From 6061ec786953f219f91858c0915a29eb386a598f Mon Sep 17 00:00:00 2001
From: Brian Warner <warner@lothar.com>
Date: Wed, 14 Feb 2018 00:45:02 -0800
Subject: [PATCH] _key: note places where we should use eventual-send

This will be necessary to avoid reentrancy hazards, in case the application
code makes other wormhole API calls from the callbacks for
get_unverified_key(), get_verifier(), or get_message().
---
 src/wormhole/_key.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wormhole/_key.py b/src/wormhole/_key.py
index 368090a..3ad3efc 100644
--- a/src/wormhole/_key.py
+++ b/src/wormhole/_key.py
@@ -165,12 +165,17 @@ class _SortedKey(object):
         assert isinstance(msg2, type(b""))
         with self._timing.add("pake2", waiting="crypto"):
             key = self._sp.finish(msg2)
+        # TODO: make B.got_key() an eventual send, since it will fire the
+        # user/application-layer get_unverified_key() Deferred, and if that
+        # calls back into other wormhole APIs, bad things will happen
         self._B.got_key(key)
         phase = "version"
         data_key = derive_phase_key(key, self._side, phase)
         plaintext = dict_to_bytes(self._versions)
         encrypted = encrypt_data(data_key, plaintext)
         self._M.add_message(phase, encrypted)
+        # TODO: R.got_key() needs to be eventual-send too, as it can trigger
+        # app-level got_verifier() and got_message() Deferreds.
         self._R.got_key(key)
 
     S0_know_nothing.upon(got_code, enter=S1_know_code, outputs=[build_pake])