Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnonzero.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_cmov.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_1.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_double_scalarmult.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_tobytes.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_pow22523.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sc.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sqrtm1.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p1p1_to_p2.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sc_muladd.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/d.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_tobytes.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/pow225521.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_add.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_neg.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_montx_to_edy.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_p3_to_montx.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/crypto_additions.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_clamp.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/utility.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/compare.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_montx_to_p3.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_isneutral.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_isreduced.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/keygen.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/elligator.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/utility.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult_cofactor.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_neg.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_sqrt.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/crypto_hash_sha512.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/compare.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_cmov.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_isequal.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/keygen.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_mont_rhs.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/zeroize.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/zeroize.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_msub.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p2_0.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_sub.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p1p1_to_p3.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_add.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/d2.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_sub.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_msub.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_invert.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_sign_edwards25519sha512batch.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_uint32.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_int64.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_int32.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_sign.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_uint64.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_verify_32.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_to_cached.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_to_p2.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_dbl.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/pow22523.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_frombytes.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_0.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_mul.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_tobytes.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_add.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/base2.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/blocks.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/api.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/base.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_neg.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_sq2.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_0.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sc_reduce.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p2_dbl.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_frombytes.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_sub.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_copy.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnegative.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p2_dbl.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_precomp_0.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_sq.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_madd.h Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_madd.c Examining data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c FINAL RESULTS: data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/crypto_additions.h:35:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char *random /* 64 bytes random to hash into nonce */ data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:11:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char* random) data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:30:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ed_pubkey, random); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.h:9:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char* random); /* 64 bytes */ data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:17:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char* random data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:34:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. memmove(sm + mlen + 64, random, 64); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:11:40: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char* random) data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:36:52: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. crypto_sign_modified(sigbuf, msg, msg_len, a, A, random); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.h:9:40: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char* random); /* 64 bytes */ data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:20:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const unsigned char* random); data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:33:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. const char *random; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:39:56: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!PyArg_ParseTuple(args, y"#"y"#"y"#:generate",&random, &randomlen, &privatekey, &privatekeylen, &message, &messagelen)) data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:51:76: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned char *)message, messagelen, (unsigned char *)random); data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:87:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. char *random; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:90:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if(!PyArg_ParseTuple(args, y"#:clamp", &random, &randomlen)) { data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:98:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[0] &= 248; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:99:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[31] &= 127; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:100:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[31] |= 64; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:102:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return PyBytes_FromStringAndSize((char *)random, 32); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:346:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, t, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:430:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, t, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:643:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(origx, x, 10 * sizeof(limb)); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:649:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(origxprime, xprime, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:666:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(origxprime, xxprime, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:680:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x3, xxxprime, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:681:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(z3, zzprime, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:745:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nqpqx, q, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:779:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultx, nqx, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:780:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultz, nqz, sizeof(limb) * 10); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ed_pubkey[32]; /* Ed25519 encoded pubkey */ data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:47:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ed_pubkey[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/elligator.c:11:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/elligator.c:63:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_isreduced.c:7:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char strict[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_sqrt.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char i_bytes[32] = { data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_montx_to_p3.c:8:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char A_bytes[32] = { data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_montx_to_p3.c:48:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dbytes[32] = { data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:68:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char e[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkcopy[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcopy[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:17:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scopy[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:18:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:19:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcheck[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_cmov.c:13:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char x[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_neg.c:14:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char lminus1[32] = {0xec, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_neg.c:22:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zero[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:20:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:21:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/utility.c:25:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:13:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char a[32], aneg[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char A[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, curve25519_privkey, 32); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ed_pubkey[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:52:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char verifybuf[MAX_MSG_LEN + 64]; /* working buffer */ data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:53:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char verifybuf2[MAX_MSG_LEN + 64]; /* working buffer #2 */ data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/zeroize.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m[ZEROIZE_STACK_SIZE]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnegative.c:13:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnonzero.c:21:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char zero[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnonzero.c:25:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_double_scalarmult.c:48:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char aslide[256]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_double_scalarmult.c:49:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char bslide[256]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:66:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char e[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c:14:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char iv[64] = { data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c:27:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c:28:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char padded[256]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkcopy[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcopy[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scopy[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:17:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:18:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcheck[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:13:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char az[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[64]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[64]; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[64]; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mypublic[32]; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basepoint[32] = {9}; data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shared_key[32]; data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:5:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static unsigned char equal(signed char b,signed char c) data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:42:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+0,equal(babs,1)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:43:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+1,equal(babs,2)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:44:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+2,equal(babs,3)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:45:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+3,equal(babs,4)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:46:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+4,equal(babs,5)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:47:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+5,equal(babs,6)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:48:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+6,equal(babs,7)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:49:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,pre+7,equal(babs,8)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:4:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static unsigned char equal(signed char b,signed char c) data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:41:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][0],equal(babs,1)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:42:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][1],equal(babs,2)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:43:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][2],equal(babs,3)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:44:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][3],equal(babs,4)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:45:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][4],equal(babs,5)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:46:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][5],equal(babs,6)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:47:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][6],equal(babs,7)); data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:48:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][7],equal(babs,8)); ANALYSIS SUMMARY: Hits = 96 Lines analyzed = 7096 in approximately 0.31 seconds (22868 lines/second) Physical Source Lines of Code (SLOC) = 5207 Hits@level = [0] 6 [1] 18 [2] 59 [3] 19 [4] 0 [5] 0 Hits@level+ = [0+] 102 [1+] 96 [2+] 78 [3+] 19 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 19.589 [1+] 18.4367 [2+] 14.9798 [3+] 3.64893 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.