From c9cf6f1f8a5b90c9cb70ed19f8c8426dc2655c9d Mon Sep 17 00:00:00 2001
From: DMyachin
Date: Wed, 7 Jan 2026 20:47:26 +0300
Subject: Update hkdf.go

Use hkdf from stable api instead of eXperimental---
 internal/cryptocore/hkdf.go | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
index b56f507..369616a 100644
--- a/internal/cryptocore/hkdf.go
+++ b/internal/cryptocore/hkdf.go
@@ -1,10 +1,9 @@
 package cryptocore
 
 import (
+	"crypto/hkdf"
 	"crypto/sha256"
 	"log"
-
-	"golang.org/x/crypto/hkdf"
 )
 
 const (
@@ -19,12 +18,10 @@ const (
 // hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
 // HKDF-SHA256 (RFC 5869).
 // It returns the derived bytes or panics.
-func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
-	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
-	out = make([]byte, outLen)
-	n, err := h.Read(out)
-	if n != outLen || err != nil {
-		log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
+func hkdfDerive(masterkey []byte, info string, outLen int) []byte {
+	key, err := hkdf.Key(sha256.New, masterkey, nil, info, outLen)
+	if err != nil {
+		log.Panicf("hkdfDerive: hkdf failed with error: %v", err)
 	}
-	return out
+	return key
 }
-- 
cgit v1.2.3