Ensure tag lengths match in verification

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index d585c59..0e7ca63 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -733,8 +733,8 @@
     {
         *plaintext_length = finish_output_size;
 
-        if( do_tag_check &&
-            mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 )
+        if( do_tag_check && ( tag_length != operation->tag_length ||
+            mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) )
             status = PSA_ERROR_INVALID_SIGNATURE;
     }