Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnonzero.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_cmov.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_1.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_double_scalarmult.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_tobytes.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_pow22523.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sc.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sqrtm1.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p1p1_to_p2.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sc_muladd.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/d.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_tobytes.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/pow225521.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_add.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_neg.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_montx_to_edy.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_p3_to_montx.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/crypto_additions.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_clamp.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/utility.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/compare.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_montx_to_p3.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_isneutral.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_isreduced.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/keygen.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/elligator.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/utility.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult_cofactor.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_neg.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_sqrt.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/crypto_hash_sha512.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/compare.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_cmov.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_isequal.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/keygen.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_mont_rhs.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/zeroize.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/zeroize.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_msub.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p2_0.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_sub.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p1p1_to_p3.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_add.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/d2.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_sub.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_msub.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_invert.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_sign_edwards25519sha512batch.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_uint32.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_int64.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_int32.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_sign.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_uint64.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_includes/crypto_verify_32.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_to_cached.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_to_p2.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_dbl.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/pow22523.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_frombytes.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_0.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_mul.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p3_tobytes.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_add.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/base2.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/blocks.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/api.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/base.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_neg.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_sq2.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_0.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sc_reduce.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p2_dbl.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_frombytes.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_sub.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_copy.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnegative.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_p2_dbl.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_precomp_0.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_sq.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_madd.h
Examining data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_madd.c
Examining data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c
FINAL RESULTS:
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/crypto_additions.h:35:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char *random /* 64 bytes random to hash into nonce */
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:11:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char* random)
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:30:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ed_pubkey, random);
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.h:9:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char* random); /* 64 bytes */
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:17:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char* random
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:34:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
memmove(sm + mlen + 64, random, 64);
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:11:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char* random)
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:36:52: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
crypto_sign_modified(sigbuf, msg, msg_len, a, A, random);
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.h:9:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char* random); /* 64 bytes */
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:20:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char* random);
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:33:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const char *random;
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:39:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!PyArg_ParseTuple(args, y"#"y"#"y"#:generate",&random, &randomlen, &privatekey, &privatekeylen, &message, &messagelen))
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:51:76: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(unsigned char *)message, messagelen, (unsigned char *)random);
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:87:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
char *random;
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:90:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(!PyArg_ParseTuple(args, y"#:clamp", &random, &randomlen)) {
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:98:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random[0] &= 248;
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:99:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random[31] &= 127;
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:100:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random[31] |= 64;
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:102:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return PyBytes_FromStringAndSize((char *)random, 32);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:346:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:430:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:643:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origx, x, 10 * sizeof(limb));
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:649:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xprime, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:666:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xxprime, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:680:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x3, xxxprime, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:681:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z3, zzprime, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:745:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nqpqx, q, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:779:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultx, nqx, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/curve25519-donna.c:780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultz, nqz, sizeof(limb) * 10);
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ed_pubkey[32]; /* Ed25519 encoded pubkey */
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/curve_sigs.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ed_pubkey[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/elligator.c:11:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/elligator.c:63:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_isreduced.c:7:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char strict[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/fe_sqrt.c:6:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char i_bytes[32] = {
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_montx_to_p3.c:8:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char A_bytes[32] = {
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_montx_to_p3.c:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dbytes[32] = {
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:68:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkcopy[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcopy[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:17:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scopy[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/open_modified.c:19:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcheck[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_cmov.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_neg.c:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char lminus1[32] = {0xec, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sc_neg.c:22:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:20:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/sign_modified.c:21:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/utility.c:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char a[32], aneg[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char A[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:30:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, curve25519_privkey, 32);
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:51:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ed_pubkey[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char verifybuf[MAX_MSG_LEN + 64]; /* working buffer */
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/xeddsa.c:53:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char verifybuf2[MAX_MSG_LEN + 64]; /* working buffer #2 */
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/zeroize.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m[ZEROIZE_STACK_SIZE];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnegative.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnonzero.c:21:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/fe_isnonzero.c:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_double_scalarmult.c:48:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char aslide[256];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_double_scalarmult.c:49:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char bslide[256];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:66:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c:14:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char iv[64] = {
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c:27:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/nacl_sha512/hash.c:28:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padded[256];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkcopy[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcopy[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scopy[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:17:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/open.c:18:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rcheck[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char az[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[64];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/sign.c:16:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[64];
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[64];
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypublic[32];
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basepoint[32] = {9};
data/python-axolotl-curve25519-0.4.1.post2/curve25519module.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shared_key[32];
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:5:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b,signed char c)
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:42:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+0,equal(babs,1));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:43:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+1,equal(babs,2));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:44:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+2,equal(babs,3));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:45:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+3,equal(babs,4));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:46:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+4,equal(babs,5));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:47:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+5,equal(babs,6));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:48:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+6,equal(babs,7));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/additions/ge_scalarmult.c:49:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,pre+7,equal(babs,8));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:4:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b,signed char c)
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:41:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][0],equal(babs,1));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:42:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][1],equal(babs,2));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:43:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][2],equal(babs,3));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:44:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][3],equal(babs,4));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:45:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][4],equal(babs,5));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:46:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][5],equal(babs,6));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:47:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][6],equal(babs,7));
data/python-axolotl-curve25519-0.4.1.post2/curve/ed25519/ge_scalarmult_base.c:48:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t,&base[pos][7],equal(babs,8));
ANALYSIS SUMMARY:
Hits = 96
Lines analyzed = 7096 in approximately 0.31 seconds (22868 lines/second)
Physical Source Lines of Code (SLOC) = 5207
Hits@level = [0] 6 [1] 18 [2] 59 [3] 19 [4] 0 [5] 0
Hits@level+ = [0+] 102 [1+] 96 [2+] 78 [3+] 19 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 19.589 [1+] 18.4367 [2+] 14.9798 [3+] 3.64893 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.