Add double-check for flags == 0 in crt_verify()

Also move to "default flow assumes failure" while at it.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6b4ed1c..22a6a23 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -3783,6 +3783,7 @@
     int ret;
     mbedtls_x509_crt_verify_chain ver_chain;
     uint32_t ee_flags;
+    volatile uint32_t flags_fi;
 
     *flags = 0;
     ee_flags = 0;
@@ -3859,16 +3860,19 @@
         return( ret );
     }
 
-    if( *flags != 0 )
+    flags_fi = *flags;
+    if( flags_fi == 0 )
     {
-        /* Preserve the API by removing internal extra bits - from now on the
-         * fact that flags is non-zero is also redundantly encoded by the
-         * return value from this function. */
-        *flags &= ~ X509_BADCERT_FI_EXTRA;
-        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+        mbedtls_platform_enforce_volatile_reads();
+        if( flags_fi == 0 )
+            return( 0 );
     }
 
-    return( 0 );
+    /* Preserve the API by removing internal extra bits - from now on the
+     * fact that flags is non-zero is also redundantly encoded by the
+     * non-zero return value from this function. */
+    *flags &= ~ X509_BADCERT_FI_EXTRA;
+    return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
 }
 
 /*