6 files changed, 37 insertions, 32 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index c19e1992..a0c425c5 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -4446,9 +4446,9 @@ static BOOL PerformBenchmark(HWND hwndDlg)
 					break;
 
 				case RIPEMD160:
 					/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
-					derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
+					derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
 					break;
 
 				case WHIRLPOOL:
 					/* PKCS-5 test with HMAC-Whirlpool used as the PRF */
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index 1ec78139..268f6b50 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -158,9 +158,9 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
 		case DeriveKeyWork:
 			switch (workItem->KeyDerivation.Pkcs5Prf)
 			{
 			case RIPEMD160:
-				derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
+				derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
 					workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
 				break;
 
 			case SHA512:
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index ba1054e0..e3f8031b 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -121,12 +121,19 @@ void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iter
 	char counter[4];
 	uint32 c;
 	int i;
 
-	if (iterations == 2000)
+#ifdef TC_WINDOWS_BOOT
+	/* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise 
+	 * This enables us to save code space needed for implementing other features.
+	 */
+	if (iterations)
 		c = 200000;
 	else
 		c = 500000;
+#else
+	c = iterations;
+#endif
 
 	/* iteration 1 */
 	memset (counter, 0, 4);
 	counter[3] = (char) b;
@@ -409,27 +416,27 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
 #endif
 	burn (&context, sizeof(context));
 }
 
-void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
+void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
 {
 	char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
 	char init[128];
 	char counter[4];
 	uint32 c;
 	int i;
 
-	if (bNotTest)
-	{
-		if (iterations == 32767)
-			c = 655331;
-		else
-			c = 327661;
-	}
+#ifdef TC_WINDOWS_BOOT
+	/* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise 
+	 * This enables us to save code space needed for implementing other features.
+	 */
+	if (iterations)
+		c = 327661;
 	else
-	{
-		c  = iterations;
-	}
+		c = 655331;
+#else
+	c  = iterations;
+#endif
 
 	/* iteration 1 */
 	memset (counter, 0, 4);
 	counter[3] = (char) b;
@@ -454,9 +461,9 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
 	burn (j, sizeof(j));
 	burn (k, sizeof(k));
 }
 
-void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
 {
 	char u[RIPEMD160_DIGESTSIZE];
 	int b, l, r;
 
@@ -473,15 +480,15 @@ void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, in
 
 	/* first l - 1 blocks */
 	for (b = 1; b < l; b++)
 	{
-		derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
+		derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
 		memcpy (dk, u, RIPEMD160_DIGESTSIZE);
 		dk += RIPEMD160_DIGESTSIZE;
 	}
 
 	/* last block */
-	derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
+	derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
 	memcpy (dk, u, r);
 
 
 	/* Prevent possible leaks. */
@@ -655,32 +662,30 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
 		return "(Unknown)";
 	}
 }
 
-#endif //!TC_WINDOWS_BOOT
 
 
 int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
 {
 	switch (pkcs5_prf_id)
 	{
 
 	case RIPEMD160:	
-		return bBoot? 16384 : 32767; /* it will be changed to 327661 and 655331 respectively inside derive_u_ripemd160 */
-
-#ifndef TC_WINDOWS_BOOT
+		return bBoot? 327661 : 655331;
 
 	case SHA512:	
 		return 500000;
 
 	case WHIRLPOOL:	
 		return 500000;
-#endif
 
 	case SHA256:
-		return bBoot? 2000 : 5000; /* it will be changed to 200000 and 500000 respectively inside derive_u_sha256 */
+		return bBoot? 200000 : 500000;
 
 	default:		
 		TC_THROW_FATAL_EXCEPTION;	// Unknown/wrong ID
 	}
 	return 0;
 }
+
+#endif //!TC_WINDOWS_BOOT
+\ No newline at end of file
diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h
index aff36cc4..be8c8cdb 100644
--- a/src/Common/Pkcs5.h
+++ b/src/Common/Pkcs5.h
@@ -25,10 +25,10 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int it
 void hmac_sha512 (char *k, int lk, char *d, int ld, char *out, int t);
 void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
 void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
 void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
-void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
-void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
 void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
 void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
 void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
 int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot);
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index 226b3e09..b34073ed 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -1054,14 +1054,14 @@ BOOL test_pkcs5 ()
 	if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
 		return FALSE;
 
 	/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
-	derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
 		return FALSE;
 
 	/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
-	derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
+	derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
 	if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
 		return FALSE;
 
 	/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 1c0f2485..2bd870bc 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -301,9 +301,9 @@ KeyReady:	;
 
 			switch (pkcs5_prf)
 			{
 			case RIPEMD160:
-				derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+				derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 					PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 
 			case SHA512:
@@ -565,12 +565,12 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
 
 	// PKCS5 PRF
 #ifdef TC_WINDOWS_BOOT_SHA2
 	derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
-		PKCS5_SALT_SIZE, bBoot ? 2000 : 5000, dk, sizeof (dk));
+		PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
 #else
-	derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
-		PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk));
+	derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+		PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
 #endif
 
 	// Mode of operation
 	cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;
@@ -791,9 +791,9 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
 			PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 		break;
 
 	case RIPEMD160:
-		derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+		derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 			PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 		break;
 
 	case WHIRLPOOL: