crypto/internal/hpke: replace x/crypto/hkdf with crypto/internal/fips/hkdf

Change-Id: Id69e8e3a7dd61ca33489140eb76771b176a9ea4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/629057
Reviewed-by: Russ Cox <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
TryBot-Bypass: Filippo Valsorda <[email protected]>
Commit-Queue: Filippo Valsorda <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>

Author: FiloSottile

src/crypto/internal/hpke/hpke.go

@@ -9,13 +9,13 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/ecdh"
+	"crypto/internal/fips/hkdf"
 	"crypto/rand"
 	"errors"
 	"internal/byteorder"
 	"math/bits"
 
 	"golang.org/x/crypto/chacha20poly1305"
-	"golang.org/x/crypto/hkdf"
 )
 
 // testingOnlyGenerateKey is only used during testing, to provide
@@ -42,12 +42,7 @@ func (kdf *hkdfKDF) LabeledExpand(suiteID []byte, randomKey []byte, label string
 	labeledInfo = append(labeledInfo, suiteID...)
 	labeledInfo = append(labeledInfo, label...)
 	labeledInfo = append(labeledInfo, info...)
-	out := make([]byte, length)
-	n, err := hkdf.Expand(kdf.hash.New, randomKey, labeledInfo).Read(out)
-	if err != nil || n != int(length) {
-		panic("hpke: LabeledExpand failed unexpectedly")
-	}
-	return out
+	return hkdf.Expand(kdf.hash.New, randomKey, labeledInfo, int(length))
 }
 
 // dhKEM implements the KEM specified in RFC 9180, Section 4.1.

src/go/build/deps_test.go

@@ -551,7 +551,6 @@ var depsRules = `
 	< golang.org/x/crypto/chacha20
 	< golang.org/x/crypto/internal/poly1305
 	< golang.org/x/crypto/chacha20poly1305
-	< golang.org/x/crypto/hkdf
 	< crypto/internal/hpke
 	< crypto/x509/internal/macos
 	< crypto/x509/pkix;

src/vendor/golang.org/x/crypto/hkdf/hkdf.go

@@ -4,7 +4,6 @@ golang.org/x/crypto/chacha20
 golang.org/x/crypto/chacha20poly1305
 golang.org/x/crypto/cryptobyte
 golang.org/x/crypto/cryptobyte/asn1
-golang.org/x/crypto/hkdf
 golang.org/x/crypto/internal/alias
 golang.org/x/crypto/internal/poly1305
 # golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd