diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
old mode 100644
new mode 100755
index 066e21ab8..de81d3f35
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6177,26 +6177,16 @@ int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
 
 /* Macro to check if bit is set, if not sets and return success.
     Otherwise returns failure */
+/* Macro required here because bit-field operation */
 #ifndef WOLFSSL_NO_ASN_STRICT
     #define VERIFY_AND_SET_OID(bit) \
-    ({ \
-        int bitvalid; \
-        if (bit == 0) { \
+        if (bit == 0) \
             bit = 1; \
-            bitvalid = 0;  /* success */ \
-        } \
-        else { \
-            bitvalid = -1; /* fail */ \
-        } \
-        bitvalid; \
-    })
+        else \
+            return ASN_OBJECT_ID_E;
 #else
     /* With no strict defined, the verify is skipped */
-    #define VERIFY_AND_SET_OID(bit) \
-    ({ \
-        bit = 1; \
-        0; /* success */ \
-    })
+#define VERIFY_AND_SET_OID(bit) bit = 1;
 #endif
 
 static int DecodeCertExtensions(DecodedCert* cert)
@@ -6205,7 +6195,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
  *  index. It is works starting with the recorded extensions pointer.
  */
 {
-    int ret;
+    int ret = 0;
     word32 idx = 0;
     int sz = cert->extensionsSz;
     byte* input = cert->extensions;
@@ -6267,8 +6257,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
 
         switch (oid) {
             case BASIC_CA_OID:
-                if (VERIFY_AND_SET_OID(cert->extBasicConstSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extBasicConstSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extBasicConstCrit = critical;
                 #endif
@@ -6277,8 +6266,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case CRL_DIST_OID:
-                if (VERIFY_AND_SET_OID(cert->extCRLdistSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extCRLdistSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extCRLdistCrit = critical;
                 #endif
@@ -6287,8 +6275,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case AUTH_INFO_OID:
-                if (VERIFY_AND_SET_OID(cert->extAuthInfoSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extAuthInfoSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extAuthInfoCrit = critical;
                 #endif
@@ -6297,8 +6284,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case ALT_NAMES_OID:
-                if (VERIFY_AND_SET_OID(cert->extSubjAltNameSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extSubjAltNameSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extSubjAltNameCrit = critical;
                 #endif
@@ -6308,8 +6294,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case AUTH_KEY_OID:
-                if (VERIFY_AND_SET_OID(cert->extAuthKeyIdSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extAuthKeyIdSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extAuthKeyIdCrit = critical;
                 #endif
@@ -6318,8 +6303,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case SUBJ_KEY_OID:
-                if (VERIFY_AND_SET_OID(cert->extSubjKeyIdSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extSubjKeyIdSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extSubjKeyIdCrit = critical;
                 #endif
@@ -6341,8 +6325,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
 
             case CERT_POLICY_OID:
                 #ifdef WOLFSSL_SEP
-                    if (VERIFY_AND_SET_OID(cert->extCertPolicySet))
-                        return ASN_OBJECT_ID_E;
+                    VERIFY_AND_SET_OID(cert->extCertPolicySet);
                     #ifdef OPENSSL_EXTRA
                         cert->extCertPolicyCrit = critical;
                     #endif
@@ -6357,8 +6340,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case KEY_USAGE_OID:
-                if (VERIFY_AND_SET_OID(cert->extKeyUsageSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extKeyUsageSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extKeyUsageCrit = critical;
                 #endif
@@ -6367,8 +6349,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             case EXT_KEY_USAGE_OID:
-                if (VERIFY_AND_SET_OID(cert->extExtKeyUsageSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extExtKeyUsageCrit = critical;
                 #endif
@@ -6387,8 +6368,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
                     return ASN_NAME_INVALID_E;
                 }
             #endif
-                if (VERIFY_AND_SET_OID(cert->extNameConstraintSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->extNameConstraintSet);
                 #ifdef OPENSSL_EXTRA
                     cert->extNameConstraintCrit = critical;
                 #endif
@@ -6398,8 +6378,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
             #endif /* IGNORE_NAME_CONSTRAINTS */
 
             case INHIBIT_ANY_OID:
-                if (VERIFY_AND_SET_OID(cert->inhibitAnyOidSet))
-                    return ASN_OBJECT_ID_E;
+                VERIFY_AND_SET_OID(cert->inhibitAnyOidSet);
                 WOLFSSL_MSG("Inhibit anyPolicy extension not supported yet.");
                 break;