From 4c12f0be95626b205ca6d1e015c04f2e30bb0ef0 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Fri, 10 Dec 2021 16:40:41 -0500
Subject: [PATCH] Only one call to wc_falcon_init() and comment on 300.

---
 src/ssl.c             | 48 +++++++++++++++++++++----------------------
 wolfssl/openssl/evp.h |  2 +-
 2 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index e1f6befd6..4880c48ec 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -8534,38 +8534,36 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
     #else
         falcon_key falcon[1];
     #endif
-        XMEMSET(falcon, 0, sizeof(falcon_key));
 
-        /* test if Falcon key */
-        if (priv) {
-            /* Try level 1 */
-            isFalcon = wc_falcon_init(falcon) == 0 &&
-                       wc_falcon_set_level(falcon, 1) == 0 &&
-                       wc_falcon_import_private_only(mem, (word32)memSz,
-                                                     falcon) == 0;
-            if (!isFalcon) {
-                /* Try level 5 */
-                isFalcon = wc_falcon_init(falcon) == 0 &&
-                           wc_falcon_set_level(falcon, 5) == 0 &&
+        if (wc_falcon_init(falcon) == 0) {
+            /* test if Falcon key */
+            if (priv) {
+                /* Try level 1 */
+                isFalcon = wc_falcon_set_level(falcon, 1) == 0 &&
                            wc_falcon_import_private_only(mem, (word32)memSz,
                                                          falcon) == 0;
-            }
-        } else {
-            /* Try level 1 */
-            isFalcon = wc_falcon_init(falcon) == 0 &&
-                       wc_falcon_set_level(falcon, 1) == 0 &&
-                       wc_falcon_import_public(mem, (word32)memSz, falcon) == 0;
+                if (!isFalcon) {
+                    /* Try level 5 */
+                    isFalcon = wc_falcon_set_level(falcon, 5) == 0 &&
+                               wc_falcon_import_private_only(mem, (word32)memSz,
+                                                             falcon) == 0;
+                }
+            } else {
+                /* Try level 1 */
+                isFalcon = wc_falcon_set_level(falcon, 1) == 0 &&
+                           wc_falcon_import_public(mem, (word32)memSz, falcon)
+                           == 0;
 
-            if (!isFalcon) {
-                /* Try level 5 */
-                isFalcon = wc_falcon_init(falcon) == 0 &&
-                           wc_falcon_set_level(falcon, 5) == 0 &&
-                           wc_falcon_import_public(mem, (word32)memSz,
-                                                         falcon) == 0;
+                if (!isFalcon) {
+                    /* Try level 5 */
+                    isFalcon = wc_falcon_set_level(falcon, 5) == 0 &&
+                               wc_falcon_import_public(mem, (word32)memSz,
+                                                       falcon) == 0;
+                }
             }
+            wc_falcon_free(falcon);
         }
 
-        wc_falcon_free(falcon);
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(falcon, NULL, DYNAMIC_TYPE_FALCON);
     #endif
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index 61f7108ff..19cbce481 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -247,7 +247,7 @@ enum {
     NID_rc4           = 5,
     EVP_PKEY_DH       = NID_dhKeyAgreement,
     EVP_PKEY_HMAC     = NID_hmac,
-    EVP_PKEY_FALCON = 300,
+    EVP_PKEY_FALCON   = 300, /* Randomly picked value. */
     AES_128_CFB1_TYPE = 24,
     AES_192_CFB1_TYPE = 25,
     AES_256_CFB1_TYPE = 26,