diff --git a/lib/gssapi/sanon/accept_sec_context.c b/lib/gssapi/sanon/accept_sec_context.c
index 74f4aa04a..f31c974ee 100644
--- a/lib/gssapi/sanon/accept_sec_context.c
+++ b/lib/gssapi/sanon/accept_sec_context.c
@@ -113,10 +113,11 @@ _gss_sanon_accept_sec_context(OM_uint32 *minor,
     if (major != GSS_S_COMPLETE)
 	goto out;
 
-    req_flags &= SANON_PROTOCOL_FLAG_MASK; /* do not let initiator set any other flags */
+    /* do not let initiator set any other flags */
+    req_flags &= SANON_PROTOCOL_FLAG_MASK;
 
     req_flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
-        GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG;
+		 GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG;
 
     major = _gss_sanon_import_rfc4121_context(minor, sc, req_flags, &session_key);
     if (major != GSS_S_COMPLETE)
diff --git a/lib/gssapi/sanon/init_sec_context.c b/lib/gssapi/sanon/init_sec_context.c
index be61aba9b..4c199edc1 100644
--- a/lib/gssapi/sanon/init_sec_context.c
+++ b/lib/gssapi/sanon/init_sec_context.c
@@ -87,7 +87,7 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
     gss_buffer_desc mech_token = GSS_C_EMPTY_BUFFER;
     OM_uint32 major, tmp;
     sanon_ctx sc = (sanon_ctx)*context_handle;
-    OM_uint32 flags = 0;
+    OM_uint32 flags;
     gss_buffer_desc session_key = GSS_C_EMPTY_BUFFER;
 
     *minor = 0;
@@ -98,10 +98,11 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
 	goto out;
     }
 
-    flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
-	     GSS_C_INTEG_FLAG | SANON_PROTOCOL_FLAG_MASK; /* supported flags */
-    flags &= req_flags;
-    flags |= GSS_C_ANON_FLAG; /* always set this flag */
+    /* we always support the following flags */
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
+	    GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG;
+    /* we support the following optional flags */
+    flags |= req_flags & SANON_PROTOCOL_FLAG_MASK;
 
     if (sc == NULL) {
 	uint8_t pk_and_flags[crypto_scalarmult_curve25519_BYTES + 8];
@@ -125,10 +126,10 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
 	if (major != GSS_S_COMPLETE)
 	    goto out;
 
-	if (req_flags & SANON_PROTOCOL_FLAG_MASK) {
+	if (flags & SANON_PROTOCOL_FLAG_MASK) {
 	    memcpy(pk_and_flags, sc->pk, sizeof(sc->pk));
 	    _gss_mg_encode_be_uint32(0, &pk_and_flags[sizeof(sc->pk)]);
-	    _gss_mg_encode_be_uint32(req_flags & SANON_PROTOCOL_FLAG_MASK,
+	    _gss_mg_encode_be_uint32(flags & SANON_PROTOCOL_FLAG_MASK,
 				     &pk_and_flags[sizeof(sc->pk) + 4]);
 	    mech_token.length = sizeof(pk_and_flags);
 	    mech_token.value = pk_and_flags;
@@ -163,7 +164,8 @@ _gss_sanon_init_sec_context(OM_uint32 *minor,
 	pk.value = input_token->value;
 
 	/* compute shared secret */
-	major = _gss_sanon_curve25519(minor, sc, &pk, flags & SANON_PROTOCOL_FLAG_MASK,
+	major = _gss_sanon_curve25519(minor, sc, &pk,
+				      flags & SANON_PROTOCOL_FLAG_MASK,
 				      input_chan_bindings, &session_key);
 	if (major != GSS_S_COMPLETE)
 	    goto out;