This is an automated email from the git hooks/post-receive script.
meskio pushed a commit to branch master in repository pluggable-transports/obfs4.
commit ef832041b71366f5e377297d2b4ff134077cfab4 Author: Yawning Angel yawning@schwanenlied.me AuthorDate: Sun Sep 4 06:38:30 2022 +0000
doc: Add a changelog entry and clarified a comment (NFC) --- ChangeLog | 2 ++ internal/x25519ell2/x25519ell2.go | 4 ++++ 2 files changed, 6 insertions(+)
diff --git a/ChangeLog b/ChangeLog index bff90ed..9223921 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ Changes in version 0.0.14 - UNRELEASED: + - Fixed the incompete previous fix to the Elligator 2 subgroup issue (Thanks + to David Fifield).
Changes in version 0.0.13 - 2022-02-04: - Stop using utls entirely for TLS signature normalization (meek_lite). diff --git a/internal/x25519ell2/x25519ell2.go b/internal/x25519ell2/x25519ell2.go index c3676ed..eb2b1dd 100644 --- a/internal/x25519ell2/x25519ell2.go +++ b/internal/x25519ell2/x25519ell2.go @@ -144,6 +144,10 @@ func uToRepresentative(representative *[32]byte, u *field.Element, tweak byte) b // Note that this function will fail and return false for about // half of private keys. // +// The `privateKey` input MUST be the full 32-bytes of entropy +// (X25519-style "clamping" will result in non-uniformly distributed +// representatives). +// // WARNING: The underlying scalar multiply explicitly does not clear // the cofactor, and thus the public keys will be different from // those produced by normal implementations.