===== net/ipv4/esp4.c 1.55 vs edited =====
--- 1.55/net/ipv4/esp4.c	2004-08-12 19:59:52 +10:00
+++ edited/net/ipv4/esp4.c	2004-08-14 09:33:05 +10:00
@@ -372,8 +372,7 @@
 	if (x->aalg) {
 		if (x->aalg->alg_key_len > 512)
 			goto error;
-	}
-	if (x->ealg == NULL)
+	} else if (x->ealg == NULL)
 		goto error;
 
 	esp = kmalloc(sizeof(*esp), GFP_KERNEL);
===== net/ipv6/esp6.c 1.36 vs edited =====
--- 1.36/net/ipv6/esp6.c	2004-08-12 19:59:52 +10:00
+++ edited/net/ipv6/esp6.c	2004-08-14 09:33:25 +10:00
@@ -302,11 +302,11 @@
 {
 	struct esp_data *esp = NULL;
 
+	/* null auth and encryption can have zero length keys */
 	if (x->aalg) {
-		if (x->aalg->alg_key_len == 0 || x->aalg->alg_key_len > 512)
+		if (x->aalg->alg_key_len > 512)
 			goto error;
-	}
-	if (x->ealg == NULL)
+	} else if (x->ealg == NULL)
 		goto error;
 
 	if (x->encap)