2 files changed, 8 insertions, 9 deletions

diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
index b56f507..369616a 100644
--- a/internal/cryptocore/hkdf.go
+++ b/internal/cryptocore/hkdf.go
@@ -1,10 +1,9 @@
 package cryptocore
 
 import (
+	"crypto/hkdf"
 	"crypto/sha256"
 	"log"
-
-	"golang.org/x/crypto/hkdf"
 )
 
 const (
@@ -19,12 +18,10 @@ const (
 // hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
 // HKDF-SHA256 (RFC 5869).
 // It returns the derived bytes or panics.
-func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
-	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
-	out = make([]byte, outLen)
-	n, err := h.Read(out)
-	if n != outLen || err != nil {
-		log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
+func hkdfDerive(masterkey []byte, info string, outLen int) []byte {
+	key, err := hkdf.Key(sha256.New, masterkey, nil, info, outLen)
+	if err != nil {
+		log.Panicf("hkdfDerive: hkdf failed with error: %v", err)
 	}
-	return out
+	return key
 }
diff --git a/internal/cryptocore/nonce.go b/internal/cryptocore/nonce.go
index 9df094c..c800807 100644
--- a/internal/cryptocore/nonce.go
+++ b/internal/cryptocore/nonce.go
@@ -11,6 +11,8 @@ func RandBytes(n int) []byte {
 	b := make([]byte, n)
 	_, err := rand.Read(b)
 	if err != nil {
+		// crypto/rand.Read() is documented to never return an
+		// error, so this should never happen. Still, better safe than sorry.
 		log.Panic("Failed to read random bytes: " + err.Error())
 	}
 	return b