX1)
  162|       |   return (::getuid() != ::geteuid()) || (::getgid() != ::getegid());
  163|       |#else
  164|       |   return false;
  165|       |#endif
  166|      1|}
_ZN5Botan2OS17read_env_variableERNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EE:
  400|      1|bool OS::read_env_variable(std::string& value_out, std::string_view name_view) {
  401|      1|   value_out = "";
  402|       |
  403|      1|   if(running_in_privileged_state()) {
  ------------------
  |  Branch (403:7): [True: 0, False: 1]
  ------------------
  404|      0|      return false;
  405|      0|   }
  406|       |
  407|       |#if defined(BOTAN_TARGET_OS_HAS_WIN32) && defined(BOTAN_BUILD_COMPILER_IS_MSVC)
  408|       |   const std::string name(name_view);
  409|       |   char val[128] = {0};
  410|       |   size_t req_size = 0;
  411|       |   if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) {
  412|       |      value_out = std::string(val, req_size);
  413|       |      return true;
  414|       |   }
  415|       |#else
  416|      1|   const std::string name(name_view);
  417|      1|   if(const char* val = std::getenv(name.c_str())) {
  ------------------
  |  Branch (417:19): [True: 0, False: 1]
  ------------------
  418|      0|      value_out = val;
  419|      0|      return true;
  420|      0|   }
  421|      1|#endif
  422|       |
  423|      1|   return false;
  424|      1|}

_ZN5Botan9to_u32bitENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE:
   32|    351|uint32_t to_u32bit(std::string_view str_view) {
   33|    351|   const std::string str(str_view);
   34|       |
   35|       |   // std::stoul is not strict enough. Ensure that str is digit only [0-9]*
   36|    751|   for(const char chr : str) {
  ------------------
  |  Branch (36:23): [True: 751, False: 336]
  ------------------
   37|    751|      if(chr < '0' || chr > '9') {
  ------------------
  |  Branch (37:10): [True: 10, False: 741]
  |  Branch (37:23): [True: 5, False: 736]
  ------------------
   38|     15|         throw Invalid_Argument("to_u32bit invalid decimal string '" + str + "'");
   39|     15|      }
   40|    751|   }
   41|       |
   42|    336|   const unsigned long int x = std::stoul(str);
   43|       |
   44|    336|   if constexpr(sizeof(unsigned long int) > 4) {
  ------------------
  |  Branch (44:17): [Folded - Ignored]
  ------------------
   45|       |      // x might be uint64
   46|    336|      if(x > std::numeric_limits<uint32_t>::max()) {
  ------------------
  |  Branch (46:10): [True: 0, False: 336]
  ------------------
   47|      0|         throw Invalid_Argument("Integer value of " + str + " exceeds 32 bit range");
   48|      0|      }
   49|    336|   }
   50|       |
   51|    336|   return static_cast<uint32_t>(x);
   52|    336|}

_ZN5Botan15AlternativeNameC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_S5_S5_:
   27|    888|                                 std::string_view ip) {
   28|    888|   add_attribute("RFC822", email_addr);
   29|    888|   add_attribute("DNS", dns);
   30|    888|   add_attribute("URI", uri);
   31|    888|   add_attribute("IP", ip);
   32|    888|}
_ZN5Botan15AlternativeName13add_attributeENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_:
   37|  3.55k|void AlternativeName::add_attribute(std::string_view type, std::string_view value) {
   38|  3.55k|   if(type.empty() || value.empty()) {
  ------------------
  |  Branch (38:7): [True: 0, False: 3.55k]
  |  Branch (38:23): [True: 3.55k, False: 0]
  ------------------
   39|  3.55k|      return;
   40|  3.55k|   }
   41|       |
   42|      0|   auto range = m_alt_info.equal_range(type);
   43|      0|   for(auto j = range.first; j != range.second; ++j) {
  ------------------
  |  Branch (43:30): [True: 0, False: 0]
  ------------------
   44|      0|      if(j->second == value) {
  ------------------
  |  Branch (44:10): [True: 0, False: 0]
  ------------------
   45|      0|         return;
   46|      0|      }
   47|      0|   }
   48|       |
   49|      0|   m_alt_info.emplace(type, value);
   50|      0|}

_ZN5Botan7X509_DN13add_attributeERKNS_3OIDERKNS_11ASN1_StringE:
   96|  2.42k|void X509_DN::add_attribute(const OID& oid, const ASN1_String& str) {
   97|  2.42k|   if(str.empty()) {
  ------------------
  |  Branch (97:7): [True: 1.53k, False: 886]
  ------------------
   98|  1.53k|      return;
   99|  1.53k|   }
  100|       |
  101|    886|   m_rdn.push_back(std::make_pair(oid, str));
  102|    886|   m_dn_bits.clear();
  103|    886|}
_ZN5Botan7X509_DN11decode_fromERNS_11BER_DecoderE:
  341|  6.06k|void X509_DN::decode_from(BER_Decoder& source) {
  342|  6.06k|   std::vector<uint8_t> bits;
  343|       |
  344|  6.06k|   source.start_sequence().raw_bytes(bits).end_cons();
  345|       |
  346|  6.06k|   BER_Decoder sequence(bits);
  347|       |
  348|  6.06k|   m_rdn.clear();
  349|       |
  350|  9.02k|   while(sequence.more_items()) {
  ------------------
  |  Branch (350:10): [True: 2.95k, False: 6.06k]
  ------------------
  351|  2.95k|      BER_Decoder rdn = sequence.start_set();
  352|       |
  353|  5.67k|      while(rdn.more_items()) {
  ------------------
  |  Branch (353:13): [True: 2.72k, False: 2.95k]
  ------------------
  354|  2.72k|         OID oid;
  355|  2.72k|         ASN1_String str;
  356|       |
  357|  2.72k|         rdn.start_sequence()
  358|  2.72k|            .decode(oid)
  359|  2.72k|            .decode(str)  // TODO support Any
  360|  2.72k|            .end_cons();
  361|       |
  362|  2.72k|         add_attribute(oid, str);
  363|  2.72k|      }
  364|  2.95k|   }
  365|       |
  366|       |   // Have to assign last as add_attribute zaps m_dn_bits
  367|  6.06k|   m_dn_bits = bits;
  368|  6.06k|}

_ZN5Botan11X509_Object9load_dataERNS_10DataSourceE:
   24|  1.38k|void X509_Object::load_data(DataSource& in) {
   25|  1.38k|   try {
   26|  1.38k|      if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) {
  ------------------
  |  Branch (26:10): [True: 1.18k, False: 197]
  |  Branch (26:33): [True: 1.14k, False: 47]
  ------------------
   27|  1.14k|         BER_Decoder dec(in);
   28|  1.14k|         decode_from(dec);
   29|  1.14k|      } else {
   30|    244|         std::string got_label;
   31|    244|         DataSource_Memory ber(PEM_Code::decode(in, got_label));
   32|       |
   33|    244|         if(got_label != PEM_label()) {
  ------------------
  |  Branch (33:13): [True: 62, False: 182]
  ------------------
   34|     62|            bool is_alternate = false;
   35|     62|            for(std::string_view alt_label : alternate_PEM_labels()) {
  ------------------
  |  Branch (35:44): [True: 62, False: 61]
  ------------------
   36|     62|               if(got_label == alt_label) {
  ------------------
  |  Branch (36:19): [True: 1, False: 61]
  ------------------
   37|      1|                  is_alternate = true;
   38|      1|                  break;
   39|      1|               }
   40|     62|            }
   41|       |
   42|     62|            if(!is_alternate) {
  ------------------
  |  Branch (42:16): [True: 61, False: 1]
  ------------------
   43|     61|               throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
   44|     61|            }
   45|     62|         }
   46|       |
   47|    183|         BER_Decoder dec(ber);
   48|    183|         decode_from(dec);
   49|    183|      }
   50|  1.38k|   } catch(Decoding_Error& e) {
   51|  1.22k|      throw Decoding_Error(PEM_label() + " decoding", e);
   52|  1.22k|   }
   53|  1.38k|}
_ZN5Botan11X509_Object11decode_fromERNS_11BER_DecoderE:
   68|  1.14k|void X509_Object::decode_from(BER_Decoder& from) {
   69|  1.14k|   from.start_sequence()
   70|  1.14k|      .start_sequence()
   71|  1.14k|      .raw_bytes(m_tbs_bits)
   72|  1.14k|      .end_cons()
   73|  1.14k|      .decode(m_sig_algo)
   74|  1.14k|      .decode(m_sig, ASN1_Type::BitString)
   75|  1.14k|      .end_cons();
   76|       |
   77|  1.14k|   force_decode();
   78|  1.14k|}

_ZNK5Botan16X509_Certificate9PEM_labelEv:
   70|  1.34k|std::string X509_Certificate::PEM_label() const { return "CERTIFICATE"; }
_ZNK5Botan16X509_Certificate20alternate_PEM_labelsEv:
   72|     62|std::vector<std::string> X509_Certificate::alternate_PEM_labels() const { return {"X509 CERTIFICATE"}; }
_ZN5Botan16X509_CertificateC2ERKNSt3__16vectorIhNS1_9allocatorIhEEEE:
   76|  1.38k|X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec) {
   77|  1.38k|   DataSource_Memory src(vec.data(), vec.size());
   78|  1.38k|   load_data(src);
   79|  1.38k|}
_ZN5Botan16X509_Certificate12force_decodeEv:
  276|    444|void X509_Certificate::force_decode() {
  277|    444|   m_data.reset();
  278|    444|   m_data = parse_x509_cert_body(*this);
  279|    444|}
x509cert.cpp:_ZN5Botan12_GLOBAL__N_120parse_x509_cert_bodyERKNS_11X509_ObjectE:
   95|    444|std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& obj) {
   96|    444|   auto data = std::make_unique<X509_Certificate_Data>();
   97|       |
   98|    444|   BigInt serial_bn;
   99|    444|   BER_Object public_key;
  100|    444|   BER_Object v3_exts_data;
  101|       |
  102|    444|   BER_Decoder(obj.signed_body())
  103|    444|      .decode_optional(data->m_version, ASN1_Type(0), ASN1_Class::Constructed | ASN1_Class::ContextSpecific)
  104|    444|      .decode(serial_bn)
  105|    444|      .decode(data->m_sig_algo_inner)
  106|    444|      .decode(data->m_issuer_dn)
  107|    444|      .start_sequence()
  108|    444|      .decode(data->m_not_before)
  109|    444|      .decode(data->m_not_after)
  110|    444|      .end_cons()
  111|    444|      .decode(data->m_subject_dn)
  112|    444|      .get_next(public_key)
  113|    444|      .decode_optional_string(data->m_v2_issuer_key_id, ASN1_Type::BitString, 1)
  114|    444|      .decode_optional_string(data->m_v2_subject_key_id, ASN1_Type::BitString, 2)
  115|    444|      .get_next(v3_exts_data)
  116|    444|      .verify_end("TBSCertificate has extra data after extensions block");
  117|       |
  118|    444|   if(data->m_version > 2) {
  ------------------
  |  Branch (118:7): [True: 0, False: 444]
  ------------------
  119|      0|      throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version));
  120|      0|   }
  121|    444|   if(obj.signature_algorithm() != data->m_sig_algo_inner) {
  ------------------
  |  Branch (121:7): [True: 0, False: 444]
  ------------------
  122|      0|      throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields");
  123|      0|   }
  124|       |
  125|    444|   public_key.assert_is_a(ASN1_Type::Sequence, ASN1_Class::Constructed, "X.509 certificate public key");
  126|       |
  127|       |   // crude method to save the serial's sign; will get lost during decoding, otherwise
  128|    444|   data->m_serial_negative = serial_bn.is_negative();
  129|       |
  130|       |   // for general sanity convert wire version (0 based) to standards version (v1 .. v3)
  131|    444|   data->m_version += 1;
  132|       |
  133|    444|   data->m_serial = BigInt::encode(serial_bn);
  134|    444|   data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits());
  135|    444|   data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits());
  136|       |
  137|    444|   data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length());
  138|       |
  139|    444|   data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits);
  140|       |
  141|    444|   BER_Decoder(data->m_subject_public_key_bits)
  142|    444|      .decode(data->m_subject_public_key_algid)
  143|    444|      .decode(data->m_subject_public_key_bitstring, ASN1_Type::BitString);
  144|       |
  145|    444|   if(v3_exts_data.is_a(3, ASN1_Class::Constructed | ASN1_Class::ContextSpecific)) {
  ------------------
  |  Branch (145:7): [True: 0, False: 444]
  ------------------
  146|       |      // Path validation will reject a v1/v2 cert with v3 extensions
  147|      0|      BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end();
  148|    444|   } else if(v3_exts_data.is_set()) {
  ------------------
  |  Branch (148:14): [True: 0, False: 444]
  ------------------
  149|      0|      throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging());
  150|      0|   }
  151|       |
  152|       |   // Now cache some fields from the extensions
  153|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>()) {
  ------------------
  |  Branch (153:12): [True: 0, False: 444]
  ------------------
  154|      0|      data->m_key_constraints = ext->get_constraints();
  155|       |      /*
  156|       |      RFC 5280: When the keyUsage extension appears in a certificate,
  157|       |      at least one of the bits MUST be set to 1.
  158|       |      */
  159|      0|      if(data->m_key_constraints.empty()) {
  ------------------
  |  Branch (159:10): [True: 0, False: 0]
  ------------------
  160|      0|         throw Decoding_Error("Certificate has invalid encoding for KeyUsage");
  161|      0|      }
  162|      0|   }
  163|       |
  164|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Key_ID>()) {
  ------------------
  |  Branch (164:12): [True: 0, False: 444]
  ------------------
  165|      0|      data->m_subject_key_id = ext->get_key_id();
  166|      0|   }
  167|       |
  168|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>()) {
  ------------------
  |  Branch (168:12): [True: 0, False: 444]
  ------------------
  169|      0|      data->m_authority_key_id = ext->get_key_id();
  170|      0|   }
  171|       |
  172|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>()) {
  ------------------
  |  Branch (172:12): [True: 0, False: 444]
  ------------------
  173|      0|      data->m_name_constraints = ext->get_name_constraints();
  174|      0|   }
  175|       |
  176|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>()) {
  ------------------
  |  Branch (176:12): [True: 0, False: 444]
  ------------------
  177|      0|      if(ext->get_is_ca() == true) {
  ------------------
  |  Branch (177:10): [True: 0, False: 0]
  ------------------
  178|       |         /*
  179|       |         * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all
  180|       |         * intermediate CA certificates they issue. Currently we accept it being
  181|       |         * missing, as do most other implementations. But it may be worth
  182|       |         * removing this entirely, or alternately adding a warning level
  183|       |         * validation failure for it.
  184|       |         */
  185|      0|         if(data->m_key_constraints.empty() || data->m_key_constraints.includes(Key_Constraints::KeyCertSign)) {
  ------------------
  |  Branch (185:13): [True: 0, False: 0]
  |  Branch (185:48): [True: 0, False: 0]
  ------------------
  186|      0|            data->m_is_ca_certificate = true;
  187|      0|            data->m_path_len_constraint = ext->get_path_limit();
  188|      0|         }
  189|      0|      }
  190|      0|   }
  191|       |
  192|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Issuer_Alternative_Name>()) {
  ------------------
  |  Branch (192:12): [True: 0, False: 444]
  ------------------
  193|      0|      data->m_issuer_alt_name = ext->get_alt_name();
  194|      0|   }
  195|       |
  196|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>()) {
  ------------------
  |  Branch (196:12): [True: 0, False: 444]
  ------------------
  197|      0|      data->m_subject_alt_name = ext->get_alt_name();
  198|      0|   }
  199|       |
  200|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Extended_Key_Usage>()) {
  ------------------
  |  Branch (200:12): [True: 0, False: 444]
  ------------------
  201|      0|      data->m_extended_key_usage = ext->object_identifiers();
  202|      0|   }
  203|       |
  204|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>()) {
  ------------------
  |  Branch (204:12): [True: 0, False: 444]
  ------------------
  205|      0|      data->m_cert_policies = ext->get_policy_oids();
  206|      0|   }
  207|       |
  208|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>()) {
  ------------------
  |  Branch (208:12): [True: 0, False: 444]
  ------------------
  209|      0|      data->m_ocsp_responder = ext->ocsp_responder();
  210|      0|      data->m_ca_issuers = ext->ca_issuers();
  211|      0|   }
  212|       |
  213|    444|   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::CRL_Distribution_Points>()) {
  ------------------
  |  Branch (213:12): [True: 0, False: 444]
  ------------------
  214|      0|      data->m_crl_distribution_points = ext->crl_distribution_urls();
  215|      0|   }
  216|       |
  217|       |   // Check for self-signed vs self-issued certificates
  218|    444|   if(data->m_subject_dn == data->m_issuer_dn) {
  ------------------
  |  Branch (218:7): [True: 0, False: 444]
  ------------------
  219|      0|      if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false) {
  ------------------
  |  Branch (219:10): [True: 0, False: 0]
  |  Branch (219:53): [True: 0, False: 0]
  ------------------
  220|      0|         data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id);
  221|      0|      } else {
  222|       |         /*
  223|       |         If a parse error or unknown algorithm is encountered, default
  224|       |         to assuming it is self signed. We have no way of being certain but
  225|       |         that is usually the default case (self-issued is rare in practice).
  226|       |         */
  227|      0|         data->m_self_signed = true;
  228|       |
  229|      0|         try {
  230|      0|            auto pub_key = X509::load_key(data->m_subject_public_key_bits_seq);
  231|       |
  232|      0|            const auto sig_status = obj.verify_signature(*pub_key);
  233|       |
  234|      0|            if(sig_status.first == Certificate_Status_Code::OK ||
  ------------------
  |  Branch (234:16): [True: 0, False: 0]
  ------------------
  235|      0|               sig_status.first == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN) {
  ------------------
  |  Branch (235:16): [True: 0, False: 0]
  ------------------
  236|      0|               data->m_self_signed = true;
  237|      0|            } else {
  238|      0|               data->m_self_signed = false;
  239|      0|            }
  240|      0|         } catch(...) {
  241|       |            // ignore errors here to allow parsing to continue
  242|      0|         }
  243|      0|      }
  244|      0|   }
  245|       |
  246|    444|   const std::vector<uint8_t> full_encoding = obj.BER_encode();
  247|       |
  248|    444|   auto sha1 = HashFunction::create("SHA-1");
  249|    444|   if(sha1) {
  ------------------
  |  Branch (249:7): [True: 0, False: 444]
  ------------------
  250|      0|      sha1->update(data->m_subject_public_key_bitstring);
  251|      0|      data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec();
  252|       |      // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called
  253|       |
  254|      0|      data->m_fingerprint_sha1 = create_hex_fingerprint(full_encoding, "SHA-1");
  255|      0|   }
  256|       |
  257|    444|   auto sha256 = HashFunction::create("SHA-256");
  258|    444|   if(sha256) {
  ------------------
  |  Branch (258:7): [True: 0, False: 444]
  ------------------
  259|      0|      sha256->update(data->m_issuer_dn_bits);
  260|      0|      data->m_issuer_dn_bits_sha256 = sha256->final_stdvec();
  261|       |
  262|      0|      sha256->update(data->m_subject_dn_bits);
  263|      0|      data->m_subject_dn_bits_sha256 = sha256->final_stdvec();
  264|       |
  265|      0|      data->m_fingerprint_sha256 = create_hex_fingerprint(full_encoding, "SHA-256");
  266|      0|   }
  267|       |
  268|    444|   return data;
  269|    444|}

