The expectation when calling HMAC with key=NULL and keylen=0 is to compute HMAC on the provided data with a key of length 0 instead of using the "previous" key, which in the case of HMAC() is whatever bytes happen to be left on the stack when the HMAC_CTX struct is allocated. Change-Id: I52a95e262ee4e15f1af3136cb9c07f42f40ce122 Reviewed-on: https://boringssl-review.googlesource.com/2660 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15