diff --git a/spec/unit/crypto/algorithms/megolm.spec.js b/spec/unit/crypto/algorithms/megolm.spec.js
index f83307612..7f86f86ff 100644
--- a/spec/unit/crypto/algorithms/megolm.spec.js
+++ b/spec/unit/crypto/algorithms/megolm.spec.js
@@ -120,29 +120,32 @@ describe("MegolmDecryption", function() {
                 },
             };
 
-            expect(megolmDecryption.hasKeysForKeyRequest(keyRequest))
-                .toBe(true);
+            return megolmDecryption.hasKeysForKeyRequest(
+                keyRequest,
+            ).then((hasKeys) => {
+                expect(hasKeys).toBe(true);
 
-            // set up some pre-conditions for the share call
-            const deviceInfo = {};
-            mockCrypto.getStoredDevice.andReturn(deviceInfo);
+                // set up some pre-conditions for the share call
+                const deviceInfo = {};
+                mockCrypto.getStoredDevice.andReturn(deviceInfo);
 
-            const awaitEnsureSessions = new Promise((res, rej) => {
-                mockOlmLib.ensureOlmSessionsForDevices.andCall(() => {
-                    res();
-                    return Promise.resolve({'@alice:foo': {'alidevice': {
-                        sessionId: 'alisession',
-                    }}});
+                const awaitEnsureSessions = new Promise((res, rej) => {
+                    mockOlmLib.ensureOlmSessionsForDevices.andCall(() => {
+                        res();
+                        return Promise.resolve({'@alice:foo': {'alidevice': {
+                            sessionId: 'alisession',
+                        }}});
+                    });
                 });
-            });
 
-            mockBaseApis.sendToDevice = expect.createSpy();
+                mockBaseApis.sendToDevice = expect.createSpy();
 
-            // do the share
-            megolmDecryption.shareKeysWithDevice(keyRequest);
+                // do the share
+                megolmDecryption.shareKeysWithDevice(keyRequest);
 
-            // it's asynchronous, so we have to wait a bit
-            return awaitEnsureSessions.then(() => {
+                // it's asynchronous, so we have to wait a bit
+                return awaitEnsureSessions;
+            }).then(() => {
                 // check that it called encryptMessageForDevice with
                 // appropriate args.
                 expect(mockOlmLib.encryptMessageForDevice.calls.length)
diff --git a/src/crypto/DeviceList.js b/src/crypto/DeviceList.js
index 9a54b6346..fc938c33f 100644
--- a/src/crypto/DeviceList.js
+++ b/src/crypto/DeviceList.js
@@ -462,7 +462,7 @@ class DeviceListUpdateSerialiser {
             let prom = Promise.resolve();
             for (const userId of downloadUsers) {
                 prom = prom.delay(5).then(() => {
-                    this._processQueryResponseForUser(userId, dk[userId]);
+                    return this._processQueryResponseForUser(userId, dk[userId]);
                 });
             }
 
@@ -486,7 +486,7 @@ class DeviceListUpdateSerialiser {
         return deferred.promise;
     }
 
-    _processQueryResponseForUser(userId, response) {
+    async _processQueryResponseForUser(userId, response) {
         console.log('got keys for ' + userId + ':', response);
 
         // map from deviceid -> deviceinfo for this user
@@ -499,7 +499,7 @@ class DeviceListUpdateSerialiser {
             });
         }
 
-        _updateStoredDeviceKeysForUser(
+        await _updateStoredDeviceKeysForUser(
             this._olmDevice, userId, userStore, response || {},
         );
 
@@ -516,7 +516,7 @@ class DeviceListUpdateSerialiser {
 }
 
 
-function _updateStoredDeviceKeysForUser(_olmDevice, userId, userStore,
+async function _updateStoredDeviceKeysForUser(_olmDevice, userId, userStore,
         userResult) {
     let updated = false;
 
@@ -554,7 +554,7 @@ function _updateStoredDeviceKeysForUser(_olmDevice, userId, userStore,
             continue;
         }
 
-        if (_storeDeviceKeys(_olmDevice, userStore, deviceResult)) {
+        if (await _storeDeviceKeys(_olmDevice, userStore, deviceResult)) {
             updated = true;
         }
     }
@@ -565,9 +565,9 @@ function _updateStoredDeviceKeysForUser(_olmDevice, userId, userStore,
 /*
  * Process a device in a /query response, and add it to the userStore
  *
- * returns true if a change was made, else false
+ * returns (a promise for) true if a change was made, else false
  */
- function _storeDeviceKeys(_olmDevice, userStore, deviceResult) {
+async function _storeDeviceKeys(_olmDevice, userStore, deviceResult) {
     if (!deviceResult.keys) {
         // no keys?
         return false;
diff --git a/src/crypto/algorithms/base.js b/src/crypto/algorithms/base.js
index 661455070..15f8aed25 100644
--- a/src/crypto/algorithms/base.js
+++ b/src/crypto/algorithms/base.js
@@ -20,6 +20,8 @@ limitations under the License.
  * @module
  */
 
+import Promise from 'bluebird';
+
 /**
  * map of registered encryption algorithm classes. A map from string to {@link
  * module:crypto/algorithms/base.EncryptionAlgorithm|EncryptionAlgorithm} class
@@ -143,11 +145,11 @@ class DecryptionAlgorithm {
      * Determine if we have the keys necessary to respond to a room key request
      *
      * @param {module:crypto~IncomingRoomKeyRequest} keyRequest
-     * @return {boolean} true if we have the keys and could (theoretically) share
+     * @return {Promise<boolean>} true if we have the keys and could (theoretically) share
      *  them; else false.
      */
     hasKeysForKeyRequest(keyRequest) {
-        return false;
+        return Promise.resolve(false);
     }
 
     /**
diff --git a/src/crypto/algorithms/megolm.js b/src/crypto/algorithms/megolm.js
index 9f630327f..0ba1e2dec 100644
--- a/src/crypto/algorithms/megolm.js
+++ b/src/crypto/algorithms/megolm.js
@@ -166,7 +166,7 @@ MegolmEncryption.prototype._ensureOutboundSession = function(devicesInRoom) {
     // Updates `session` to hold the final OutboundSessionInfo.
     //
     // returns a promise which resolves once the keyshare is successful.
-    function prepareSession(oldSession) {
+    async function prepareSession(oldSession) {
         session = oldSession;
 
         // need to make a brand new session?
@@ -184,7 +184,7 @@ MegolmEncryption.prototype._ensureOutboundSession = function(devicesInRoom) {
 
         if (!session) {
             console.log(`Starting new megolm session for room ${self._roomId}`);
-            session = self._prepareNewSession();
+            session = await self._prepareNewSession();
         }
 
         // now check if we need to share with any devices
@@ -245,7 +245,7 @@ MegolmEncryption.prototype._ensureOutboundSession = function(devicesInRoom) {
  *
  * @return {module:crypto/algorithms/megolm.OutboundSessionInfo} session
  */
-MegolmEncryption.prototype._prepareNewSession = function() {
+MegolmEncryption.prototype._prepareNewSession = async function() {
     const sessionId = this._olmDevice.createOutboundGroupSession();
     const key = this._olmDevice.getOutboundGroupSessionKey(sessionId);
 
@@ -539,16 +539,14 @@ utils.inherits(MegolmDecryption, base.DecryptionAlgorithm);
  * `algorithms.DecryptionError` if there is a problem decrypting the event.
  */
 MegolmDecryption.prototype.decryptEvent = function(event) {
-    return Promise.try(() => {
-        this._decryptEvent(event, true);
-    });
+    return this._decryptEvent(event, true);
 };
 
 
 // helper for the real decryptEvent and for _retryDecryption. If
 // requestKeysOnFail is true, we'll send an m.room_key_request when we fail
 // to decrypt the event due to missing megolm keys.
-MegolmDecryption.prototype._decryptEvent = function(event, requestKeysOnFail) {
+MegolmDecryption.prototype._decryptEvent = async function(event, requestKeysOnFail) {
     const content = event.getWireContent();
 
     if (!content.sender_key || !content.session_id ||
@@ -725,7 +723,7 @@ MegolmDecryption.prototype.onRoomKeyEvent = function(event) {
 /**
  * @inheritdoc
  */
-MegolmDecryption.prototype.hasKeysForKeyRequest = function(keyRequest) {
+MegolmDecryption.prototype.hasKeysForKeyRequest = async function(keyRequest) {
     const body = keyRequest.requestBody;
 
     return this._olmDevice.hasInboundSessionKeys(
diff --git a/src/crypto/algorithms/olm.js b/src/crypto/algorithms/olm.js
index 26f2dd4b3..c27e519a7 100644
--- a/src/crypto/algorithms/olm.js
+++ b/src/crypto/algorithms/olm.js
@@ -176,7 +176,7 @@ OlmDecryption.prototype.decryptEvent = async function(event) {
     let payloadString;
 
     try {
-        payloadString = this._decryptMessage(deviceKey, message);
+        payloadString = await this._decryptMessage(deviceKey, message);
     } catch (e) {
         throw new base.DecryptionError(
             "Bad Encrypted Message", {
@@ -239,7 +239,9 @@ OlmDecryption.prototype.decryptEvent = async function(event) {
  *
  * @return {string} payload, if decrypted successfully.
  */
-OlmDecryption.prototype._decryptMessage = function(theirDeviceIdentityKey, message) {
+OlmDecryption.prototype._decryptMessage = async function(
+    theirDeviceIdentityKey, message,
+) {
     const sessionIds = this._olmDevice.getSessionIdsForDevice(theirDeviceIdentityKey);
 
     // try each session in turn.
diff --git a/src/crypto/index.js b/src/crypto/index.js
index eb3723fe5..6c28bce3f 100644
--- a/src/crypto/index.js
+++ b/src/crypto/index.js
@@ -1131,7 +1131,7 @@ Crypto.prototype._processReceivedRoomKeyRequest = async function(req) {
         return;
     }
 
-    if (!decryptor.hasKeysForKeyRequest(req)) {
+    if (!await decryptor.hasKeysForKeyRequest(req)) {
         console.log(
             `room key request for unknown session ${roomId} / ` +
                 body.session_id,