x25519 private key generation lacks clamping #3
Description
I am the creator of the x25519 library you are currently using. I'm writing to inform you of a minor security issue within the library: it does not perform clamping during private key generation.
While this isn't a critical issue if you are relying on digital signature-based security, I highly recommend applying clamping as a precautionary measure against potential edge cases.
When generating the private key, you should apply the following bitwise operations:
key[0] &= 248;
key[31] &= 127;
key[31] |= 64;