otr: reject private keys with parameters <= 0.

This serves as a basic sanity check and also prevents malformed private
keys from setting P=0 and consuming large amounts of CPU and memory in
the Exp call.

Change-Id: Ife22069b989a7347d8deaaf13030df82ee59e87b
Reviewed-on: https://go-review.googlesource.com/35246
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

otr/otr.go

@@ -1313,6 +1313,12 @@ func (priv *PrivateKey) Import(in []byte) bool {
 		mpis[i] = new(big.Int).SetBytes(mpiBytes)
 	}
 
+	for _, mpi := range mpis {
+		if mpi.Sign() <= 0 {
+			return false
+		}
+	}
+
 	priv.PrivateKey.P = mpis[0]
 	priv.PrivateKey.Q = mpis[1]
 	priv.PrivateKey.G = mpis[2]