[trac893] make sure verify() immediately rejects shorter sigs (calling same_mem

with a longer length was wrong, even though it normally wouldn't cause visible
disruption and would return the expected result).

src/lib/cryptolink/crypto_hmac.cc

@@ -153,7 +153,7 @@ public:
                 // standard signature size for the moment.
                 // Once we support truncation correctly, this if-clause should
                 // (and the capitalized comment above) be removed.
-                len = getOutputLength();
+                return (false);
             }
             if (len == 0 || len > getOutputLength()) {
                 len = getOutputLength();