Update hkdf.goHEAD master

Use hkdf from stable api instead of eXperimental
author: DMyachin 2026-01-07 20:47:26 +0300
committer: rfjakob 2026-01-07 21:59:39 +0100
commit: c9cf6f1f8a5b90c9cb70ed19f8c8426dc2655c9d (patch)
tree: cf1219b7752796613340bd83cf3fb640469a5a5c /internal/cryptocore
parent: 5b2ee48636b4e30db04b123eb0144d1cb78cea6e (diff)
1 files changed, 6 insertions, 9 deletions
diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
index b56f507..369616a 100644
--- a/internal/cryptocore/hkdf.go
+++ b/internal/cryptocore/hkdf.go
@@ -1,10 +1,9 @@
 package cryptocore
 
 import (
+	"crypto/hkdf"
 	"crypto/sha256"
 	"log"
-
-	"golang.org/x/crypto/hkdf"
 )
 
 const (
@@ -19,12 +18,10 @@ const (
 // hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
 // HKDF-SHA256 (RFC 5869).
 // It returns the derived bytes or panics.
-func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
-	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
-	out = make([]byte, outLen)
-	n, err := h.Read(out)
-	if n != outLen || err != nil {
-		log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
+func hkdfDerive(masterkey []byte, info string, outLen int) []byte {
+	key, err := hkdf.Key(sha256.New, masterkey, nil, info, outLen)
+	if err != nil {
+		log.Panicf("hkdfDerive: hkdf failed with error: %v", err)
 	}
-	return out
+	return key
 }
author	DMyachin	2026-01-07 20:47:26 +0300
committer	rfjakob	2026-01-07 21:59:39 +0100
commit	c9cf6f1f8a5b90c9cb70ed19f8c8426dc2655c9d (patch)
tree	cf1219b7752796613340bd83cf3fb640469a5a5c /internal/cryptocore
parent	5b2ee48636b4e30db04b123eb0144d1cb78cea6e (diff)