use the golang/x/crypto ChaCha20 implementation

https://go-review.googlesource.com/c/crypto/+/206638 added the
SetCounter method required for QUIC's header protection.

internal/handshake/header_protector.go

@@ -4,9 +4,11 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"encoding/binary"
 	"fmt"
 
-	"github.com/marten-seemann/chacha20"
+	"golang.org/x/crypto/chacha20"
+
 	"github.com/marten-seemann/qtls"
 )
 
@@ -75,7 +77,6 @@ type chachaHeaderProtector struct {
 	mask [5]byte
 
 	key          [32]byte
-	sampleBuf    [16]byte
 	isLongHeader bool
 }
 
@@ -117,14 +118,18 @@ func (p *chachaHeaderProtector) EncryptHeader(sample []byte, firstByte *byte, hd
 }
 
 func (p *chachaHeaderProtector) apply(sample []byte, firstByte *byte, hdrBytes []byte) {
-	if len(sample) < len(p.mask) {
+	if len(sample) != 16 {
 		panic("invalid sample size")
 	}
 	for i := 0; i < 5; i++ {
 		p.mask[i] = 0
 	}
-	copy(p.sampleBuf[:], sample)
-	chacha20.XORKeyStream(p.mask[:], p.mask[:], &p.sampleBuf, &p.key)
+	cipher, err := chacha20.NewUnauthenticatedCipher(p.key[:], sample[4:])
+	if err != nil {
+		panic(err)
+	}
+	cipher.SetCounter(binary.BigEndian.Uint32(sample[4:]))
+	cipher.XORKeyStream(p.mask[:], p.mask[:])
 	p.applyMask(firstByte, hdrBytes)
 }