diff --git a/nts_ntp_auth.c b/nts_ntp_auth.c
index 2ff6d0d..86cd7cd 100644
--- a/nts_ntp_auth.c
+++ b/nts_ntp_auth.c
@@ -167,7 +167,7 @@ NNA_DecryptAuthEF(NTP_Packet *packet, NTP_PacketInfo *info, SIV_Instance siv, in
 
   *plaintext_length = ciphertext_length - siv_tag_length;
 
-  if (!SIV_Decrypt(siv, nonce, nonce_length, packet, info->length - ef_body_length - 4,
+  if (!SIV_Decrypt(siv, nonce, nonce_length, packet, ef_start,
                    ciphertext, ciphertext_length, plaintext, *plaintext_length)) {
     DEBUG_LOG("SIV decrypt failed");
     return 0;
diff --git a/nts_ntp_server.c b/nts_ntp_server.c
index f4df796..c0d3e06 100644
--- a/nts_ntp_server.c
+++ b/nts_ntp_server.c
@@ -135,6 +135,11 @@ NNS_CheckRequestAuth(NTP_Packet *packet, NTP_PacketInfo *info, uint32_t *kod)
         cookie_length = ef_body_length;
         break;
       case NTP_EF_NTS_AUTH_AND_EEF:
+        if (parsed + ef_length != info->length) {
+          DEBUG_LOG("Auth not last EF");
+          return 0;
+        }
+
         auth_start = parsed;
         has_auth = 1;
         break;