diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 9927509a4524..7af23cf6c446 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -6706,7 +6706,7 @@ key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 				continue;
 			alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 			alg->sadb_alg_id = i;
-			alg->sadb_alg_ivlen = ealgo->blocksize;
+			alg->sadb_alg_ivlen = ealgo->ivsize;
 			alg->sadb_alg_minbits = _BITS(ealgo->minkey);
 			alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
 			off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 9f645c0c4f55..c8b5f16417f1 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -200,16 +200,10 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 		return EINVAL;
 	}
 
-	/*
-	 * NB: The null xform needs a non-zero blocksize to keep the
-	 *      crypto code happy but if we use it to set ivlen then
-	 *      the ESP header will be processed incorrectly.  The
-	 *      compromise is to force it to zero here.
-	 */
 	if (SAV_ISCTRORGCM(sav))
 		sav->ivlen = 8;	/* RFC4106 3.1 and RFC3686 3.1 */
 	else
-		sav->ivlen = (txform == &enc_xform_null ? 0 : txform->ivsize);
+		sav->ivlen = txform->ivsize;
 
 	/*
 	 * Setup AH-related state.
diff --git a/sys/opencrypto/xform.c b/sys/opencrypto/xform.c
index cb44bfad029a..3dee3664e0a4 100644
--- a/sys/opencrypto/xform.c
+++ b/sys/opencrypto/xform.c
@@ -154,7 +154,7 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
 struct enc_xform enc_xform_null = {
 	CRYPTO_NULL_CBC, "NULL",
 	/* NB: blocksize of 4 is to generate a properly aligned ESP header */
-	NULL_BLOCK_LEN, NULL_BLOCK_LEN, NULL_MIN_KEY, NULL_MAX_KEY, 
+	NULL_BLOCK_LEN, 0, NULL_MIN_KEY, NULL_MAX_KEY, 
 	null_encrypt,
 	null_decrypt,
 	null_setkey,