diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index c5a2ab9add..536c4c9fc0 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -634,17 +634,6 @@ ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, guint8 ct, guint
 tls13_cipher *
 tls13_cipher_create(guint8 tls13_draft_version, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error);
 
-/*
- * Calculate HKDF-Extract(salt, IKM) -> PRK according to RFC 5869.
- * Caller must ensure that 'prk' is large enough to store the digest.
- */
-static inline gcry_error_t
-hkdf_extract(int algo, const guint8 *salt, size_t salt_len, const guint8 *ikm, size_t ikm_len, guint8 *prk)
-{
-    /* PRK = HMAC-Hash(salt, IKM) where salt is key, and IKM is input. */
-    return ws_hmac_buffer(algo, prk, ikm, ikm_len, salt, salt_len);
-}
-
 
 /* Common part bitween SSL and DTLS dissectors */
 /* Hash Functions for RSA private keys table */
diff --git a/wsutil/wsgcrypt.h b/wsutil/wsgcrypt.h
index 52443bbcff..940006f832 100644
--- a/wsutil/wsgcrypt.h
+++ b/wsutil/wsgcrypt.h
@@ -63,5 +63,17 @@ WS_DLL_PUBLIC gcry_error_t
 hkdf_expand(int hashalgo, const guint8 *prk, guint prk_len, const guint8 *info, guint info_len,
             guint8 *out, guint out_len);
 
+/*
+ * Calculate HKDF-Extract(salt, IKM) -> PRK according to RFC 5869.
+ * Caller MUST ensure that 'prk' is large enough to store the digest from hash
+ * algorithm 'hashalgo' (e.g. 32 bytes for SHA-256).
+ */
+static inline gcry_error_t
+hkdf_extract(int hashalgo, const guint8 *salt, size_t salt_len, const guint8 *ikm, size_t ikm_len, guint8 *prk)
+{
+    /* PRK = HMAC-Hash(salt, IKM) where salt is key, and IKM is input. */
+    return ws_hmac_buffer(hashalgo, prk, ikm, ikm_len, salt, salt_len);
+}
+
 
 #endif /* __WSGCRYPT_H__ */