From 290a14cd9edf95f07940f63993c290dc045c2a44 Mon Sep 17 00:00:00 2001
From: Lev Stipakov <lev@openvpn.net>
Date: Mon, 29 Sep 2025 17:28:41 +0200
Subject: [PATCH] dco-win: fix broken ASSERT in dco_new_key

Commit

  e77c343 ("dco_win: In dco_new_key, document size assumptions for the integer casts")

has added an ASSERT on key-id, but didn't take into account that
key-id 0 is a perfectly valid value and is the first key-id. This
essentially broke dco-win.

Fix by adjusting ASSERT to >= 0.

Change-Id: I3b1243461ec9b6e85897f452f78dc4b05f7e126d
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1223
Message-Id: <20250929152841.177424-1-frank@lichtenheld.com>
URL: https://sourceforge.net/p/openvpn/mailman/message/59240115/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/dco_win.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c
index 4dd307ff3..30307dede 100644
--- a/src/openvpn/dco_win.c
+++ b/src/openvpn/dco_win.c
@@ -541,7 +541,7 @@ dco_new_key(dco_context_t *dco, unsigned int peerid, int keyid, dco_key_slot_t s
     ZeroMemory(&crypto_data, sizeof(crypto_data));
 
     crypto_data.CipherAlg = dco_get_cipher(ciphername);
-    ASSERT(keyid > 0 && keyid <= UCHAR_MAX);
+    ASSERT(keyid >= 0 && keyid <= UCHAR_MAX);
     crypto_data.KeyId = (unsigned char)keyid;
     crypto_data.PeerId = peerid;
     crypto_data.KeySlot = slot;
-- 
2.47.3