17 files changed, 87 insertions, 32 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index ac6f3fbb..ac1689be 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -100,6 +100,8 @@ typedef struct
 	Password ProtectedHidVolPassword;	/* Password to the hidden volume to be protected against overwriting */
 	BOOL UseBackupHeader;
 	BOOL RecoveryMode;
+	int pkcs5_prf;
+	int ProtectedHidVolPkcs5Prf;
 } MOUNT_STRUCT;
 
 typedef struct
@@ -235,6 +237,7 @@ typedef struct
 typedef struct
 {
 	Password VolumePassword;
+	int pkcs5_prf;
 } ReopenBootVolumeHeaderRequest;
 
 
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 824e3b6d..47f6418f 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1638,7 +1638,7 @@ namespace VeraCrypt
 
 		// Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize)
 		memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader));
-		ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, NULL, cryptoInfo);
+		ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, NULL, cryptoInfo);
 
 		DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
 
@@ -2117,7 +2117,7 @@ namespace VeraCrypt
 	}
 
 
-	int BootEncryption::ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount)
+	int BootEncryption::ChangePassword (Password *oldPassword, int old_pkcs5,Password *newPassword, int pkcs5, int wipePassCount)
 	{
 		BootEncryptionStatus encStatus = GetStatus();
 
@@ -2159,7 +2159,7 @@ namespace VeraCrypt
 
 		PCRYPTO_INFO cryptoInfo = NULL;
 		
-		int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, &cryptoInfo, NULL);
+		int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, &cryptoInfo, NULL);
 		finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });
 
 		if (status != 0)
@@ -2257,6 +2257,7 @@ namespace VeraCrypt
 		{
 			ReopenBootVolumeHeaderRequest reopenRequest;
 			reopenRequest.VolumePassword = *newPassword;
+			reopenRequest.pkcs5_prf = cryptoInfo->pkcs5;
 			finally_do_arg (ReopenBootVolumeHeaderRequest*, &reopenRequest, { burn (finally_arg, sizeof (*finally_arg)); });
 
 			CallDriver (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER, &reopenRequest, sizeof (reopenRequest));
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index db1eb423..585b8425 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -141,7 +141,7 @@ namespace VeraCrypt
 		void AbortSetup ();
 		void AbortSetupWait ();
 		void CallDriver (DWORD ioctl, void *input = nullptr, DWORD inputSize = 0, void *output = nullptr, DWORD outputSize = 0);
-		int ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount);
+		int ChangePassword (Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount);
 		void CheckDecoyOSWipeResult ();
 		void CheckEncryptionSetupResult ();
 		void CheckRequirements ();
diff --git a/src/Common/Cache.c b/src/Common/Cache.c
index e119681e..2ecf9d86 100644
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -21,7 +21,7 @@ Password CachedPasswords[CACHE_SIZE];
 int cacheEmpty = 1;
 static int nPasswordIdx = 0;
 
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, PCRYPTO_INFO *retInfo)
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo)
 {
 	int nReturnCode = ERR_PASSWORD_WRONG;
 	int i;
@@ -29,7 +29,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
 	/* Attempt to recognize volume using mount password */
 	if (password->Length > 0)
 	{
-		nReturnCode = ReadVolumeHeader (bBoot, header, password, retInfo, NULL);
+		nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, retInfo, NULL);
 
 		/* Save mount passwords back into cache if asked to do so */
 		if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))
@@ -59,7 +59,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
 		{
 			if (CachedPasswords[i].Length > 0)
 			{
-				nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], retInfo, NULL);
+				nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, retInfo, NULL);
 
 				if (nReturnCode != ERR_PASSWORD_WRONG)
 					break;
diff --git a/src/Common/Cache.h b/src/Common/Cache.h
index 18324a5c..3c68479e 100644
--- a/src/Common/Cache.h
+++ b/src/Common/Cache.h
@@ -19,5 +19,5 @@
 extern int cacheEmpty;
 
 void AddPasswordToCache (Password *password);
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, PCRYPTO_INFO *retInfo);
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo);
 void WipeCache (void);
diff --git a/src/Common/Common.h b/src/Common/Common.h
index ef25ec17..d4375b5d 100644
--- a/src/Common/Common.h
+++ b/src/Common/Common.h
@@ -76,6 +76,7 @@ typedef struct
 	Password ProtectedHidVolPassword;	/* Password of hidden volume to protect against overwriting */
 	BOOL UseBackupHeader;
 	BOOL RecoveryMode;
+	int ProtectedHidVolPkcs5Prf;
 } MountOptions;
 
 #endif
diff --git a/src/Common/Common.rc b/src/Common/Common.rc
index 13b9f973..4f4dfb32 100644
--- a/src/Common/Common.rc
+++ b/src/Common/Common.rc
@@ -65,7 +65,7 @@ BEGIN
     PUSHBUTTON      "Cancel",IDCANCEL,248,190,50,14
 END
 
-IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 277, 172
+IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 277, 204
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "VeraCrypt - Mount Options"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -78,16 +78,18 @@ BEGIN
     CONTROL         "&Protect hidden volume against damage caused by writing to outer volume",IDC_PROTECT_HIDDEN_VOL,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,86,252,10
     EDITTEXT        IDC_PASSWORD_PROT_HIDVOL,112,104,151,14,ES_PASSWORD | ES_AUTOHSCROLL
-    CONTROL         "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,123,90,10
-    CONTROL         "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,136,90,10
-    PUSHBUTTON      "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,203,125,60,14
-    LTEXT           "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,151,247,10,SS_NOTIFY
+    CONTROL         "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,146,90,10
+    CONTROL         "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,159,90,10
+    PUSHBUTTON      "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,203,148,60,14
+    LTEXT           "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,174,247,10,SS_NOTIFY
     DEFPUSHBUTTON   "OK",IDOK,211,7,60,14
     PUSHBUTTON      "Cancel",IDCANCEL,211,24,60,14
     RTEXT           "P&assword to hidden volume:\n(if empty, cache is used)",IDT_HIDDEN_PROT_PASSWD,15,103,91,17,0,WS_EX_RIGHT
-    GROUPBOX        "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,72,265,95
+    GROUPBOX        "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,72,265,120
     CONTROL         "Use backup header embedded in &volume if available",IDC_USE_EMBEDDED_HEADER_BAK,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,39,257,11
+    COMBOBOX        IDC_PKCS5_PRF_ID,112,125,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
+    RTEXT           "PKCS-5 PRF:",IDT_PKCS5_PRF,15,126,91,17
 END
 
 IDD_KEYFILES DIALOGEX 0, 0, 345, 237
@@ -307,12 +309,13 @@ BEGIN
     LTEXT           "Please wait. This process may take a long time...",IDT_STATIC_MODELESS_WAIT_DLG_INFO,9,8,274,9
 END
 
-IDD_STATIC_MODAL_WAIT_DLG DIALOGEX 0, 0, 292, 42
+IDD_STATIC_MODAL_WAIT_DLG DIALOGEX 0, 0, 292, 61
 STYLE DS_SETFONT | DS_MODALFRAME | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION
 CAPTION "VeraCrypt"
 FONT 8, "MS Shell Dlg", 0, 0, 0x0
 BEGIN
-    CTEXT           "Please wait. This process may take a long time...",IDT_STATIC_MODELESS_WAIT_DLG_INFO,9,11,274,9
+    CTEXT           "Please wait...\nThis process may take a long time and VeraCrypt may become unresponsive.",IDT_STATIC_MODAL_WAIT_DLG_INFO,9,11,274,20
+    CONTROL         "",IDC_WAIT_PROGRESS_BAR,"msctls_progress32",WS_BORDER,7,37,278,14
 END
 
 
@@ -341,7 +344,7 @@ BEGIN
     BEGIN
         LEFTMARGIN, 7
         TOPMARGIN, 7
-        BOTTOMMARGIN, 166
+        BOTTOMMARGIN, 198
     END
 
     IDD_KEYFILES, DIALOG
@@ -453,7 +456,7 @@ BEGIN
         LEFTMARGIN, 7
         RIGHTMARGIN, 285
         TOPMARGIN, 7
-        BOTTOMMARGIN, 35
+        BOTTOMMARGIN, 54
     END
 END
 #endif    // APSTUDIO_INVOKED
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index a6ed56d2..4695239b 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -196,6 +196,7 @@ typedef struct CRYPTO_INFO_t
 {
 	int ea;									/* Encryption algorithm ID */
 	int mode;								/* Mode of operation (e.g., XTS) */
+	int pkcs5;								/* PRF algorithm */
 	unsigned __int8 ks[MAX_EXPANDED_KEY];	/* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */
 	unsigned __int8 ks2[MAX_EXPANDED_KEY];	/* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */
 
@@ -240,10 +241,26 @@ typedef struct CRYPTO_INFO_t
 	UINT64_STRUCT EncryptedAreaLength;
 
 	uint32 HeaderFlags;
-	int pkcs5;
 
 } CRYPTO_INFO, *PCRYPTO_INFO;
 
+#ifdef _WIN32
+
+#pragma pack (push)
+#pragma pack(1)
+
+typedef struct BOOT_CRYPTO_HEADER_t
+{
+	__int16 ea;									/* Encryption algorithm ID */
+	__int16 mode;								/* Mode of operation (e.g., XTS) */
+	__int16 pkcs5;								/* PRF algorithm */
+
+} BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER;
+
+#pragma pack (pop)
+
+#endif
+
 PCRYPTO_INFO crypto_open (void);
 void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
 void crypto_close (PCRYPTO_INFO cryptoInfo);
@@ -300,6 +317,7 @@ const
 char *HashGetName (int hash_algo_id);
 
 #ifndef TC_WINDOWS_BOOT
+Hash *HashGet (int id);
 void HashGetName2 (char *buf, int hashId);
 BOOL HashIsDeprecated (int hashId);
 BOOL HashForSystemEncryption (int hashId);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index bb84d377..1dbbbd29 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -6168,6 +6168,14 @@ static BOOL CALLBACK MountWaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
 		{
 			MountThreadParam* thParam = (MountThreadParam*) lParam;
 			HANDLE hThread = NULL;
+
+			// set the progress bar type to MARQUEE (indefinite progress)
+			HWND hProgress = GetDlgItem (hwndDlg, IDC_WAIT_PROGRESS_BAR);
+			if (hProgress)
+			{
+				SetWindowLongPtr (hProgress, GWL_STYLE, PBS_MARQUEE | GetWindowLongPtr (hProgress, GWL_STYLE));
+				::SendMessage(hProgress, PBM_SETMARQUEE, (WPARAM) TRUE, (LPARAM) 0);
+			}
 			
 			thParam->hwnd = hwndDlg; 
 
@@ -6225,6 +6233,7 @@ int MountVolume (HWND hwndDlg,
 				 int driveNo,
 				 char *volumePath,
 				 Password *password,
+				 int pkcs5,
 				 BOOL cachePassword,
 				 BOOL sharedAccess,
 				 const MountOptions* const mountOptions,
@@ -6285,6 +6294,7 @@ retry:
 	{
 		mount.ProtectedHidVolPassword = mountOptions->ProtectedHidVolPassword;
 		mount.bProtectHiddenVolume = TRUE;
+		mount.ProtectedHidVolPkcs5Prf = mountOptions->ProtectedHidVolPkcs5Prf;
 	}
 	else
 		mount.bProtectHiddenVolume = FALSE;
@@ -6294,6 +6304,7 @@ retry:
 	mount.bPreserveTimestamp = mountOptions->PreserveTimestamp;
 
 	mount.bMountManager = TRUE;
+	mount.pkcs5_prf = pkcs5;
 
 	// Windows 2000 mount manager causes problems with remounted volumes
 	if (CurrentOSMajor == 5 && CurrentOSMinor == 0)
@@ -6364,6 +6375,8 @@ retry:
 
 	burn (&mount.VolumePassword, sizeof (mount.VolumePassword));
 	burn (&mount.ProtectedHidVolPassword, sizeof (mount.ProtectedHidVolPassword));
+	burn (&mount.pkcs5_prf, sizeof (mount.pkcs5_prf));
+	burn (&mount.ProtectedHidVolPkcs5Prf, sizeof (mount.ProtectedHidVolPkcs5Prf));
 
 	if (bResult == FALSE)
 	{
@@ -8881,7 +8894,7 @@ void ReportUnexpectedState (char *techInfo)
 
 #ifndef SETUP
 
-int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader)
+int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader)
 {
 	int status = ERR_PARAMETER_INCORRECT;
 	int volumeType;
@@ -9043,7 +9056,7 @@ int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *pa
 		}
 
 		// Decrypt volume header
-		status = ReadVolumeHeader (FALSE, buffer, password, &context->CryptoInfo, NULL);
+		status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, &context->CryptoInfo, NULL);
 
 		if (status == ERR_PASSWORD_WRONG)
 			continue;		// Try next volume type
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 7faf6bc0..3781fd54 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -325,7 +325,7 @@ BOOL IsDriveAvailable (int driveNo);
 BOOL IsDeviceMounted (char *deviceName);
 int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced);
 void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap);
-int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, BOOL cachePassword, BOOL sharedAccess,  const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
+int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, int pkcs5, BOOL cachePassword, BOOL sharedAccess,  const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
 BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount);
 BOOL IsPasswordCacheEmpty (void);
 BOOL IsMountedVolume (const char *volname);
@@ -447,7 +447,7 @@ void ToBootPwdField (HWND hwndDlg, UINT ctrlId);
 void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT hFont);
 BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize);
 BOOL DoDriverInstall (HWND hwndDlg);
-int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader);
+int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader);
 void CloseVolume (OpenVolumeContext *context);
 int ReEncryptVolumeHeader (char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, BOOL wipeMode);
 BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);
diff --git a/src/Common/Format.c b/src/Common/Format.c
index ad6be026..c7198f60 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -623,7 +623,7 @@ error:
 		mountOptions.PartitionInInactiveSysEncScope = FALSE;
 		mountOptions.UseBackupHeader = FALSE;
 
-		if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
+		if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
 		{
 			MessageBoxW (volParams->hwndDlg, GetString ("CANT_MOUNT_VOLUME"), lpszTitle, ICON_HAND);
 			MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND);
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index 4ccf9c40..70e4b65f 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -270,6 +270,7 @@
     <control lang="en" key="IDT_PARALLELIZATION_OPTIONS">Thread-Based Parallelization</control>
     <control lang="en" key="IDT_PKCS11_LIB_PATH">PKCS #11 Library Path</control>
     <control lang="en" key="IDT_PKCS5_PRF">PKCS-5 PRF:</control>
+    <control lang="en" key="IDT_NEW_PKCS5_PRF">PKCS-5 PRF:</control>
     <control lang="en" key="IDT_PW_CACHE_OPTIONS">Password Cache</control>
     <control lang="en" key="IDT_SECURITY_OPTIONS">Security Options</control>
     <control lang="en" key="IDT_TASKBAR_ICON">VeraCrypt Background Task</control>
@@ -345,6 +346,7 @@
     <control lang="en" key="IDT_SECURITY_TOKEN">Security token:</control>
     <control lang="en" key="IDT_SORT_METHOD">Sort Method:</control>
     <control lang="en" key="IDT_STATIC_MODELESS_WAIT_DLG_INFO">Please wait. This process may take a long time...</control>
+    <control lang="en" key="IDT_STATIC_MODAL_WAIT_DLG_INFO">Please wait...\nThis process may take a long time and VeraCrypt may become unresponsive.</control>
     <control lang="en" key="IDT_TEST_BLOCK_NUMBER">Block number:</control>
     <control lang="en" key="IDT_TEST_CIPHERTEXT">Ciphertext (hexadecimal)</control>
     <control lang="en" key="IDT_TEST_DATA_UNIT_NUMBER">Data unit number (64-bit hexadecimal, data unit size is 512 bytes)</control>
@@ -756,6 +758,7 @@
     <string lang="en" key="REMOVABLE_DISK">Removable Disk</string>
     <string lang="en" key="HARDDISK">Harddisk</string>
     <string lang="en" key="UNCHANGED">Unchanged</string>
+    <string lang="en" key="AUTODETECTION">Autodetection</string>
     <string lang="en" key="SETUP_MODE_TITLE">Wizard Mode</string>
     <string lang="en" key="SETUP_MODE_INFO">Select one of the modes. If you are not sure which to select, use the default mode.</string>
     <string lang="en" key="SETUP_MODE_HELP_INSTALL">Select this option if you want to install VeraCrypt on this system.</string>
diff --git a/src/Common/Password.c b/src/Common/Password.c
index 2c065b68..921ce02e 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -119,7 +119,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem)
 	return TRUE;
 }
 
-int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
+int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
 {
 	int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
 	char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
@@ -287,7 +287,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw
 
 		/* Try to decrypt the header */
 
-		nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, &cryptoInfo, NULL);
+		nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, &cryptoInfo, NULL);
 		if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
 			nStatus = 0;	// We can ignore this error here
 
diff --git a/src/Common/Password.h b/src/Common/Password.h
index 887c6160..66903b53 100644
--- a/src/Common/Password.h
+++ b/src/Common/Password.h
@@ -35,7 +35,7 @@ typedef struct
 void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
 BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem);		
 BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);			
-int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
+int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
 
 #endif	// defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
 
diff --git a/src/Common/Resource.h b/src/Common/Resource.h
index eb2c5890..4b8c2df5 100644
--- a/src/Common/Resource.h
+++ b/src/Common/Resource.h
@@ -184,6 +184,10 @@
 #define IDC_KEYFILES_RANDOM_SIZE        5122
 #define IDT_KEYFILES_SIZE               5123
 #define IDD_STATIC_MODAL_WAIT_DLG       5124
+#define IDT_STATIC_MODAL_WAIT_DLG_INFO  5125
+#define IDC_WAIT_PROGRESS_BAR           5126
+#define IDC_PKCS5_PRF_ID                5127
+#define IDT_PKCS5_PRF                   5128
 
 // Next default values for new objects
 // 
@@ -192,7 +196,7 @@
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        542
 #define _APS_NEXT_COMMAND_VALUE         40001
-#define _APS_NEXT_CONTROL_VALUE         5125
+#define _APS_NEXT_CONTROL_VALUE         5129
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 2bd870bc..c88e81d8 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -163,7 +163,7 @@ typedef struct
 
 BOOL ReadVolumeHeaderRecoveryMode = FALSE;
 
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
+int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
 {
 	char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
 	KEY_INFO keyInfo;
@@ -198,7 +198,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR
 			return ERR_OUTOFMEMORY;
 	}
 
-	if (encryptionThreadCount > 1)
+	/* use thread pool only if no PRF was specified */
+	if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
 	{
 		keyDerivationWorkItems = TCalloc (sizeof (KeyDerivationWorkItem) * pkcs5PrfCount);
 		if (!keyDerivationWorkItems)
@@ -241,7 +242,11 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR
 	// Test all available PKCS5 PRFs
 	for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
 	{	
-		if (encryptionThreadCount > 1)
+		// if a PRF is specified, we skip all other PRFs
+		if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf)
+			continue;
+
+		if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
 		{
 			// Enqueue key derivation on thread pool
 			if (queuedWorkItems < encryptionThreadCount && enqPkcs5Prf <= LAST_PRF_ID)
@@ -529,7 +534,7 @@ ret:
 	VirtualUnlock (&dk, sizeof (dk));
 #endif
 
-	if (encryptionThreadCount > 1)
+	if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
 	{
 		TC_WAIT_EVENT (noOutstandingWorkItemEvent);
 
diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h
index 8f1da28d..18a52692 100644
--- a/src/Common/Volumes.h
+++ b/src/Common/Volumes.h
@@ -126,7 +126,11 @@ extern BOOL ReadVolumeHeaderRecoveryMode;
 uint16 GetHeaderField16 (byte *header, int offset);
 uint32 GetHeaderField32 (byte *header, int offset);
 UINT64_STRUCT GetHeaderField64 (byte *header, int offset);
+#ifdef TC_WINDOWS_BOOT
 int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+#else
+int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+#endif
 
 #if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)
 int CreateVolumeHeaderInMemory (BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);