module JWT::Algos::Hmac

def sign(algorithm, msg, key)
  key ||= ''
  raise JWT::DecodeError, 'HMAC key expected to be a String' unless key.is_a?(String)
  OpenSSL::HMAC.digest(MAPPING[algorithm].new, key, msg)
rescue OpenSSL::HMACError => e
  if key == '' && e.message == 'EVP_PKEY_new_mac_key: malloc failure'
    raise JWT::DecodeError, 'OpenSSL 3.0 does not support nil or empty hmac_secret'
  end
  raise e
end

def verify(algorithm, key, signing_input, signature)
  SecurityUtils.secure_compare(signature, sign(algorithm, signing_input, key))
end