chore(deps): upgrade dependencies

Upgrade all dependencies to newest versions.

vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h

@@ -99,6 +99,7 @@
 // Uses: AX, DX, R8-R15, FLAGS
 // Instr: x86_64, bmi2, adx
 #define integerMulAdx(z,x,y) \
+    MOVL    $0,R15; \
     MOVQ   0+y, DX;       XORL  AX,  AX; \
     MULXQ  0+x, AX,  R8;  MOVQ  AX, 0+z; \
     MULXQ  8+x, AX,  R9;  ADCXQ AX,  R8; \

vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h

@@ -158,6 +158,7 @@
 // Uses: AX, DX, R8-R15, FLAGS
 // Instr: x86_64, bmi2, adx
 #define integerMulAdx(z,x,y) \
+    MOVL    $0,R15; \
     MOVQ   0+y, DX;  XORL AX, AX;  MOVQ $0, R8; \
     MULXQ  0+x, AX,  R9;  MOVQ  AX, 0+z; \
     MULXQ  8+x, AX, R10;  ADCXQ AX,  R9; \

vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go

@@ -2,11 +2,12 @@
 // +build gofuzz
 
 // How to run the fuzzer:
-//  $ go get -u github.com/dvyukov/go-fuzz/go-fuzz
-//  $ go get -u github.com/dvyukov/go-fuzz/go-fuzz-build
-//  $ go-fuzz-build -libfuzzer -func FuzzReduction -o lib.a
-//  $ clang -fsanitize=fuzzer lib.a -o fu.exe
-//  $ ./fu.exe
+//
+//	$ go get -u github.com/dvyukov/go-fuzz/go-fuzz
+//	$ go get -u github.com/dvyukov/go-fuzz/go-fuzz-build
+//	$ go-fuzz-build -libfuzzer -func FuzzReduction -o lib.a
+//	$ clang -fsanitize=fuzzer lib.a -o fu.exe
+//	$ ./fu.exe
 package fp448
 
 import (

vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go

@@ -2,8 +2,8 @@
 //
 // References: "Efficient and secure algorithms for GLV-based scalar
 // multiplication and their implementation on GLV–GLS curves" by (Faz-Hernandez et al.)
-//  - https://doi.org/10.1007/s13389-014-0085-7
-//  - https://eprint.iacr.org/2013/158
+//   - https://doi.org/10.1007/s13389-014-0085-7
+//   - https://eprint.iacr.org/2013/158
 package mlsbset
 
 import (

vendor/github.com/cloudflare/circl/math/primes.go

@@ -0,0 +1,34 @@
+package math
+
+import (
+	"crypto/rand"
+	"io"
+	"math/big"
+)
+
+// IsSafePrime reports whether p is (probably) a safe prime.
+// The prime p=2*q+1 is safe prime if both p and q are primes.
+// Note that ProbablyPrime is not suitable for judging primes
+// that an adversary may have crafted to fool the test.
+func IsSafePrime(p *big.Int) bool {
+	pdiv2 := new(big.Int).Rsh(p, 1)
+	return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20)
+}
+
+// SafePrime returns a number of the given bit length that is a safe prime with high probability.
+// The number returned p=2*q+1 is a safe prime if both p and q are primes.
+// SafePrime will return error for any error returned by rand.Read or if bits < 2.
+func SafePrime(random io.Reader, bits int) (*big.Int, error) {
+	one := big.NewInt(1)
+	p := new(big.Int)
+	for {
+		q, err := rand.Prime(random, bits-1)
+		if err != nil {
+			return nil, err
+		}
+		p.Lsh(q, 1).Add(p, one)
+		if p.ProbablyPrime(20) {
+			return p, nil
+		}
+	}
+}

vendor/github.com/cloudflare/circl/math/wnaf.go

@@ -9,15 +9,15 @@ import "math/big"
 // output has ceil(l/(w-1)) digits.
 //
 // Restrictions:
-//  - n is odd and n > 0.
-//  - 1 < w < 32.
-//  - l >= bit length of n.
+//   - n is odd and n > 0.
+//   - 1 < w < 32.
+//   - l >= bit length of n.
 //
 // References:
-//  - Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms"
-//    by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21
-//  - Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and
-//    Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y
+//   - Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms"
+//     by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21
+//   - Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and
+//     Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y
 func SignedDigit(n *big.Int, w, l uint) []int32 {
 	if n.Sign() <= 0 || n.Bit(0) == 0 {
 		panic("n must be non-zero, odd, and positive")
@@ -51,8 +51,8 @@ func SignedDigit(n *big.Int, w, l uint) []int32 {
 // 1 < w < 32. The returned slice L holds n = sum( L[i]*2^i ).
 //
 // Reference:
-//  - Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas.
-//    http://doi.org/10.1023/A:1008306223194
+//   - Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas.
+//     http://doi.org/10.1023/A:1008306223194
 func OmegaNAF(n *big.Int, w uint) (L []int32) {
 	if n.Sign() < 0 {
 		panic("n must be positive")