From b0914663dd86d2a1c42fe4a61af48c7d9c56a05c Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Fri, 8 Nov 2019 20:15:31 +0100
Subject: [PATCH] Iterated S2K: always hash the full salt+password at least
 once

As per the spec:

   The one exception is that if the octet count is less than
   the size of the salt plus passphrase, the full salt plus passphrase
   will be hashed even though that is greater than the octet count.
---
 src/type/s2k.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/type/s2k.js b/src/type/s2k.js
index dac6d817..2b45d77e 100644
--- a/src/type/s2k.js
+++ b/src/type/s2k.js
@@ -167,9 +167,9 @@ S2K.prototype.produce_key = async function (passphrase, numBytes) {
         toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);
         break;
       case 'iterated': {
-        const count = this.get_count();
         const data = util.concatUint8Array([this.salt, passphrase]);
         let datalen = data.length;
+        const count = Math.max(this.get_count(), datalen);
         toHash = new Uint8Array(prefixlen + count);
         toHash.set(data, prefixlen);
         for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {