The implementations of AES-GCM and AES-CCM in cryptosoft don't support
per-op keys (crp_cipher_key), so reject sessions that don't use a
static key for the session.
Hmm, looking at xform_aes_icm.c, it seems that the key schedule can't be safely shared between operations regardless as the iv is stored in the context. What would really be nice would be to store the context on the stack, but otherwise, a per-session mutex should be used to protect the context. Getting a single session to use concurrent operations across threads seems hard, though if GELI ever used ccm or gcm perhaps that could happen. However, given that honoring crp_cipher_key wouldn't make the races "worse", I think it might be better to just add the simple change to support crp_cipher_key instead of this change.