Problem: CHMAC_SHA256 and CHMAC_SHA512 copied the key with memcpy(rkey, key, keylen) before zero-padding it.
Empty-vector callers can pass a null key pointer, and glibc annotates memcpy arguments as non-null.
A minimal Compiler Explorer reproducer shows the unguarded zero-length copy still aborting under current GCC-trunk UBSan, while the guarded variant exits successfully.
This is the same class of empty-byte-vector issue discussed for the IPC fuzzer - where std::copy was also considered (see godbolt reproducer above).
No in-tree caller currently passes a null HMAC key, so this hardens the empty-key boundary for tests and fuzzing.
Fix: Skip the key copy when keylen == 0. The following memset still zero-fills the whole HMAC key block, so the derived pads and digests are unchanged.
With the HMAC copy fixed, the crypto fuzzer can pass empty byte vectors directly.
The stale eval_script workaround can also be dropped in favor of calling ConsumeRemainingBytes() directly because it already returns before copying when no bytes remain.