Make read_packet cancel safe.

This places updating the packet counter to after the IO, ensuring it is
only done when all the IO related operations are finished, ensuring no
overcounting.

Author: davidv1992

src/proto.rs

@@ -153,9 +153,6 @@ impl<R: AsyncReadExt + Unpin> DecryptingReader<R> {
         self.decrypted_buf.clear();
         self.unread_start = 0;
 
-        let packet_number = self.packet_number;
-        self.packet_number = self.packet_number.wrapping_add(1);
-
         if let Some((decrypting_key, integrity_key)) = &mut self.decryption_key {
             let block_len = decrypting_key.algorithm().block_len();
 
@@ -193,6 +190,11 @@ impl<R: AsyncReadExt + Unpin> DecryptingReader<R> {
             )
             .await?;
 
+            // Note: this needs to be done AFTER the IO to ensure
+            // this async function is cancel-safe
+            let packet_number = self.packet_number;
+            self.packet_number = self.packet_number.wrapping_add(1);
+
             let update = decrypting_key
                 .update(
                     &self.buf[self.unread_start + block_len
@@ -249,6 +251,10 @@ impl<R: AsyncReadExt + Unpin> DecryptingReader<R> {
             )
             .await?;
 
+            // Note: this needs to be done AFTER the IO to ensure
+            // this async function is cancel-safe
+            self.packet_number = self.packet_number.wrapping_add(1);
+
             let Decoded {
                 value: packet,
                 next,