diff --git a/lib/gssapi/cfx.c b/lib/gssapi/cfx.c
index 89c660c50..5a60bc066 100644
--- a/lib/gssapi/cfx.c
+++ b/lib/gssapi/cfx.c
@@ -253,9 +253,13 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
 	 * In Wrap tokens without confidentiality, the EC field is
 	 * used to encode the size (in bytes) of the trailing
 	 * checksum.
+	 *
+	 * This is not used in the checksum calcuation itself,
+	 * because the checksum length could potentially vary
+	 * depending on the data length.
 	 */
-	token->EC[0] = (cksumsize >> 0) & 0xFF;
-	token->EC[1] = (cksumsize >> 8) & 0xFF;
+	token->EC[0] = 0;
+	token->EC[1] = 0;
     }
     token->RRC[0] = (rrc >> 0) & 0xFF;
     token->RRC[1] = (rrc >> 8) & 0xFF;
@@ -355,6 +359,10 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
 
 	free(buf);
 
+	assert(cksum.checksum.length == cksumsize);
+	token->EC[0] = (cksum.checksum.length >> 0) & 0xFF;
+	token->EC[1] = (cksum.checksum.length >> 8) & 0xFF;
+
 	p += sizeof(*token);
 	memcpy(p, input_message_buffer->value, input_message_buffer->length);
 	memcpy(p + input_message_buffer->length,
@@ -555,6 +563,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
 	memcpy((u_char *)output_message_buffer->value + len, 
 	       token, sizeof(*token));
 
+	/* EC is not included in checksum calculation */
+	token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
+				     len);
+	token->EC[0] = 0;
+	token->EC[1] = 0;
+
 	ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
 				   usage,
 				   output_message_buffer->value,
diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c
index 89c660c50..5a60bc066 100644
--- a/lib/gssapi/krb5/cfx.c
+++ b/lib/gssapi/krb5/cfx.c
@@ -253,9 +253,13 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
 	 * In Wrap tokens without confidentiality, the EC field is
 	 * used to encode the size (in bytes) of the trailing
 	 * checksum.
+	 *
+	 * This is not used in the checksum calcuation itself,
+	 * because the checksum length could potentially vary
+	 * depending on the data length.
 	 */
-	token->EC[0] = (cksumsize >> 0) & 0xFF;
-	token->EC[1] = (cksumsize >> 8) & 0xFF;
+	token->EC[0] = 0;
+	token->EC[1] = 0;
     }
     token->RRC[0] = (rrc >> 0) & 0xFF;
     token->RRC[1] = (rrc >> 8) & 0xFF;
@@ -355,6 +359,10 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
 
 	free(buf);
 
+	assert(cksum.checksum.length == cksumsize);
+	token->EC[0] = (cksum.checksum.length >> 0) & 0xFF;
+	token->EC[1] = (cksum.checksum.length >> 8) & 0xFF;
+
 	p += sizeof(*token);
 	memcpy(p, input_message_buffer->value, input_message_buffer->length);
 	memcpy(p + input_message_buffer->length,
@@ -555,6 +563,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
 	memcpy((u_char *)output_message_buffer->value + len, 
 	       token, sizeof(*token));
 
+	/* EC is not included in checksum calculation */
+	token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
+				     len);
+	token->EC[0] = 0;
+	token->EC[1] = 0;
+
 	ret = krb5_verify_checksum(gssapi_krb5_context, crypto,
 				   usage,
 				   output_message_buffer->value,