diff --git a/src/internal.c b/src/internal.c
index 70a940bec..91ccc394b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3781,6 +3781,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
  */
 static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
 {
+    *hsType = invalid_sa_algo;
     switch (input[0]) {
         case NEW_SA_MAJOR:
     #ifdef HAVE_ED25519
@@ -3820,8 +3821,8 @@ static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsTy
                 *hsType = falcon_level1_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
                 *hashAlgo = sha512_mac;
-            } else
-            if (input[1] == FALCON_LEVEL5_SA_MINOR) {
+            }
+            else if (input[1] == FALCON_LEVEL5_SA_MINOR) {
                 *hsType = falcon_level5_sa_algo;
                 /* Hash performed as part of sign/verify operation. */
                 *hashAlgo = sha512_mac;
@@ -24449,7 +24450,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                     ERROR_OUT(NOT_COMPILED_IN, exit_dske);
             #else
                     enum wc_HashType hashType;
-                    word16  verifySz;
+                    word16 verifySz;
                     byte sigAlgo;
 
                     if (ssl->options.usingAnon_cipher) {
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 82171d2af..3f2b45a5e 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -3151,7 +3151,8 @@ enum SignatureAlgorithm {
     rsa_pss_pss_algo      = 10,
     ed448_sa_algo         = 11,
     falcon_level1_sa_algo = 12,
-    falcon_level5_sa_algo = 13
+    falcon_level5_sa_algo = 13,
+    invalid_sa_algo       = 255
 };
 
 #define PSS_RSAE_TO_PSS_PSS(macAlgo) \