Fix of handling weak dh server keys.

https://crbug.com/353579

Align behavior with NSS and report SSL_R_BAD_DH_P_LENGTH error
when size of the server's dh group is less than 512 bits.

Change-Id: I09f1828482f40b2283f7c6a69425819379399815
Reviewed-on: https://boringssl-review.googlesource.com/1480
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d4546ba..7219984 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1427,6 +1427,12 @@
 			goto err;
 			}
 
+		if (DH_size(dh) < 512/8)
+			{
+			OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, SSL_R_BAD_DH_P_LENGTH);
+			goto err;
+			}
+
 		if (alg_a & SSL_aRSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #ifndef OPENSSL_NO_DSA