diff --git a/src/lib/libutil/bcrypt_pbkdf.c b/src/lib/libutil/bcrypt_pbkdf.c
index 24b628cc..28339039 100644
--- a/src/lib/libutil/bcrypt_pbkdf.c
+++ b/src/lib/libutil/bcrypt_pbkdf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bcrypt_pbkdf.c,v 1.2 2013/06/04 15:54:32 tedu Exp $ */
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.3 2013/06/04 15:55:50 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -107,6 +107,8 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
 	uint32_t count;
 
 	/* nothing crazy */
+	if (rounds < 1)
+		return -1;
 	if (passlen == 0 || saltlen == 0 || keylen == 0 ||
 	    keylen > sizeof(out) * sizeof(out))
 		return -1;