--- key.c	2019-10-02 15:10:03.942663289 +0200
+++ key.c	2019-10-02 15:12:07.864496998 +0200
@@ -675,7 +675,7 @@ 
 static struct mbuf *key_setsadbxsareplay(u_int32_t);
 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
 	u_int32_t, u_int32_t);
-static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t,
+static struct seckey *key_dup_keymsg(const struct sadb_key *,
     struct malloc_type *);
 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
     struct malloc_type *);
@@ -3412,7 +3412,7 @@ 
 			goto fail;
 		}
 
-		sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC);
+		sav->key_auth = key_dup_keymsg(key0, M_IPSEC_MISC);
 		if (sav->key_auth == NULL ) {
 			ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 				  __func__));
@@ -3438,7 +3438,7 @@ 
 				error = EINVAL;
 				break;
 			}
-			sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC);
+			sav->key_enc = key_dup_keymsg(key0, M_IPSEC_MISC);
 			if (sav->key_enc == NULL) {
 				ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 					__func__));
@@ -4064,13 +4064,15 @@ 
  * OUT: NULL no more memory
  */
 struct seckey *
-key_dup_keymsg(const struct sadb_key *src, size_t len,
+key_dup_keymsg(const struct sadb_key *src,
     struct malloc_type *type)
 {
 	struct seckey *dst;
+	size_t len;
 
 	dst = malloc(sizeof(*dst), type, M_NOWAIT);
 	if (dst != NULL) {
+		len = src->sadb_key_bits >> 3;
 		dst->bits = src->sadb_key_bits;
 		dst->key_data = malloc(len, type, M_NOWAIT);
 		if (dst->key_data != NULL) {