What steps will reproduce the problem?
1. Create a WordArray called 'key' with 20 words, but only 32 sigBytes.
2. Clone this and create a key2, 32 sigBytes, but clamped.
3. Use both keys to generate an hmac of a fixed WordArray.  hmac will be 
different.

What is the expected output? What do you see instead?
I expect the hmac digests to be equal.  The keys are supposed to be the same, 
despite differences in the internal WordArray structure.

What version of the product are you using? On what operating system?
3.0.2, mac, chrome

Please provide any additional information below.
I believe the problem is in hmac.js, around line 45, in the init function.  
There's no clamp() here, but lines later in the function use the key's word 
array directly, and override the key's sigBytes with hasherBlockSizeBytes.

Very good catch, and your proposed solution was right on. Fixed in r555.