From d5e9ed3aa9025a3395e4523d0f53fdf050176f9d Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 7 Jun 2021 18:16:15 +0200
Subject: [PATCH] Don't hardcode the HPKE cipher

---
 dnscrypt-proxy/oblivious_doh.go | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/dnscrypt-proxy/oblivious_doh.go b/dnscrypt-proxy/oblivious_doh.go
index 9121a4d4..32a11ae6 100644
--- a/dnscrypt-proxy/oblivious_doh.go
+++ b/dnscrypt-proxy/oblivious_doh.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/subtle"
 	"encoding/binary"
 	"fmt"
@@ -157,12 +155,7 @@ func (q ODoHQuery) decryptResponse(response []byte) ([]byte, error) {
 		return nil, err
 	}
 
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	aesgcm, err := cipher.NewGCM(block)
+	cipher, err := q.suite.NewRawCipher(key)
 	if err != nil {
 		return nil, err
 	}
@@ -175,7 +168,7 @@ func (q ODoHQuery) decryptResponse(response []byte) ([]byte, error) {
 	ct := response[5+int(responseNonceLength):]
 	aad := response[0 : 3+int(responseNonceLength)]
 
-	responsePlaintext, err := aesgcm.Open(nil, nonce, ct, aad)
+	responsePlaintext, err := cipher.Open(nil, nonce, ct, aad)
 	if err != nil {
 		return nil, err
 	}