boringssl_CVE-2023-0286.patch

diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index aebc76a92..a1bb39bad 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -3587,6 +3587,8 @@ TEST(X509Test, GeneralName)  {
       {0x82, 0x01, 0x61},
       // [2 PRIMITIVE] { "b" }
       {0x82, 0x01, 0x62},
+      // [3] {}
+      {0xa3, 0x00},
       // [4] {
       //   SEQUENCE {
       //     SET {
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index f313c797d..aafad9396 100644
--- a/src/crypto/x509v3/v3_genn.c
+++ b/src/crypto/x509v3/v3_genn.c
@@ -129,7 +129,7 @@ int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b) {

     switch (a->type) {
     case GEN_X400:
-        return ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+        return ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);

     case GEN_EDIPARTY:
         return edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 37e1a2273..ff2b1950f 100644
--- a/src/include/openssl/x509v3.h
+++ b/src/include/openssl/x509v3.h
@@ -167,7 +167,7 @@ typedef struct GENERAL_NAME_st {
     OTHERNAME *otherName;  // otherName
     ASN1_IA5STRING *rfc822Name;
     ASN1_IA5STRING *dNSName;
-    ASN1_TYPE *x400Address;
+    ASN1_STRING *x400Address;
     X509_NAME *directoryName;
     EDIPARTYNAME *ediPartyName;
     ASN1_IA5STRING *uniformResourceIdentifier;
@@ -179,6 +179,5 @@ typedef struct GENERAL_NAME_st {
     X509_NAME *dirn;        // dirn
     ASN1_IA5STRING *ia5;    // rfc822Name, dNSName, uniformResourceIdentifier
     ASN1_OBJECT *rid;       // registeredID
-    ASN1_TYPE *other;       // x400Address
   } d;
 } GENERAL_NAME;