1 files changed, 8 insertions, 8 deletions

diff --git a/sshkey.c b/sshkey.c
index 63e568a04..de57c2ad4 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: sshkey.c,v 1.101 2020/03/06 18:21:28 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -4147,20 +4147,20 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
                 r = SSH_ERR_KEY_UNKNOWN_CIPHER;
                 goto out;
         }
-        if ((passphrase == NULL || strlen(passphrase) == 0) &&
-            strcmp(ciphername, "none") != 0) {
-                /* passphrase required */
-                r = SSH_ERR_KEY_WRONG_PASSPHRASE;
-                goto out;
-        }
         if (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0) {
                 r = SSH_ERR_KEY_UNKNOWN_CIPHER;
                 goto out;
         }
-        if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) {
+        if (strcmp(kdfname, "none") == 0 && strcmp(ciphername, "none") != 0) {
                 r = SSH_ERR_INVALID_FORMAT;
                 goto out;
         }
+        if ((passphrase == NULL || strlen(passphrase) == 0) &&
+            strcmp(kdfname, "none") != 0) {
+                /* passphrase required */
+                r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+                goto out;
+        }
         if (nkeys != 1) {
                 /* XXX only one key supported */
                 r = SSH_ERR_INVALID_FORMAT;