Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cryptokit-1.16.1/src/aesni.c
Examining data/cryptokit-1.16.1/src/aesni.h
Examining data/cryptokit-1.16.1/src/arcfour.c
Examining data/cryptokit-1.16.1/src/arcfour.h
Examining data/cryptokit-1.16.1/src/blake2.c
Examining data/cryptokit-1.16.1/src/blake2.h
Examining data/cryptokit-1.16.1/src/blowfish.c
Examining data/cryptokit-1.16.1/src/blowfish.h
Examining data/cryptokit-1.16.1/src/chacha20.c
Examining data/cryptokit-1.16.1/src/chacha20.h
Examining data/cryptokit-1.16.1/src/d3des.c
Examining data/cryptokit-1.16.1/src/d3des.h
Examining data/cryptokit-1.16.1/src/keccak.c
Examining data/cryptokit-1.16.1/src/keccak.h
Examining data/cryptokit-1.16.1/src/rijndael-alg-fst.c
Examining data/cryptokit-1.16.1/src/rijndael-alg-fst.h
Examining data/cryptokit-1.16.1/src/ripemd160.c
Examining data/cryptokit-1.16.1/src/ripemd160.h
Examining data/cryptokit-1.16.1/src/sha1.c
Examining data/cryptokit-1.16.1/src/sha1.h
Examining data/cryptokit-1.16.1/src/sha256.c
Examining data/cryptokit-1.16.1/src/sha256.h
Examining data/cryptokit-1.16.1/src/sha512.c
Examining data/cryptokit-1.16.1/src/sha512.h
Examining data/cryptokit-1.16.1/src/stubs-aes.c
Examining data/cryptokit-1.16.1/src/stubs-arcfour.c
Examining data/cryptokit-1.16.1/src/stubs-blake2.c
Examining data/cryptokit-1.16.1/src/stubs-blowfish.c
Examining data/cryptokit-1.16.1/src/stubs-chacha20.c
Examining data/cryptokit-1.16.1/src/stubs-des.c
Examining data/cryptokit-1.16.1/src/stubs-md5.c
Examining data/cryptokit-1.16.1/src/stubs-misc.c
Examining data/cryptokit-1.16.1/src/stubs-ripemd160.c
Examining data/cryptokit-1.16.1/src/stubs-rng.c
Examining data/cryptokit-1.16.1/src/stubs-sha1.c
Examining data/cryptokit-1.16.1/src/stubs-sha256.c
Examining data/cryptokit-1.16.1/src/stubs-sha3.c
Examining data/cryptokit-1.16.1/src/stubs-sha512.c
Examining data/cryptokit-1.16.1/src/stubs-zlib.c

FINAL RESULTS:

data/cryptokit-1.16.1/src/arcfour.h:18:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char state[256];       
data/cryptokit-1.16.1/src/blake2.c:132:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->buffer, key, keylen);
data/cryptokit-1.16.1/src/blake2.c:146:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(s->buffer + s->numbytes, data, len);
data/cryptokit-1.16.1/src/blake2.c:150:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->buffer + s->numbytes, data, n);
data/cryptokit-1.16.1/src/blake2.c:160:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(s->buffer, data, len);
data/cryptokit-1.16.1/src/blake2.c:271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->buffer, key, keylen);
data/cryptokit-1.16.1/src/blake2.c:285:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(s->buffer + s->numbytes, data, len);
data/cryptokit-1.16.1/src/blake2.c:289:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->buffer + s->numbytes, data, n);
data/cryptokit-1.16.1/src/blake2.c:299:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(s->buffer, data, len);
data/cryptokit-1.16.1/src/blake2.h:22:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[BLAKE2b_BLOCKSIZE];
data/cryptokit-1.16.1/src/blake2.h:38:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[BLAKE2s_BLOCKSIZE];
data/cryptokit-1.16.1/src/keccak.c:136:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ctx->buffer + ctx->numbytes, data, len);
data/cryptokit-1.16.1/src/keccak.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer + ctx->numbytes, data, n);
data/cryptokit-1.16.1/src/keccak.c:152:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (len > 0) memcpy(ctx->buffer, data, len);
data/cryptokit-1.16.1/src/keccak.h:7:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[144];
data/cryptokit-1.16.1/src/ripemd160.c:104:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, numwords * sizeof(u32));
data/cryptokit-1.16.1/src/ripemd160.c:350:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ctx->buffer + ctx->numbytes, data, len);
data/cryptokit-1.16.1/src/ripemd160.c:354:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer + ctx->numbytes, data, t);
data/cryptokit-1.16.1/src/ripemd160.c:361:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer, data, 64);
data/cryptokit-1.16.1/src/ripemd160.c:367:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->buffer, data, len);
data/cryptokit-1.16.1/src/ripemd160.c:371:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void RIPEMD160_finish(struct RIPEMD160Context * ctx, unsigned char output[20])
data/cryptokit-1.16.1/src/ripemd160.h:24:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64];
data/cryptokit-1.16.1/src/ripemd160.h:32:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             unsigned char output[20]);
data/cryptokit-1.16.1/src/sha1.c:31:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, numwords * sizeof(u32));
data/cryptokit-1.16.1/src/sha1.c:130:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ctx->buffer + ctx->numbytes, data, len);
data/cryptokit-1.16.1/src/sha1.c:134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer + ctx->numbytes, data, t);
data/cryptokit-1.16.1/src/sha1.c:141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer, data, 64);
data/cryptokit-1.16.1/src/sha1.c:147:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->buffer, data, len);
data/cryptokit-1.16.1/src/sha1.c:151:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1_finish(struct SHA1Context * ctx, unsigned char output[20])
data/cryptokit-1.16.1/src/sha1.h:24:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64];
data/cryptokit-1.16.1/src/sha1.h:30:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern void SHA1_finish(struct SHA1Context * ctx, unsigned char output[20]);
data/cryptokit-1.16.1/src/sha256.c:36:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, numwords * sizeof(u32));
data/cryptokit-1.16.1/src/sha256.c:181:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ctx->buffer + ctx->numbytes, data, len);
data/cryptokit-1.16.1/src/sha256.c:185:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer + ctx->numbytes, data, t);
data/cryptokit-1.16.1/src/sha256.c:192:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer, data, 64);
data/cryptokit-1.16.1/src/sha256.c:198:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->buffer, data, len);
data/cryptokit-1.16.1/src/sha256.h:29:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64];
data/cryptokit-1.16.1/src/sha512.c:36:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, numwords * 8);
data/cryptokit-1.16.1/src/sha512.c:251:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ctx->buffer + ctx->numbytes, data, len);
data/cryptokit-1.16.1/src/sha512.c:255:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer + ctx->numbytes, data, l);
data/cryptokit-1.16.1/src/sha512.c:262:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->buffer, data, 128);
data/cryptokit-1.16.1/src/sha512.c:268:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->buffer, data, len);
data/cryptokit-1.16.1/src/sha512.h:30:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[128];
data/cryptokit-1.16.1/src/stubs-md5.c:30:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char in[64];
data/cryptokit-1.16.1/src/stubs-rng.c:143:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &rr, nbytes);

ANALYSIS SUMMARY:

Hits = 45
Lines analyzed = 6067 in approximately 0.26 seconds (23513 lines/second)
Physical Source Lines of Code (SLOC) = 4662
Hits@level = [0]   0 [1]   0 [2]  45 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  45 [1+]  45 [2+]  45 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 9.65251 [1+] 9.65251 [2+] 9.65251 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.