elliptic-curve: make SecretKey::new failible

This fixes an invariant violation where you could create a secret key
from an all-zero scalar and convert it to a non-zero scala.
:

Author: baloo

elliptic-curve/src/secret_key.rs

@@ -11,13 +11,13 @@ mod pkcs8;
 use crate::{Curve, Error, FieldBytes, Result, ScalarPrimitive};
 use core::fmt::{self, Debug};
 use hybrid_array::typenum::Unsigned;
-use subtle::{Choice, ConstantTimeEq};
+use subtle::{Choice, ConstantTimeEq, CtOption};
 use zeroize::{Zeroize, ZeroizeOnDrop, Zeroizing};
 
 #[cfg(feature = "arithmetic")]
 use crate::{
-    CurveArithmetic, NonZeroScalar, PublicKey,
     rand_core::{CryptoRng, TryCryptoRng},
+    CurveArithmetic, NonZeroScalar, PublicKey,
 };
 
 #[cfg(feature = "jwk")]
@@ -29,17 +29,17 @@ use pem_rfc7468::{self as pem, PemLabel};
 #[cfg(feature = "sec1")]
 use {
     crate::{
-        FieldBytesSize,
         sec1::{EncodedPoint, ModulusSize, ValidatePublicKey},
+        FieldBytesSize,
     },
     sec1::der::{self, oid::AssociatedOid},
 };
 
 #[cfg(all(feature = "alloc", feature = "arithmetic", feature = "sec1"))]
 use {
     crate::{
-        AffinePoint,
         sec1::{FromEncodedPoint, ToEncodedPoint},
+        AffinePoint,
     },
     alloc::vec::Vec,
     sec1::der::Encode,
@@ -117,8 +117,12 @@ where
     }
 
     /// Create a new secret key from a scalar value.
-    pub fn new(scalar: ScalarPrimitive<C>) -> Self {
-        Self { inner: scalar }
+    ///
+    /// # Returns
+    ///
+    /// This will return a none if the scalar is all-zero.
+    pub fn new(scalar: ScalarPrimitive<C>) -> CtOption<Self> {
+        CtOption::new(Self { inner: scalar }, !scalar.is_zero())
     }
 
     /// Borrow the inner secret [`ScalarPrimitive`] value.