module: icp: rip out insane crypto_req_handle_t mechanism, inline KM_SLEEP

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #12901
2026-05-22 02:27:36 +03:00 · 2021-12-25 04:34:29 +01:00
parent 15ec086396
commit df7b54f1d9
16 changed files with 187 additions and 339 deletions
@@ -74,33 +74,29 @@ static const crypto_mech_info_t aes_mech_info_tab[] = {
 };

 static int aes_encrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
-    crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_key_t *, crypto_spi_ctx_template_t);
 static int aes_decrypt_init(crypto_ctx_t *, crypto_mechanism_t *,
-    crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_key_t *, crypto_spi_ctx_template_t);
 static int aes_common_init(crypto_ctx_t *, crypto_mechanism_t *,
-    crypto_key_t *, crypto_spi_ctx_template_t, crypto_req_handle_t, boolean_t);
+    crypto_key_t *, crypto_spi_ctx_template_t, boolean_t);
 static int aes_common_init_ctx(aes_ctx_t *, crypto_spi_ctx_template_t *,
    crypto_mechanism_t *, crypto_key_t *, int, boolean_t);
-static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *,
-    crypto_req_handle_t);
-static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *,
-    crypto_req_handle_t);
+static int aes_encrypt_final(crypto_ctx_t *, crypto_data_t *);
+static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *);

-static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
-    crypto_req_handle_t);
+static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *,
-    crypto_data_t *, crypto_req_handle_t);
+    crypto_data_t *);
 static int aes_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-    crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_data_t *, crypto_spi_ctx_template_t);

-static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
-    crypto_req_handle_t);
+static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
 static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *,
-    crypto_data_t *, crypto_req_handle_t);
+    crypto_data_t *);
 static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
-    crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_data_t *, crypto_spi_ctx_template_t);

 static const crypto_cipher_ops_t aes_cipher_ops = {
 	.encrypt_init = aes_encrypt_init,
@@ -117,10 +113,10 @@ static const crypto_cipher_ops_t aes_cipher_ops = {

 static int aes_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);
 static int aes_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);

 static const crypto_mac_ops_t aes_mac_ops = {
 	.mac_init = NULL,
@@ -133,7 +129,7 @@ static const crypto_mac_ops_t aes_mac_ops = {

 static int aes_create_ctx_template(crypto_provider_handle_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
-    size_t *, crypto_req_handle_t);
+    size_t *);
 static int aes_free_context(crypto_ctx_t *);

 static const crypto_ctx_ops_t aes_ctx_ops = {
@@ -188,7 +184,7 @@ aes_mod_fini(void)
 }

 static int
-aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
+aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx)
 {
 	void *p = NULL;
 	boolean_t param_required = B_TRUE;
@@ -230,7 +226,7 @@ aes_check_mech_param(crypto_mechanism_t *mechanism, aes_ctx_t **ctx, int kmflag)
 		rv = CRYPTO_MECHANISM_PARAM_INVALID;
 	}
 	if (ctx != NULL) {
-		p = (alloc_fun)(kmflag);
+		p = (alloc_fun)(KM_SLEEP);
 		*ctx = p;
 	}
 	return (rv);
@@ -257,18 +253,16 @@ init_keysched(crypto_key_t *key, void *newbie)

 static int
 aes_encrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
-    crypto_key_t *key, crypto_spi_ctx_template_t template,
-    crypto_req_handle_t req)
+    crypto_key_t *key, crypto_spi_ctx_template_t template)
 {
-	return (aes_common_init(ctx, mechanism, key, template, req, B_TRUE));
+	return (aes_common_init(ctx, mechanism, key, template, B_TRUE));
 }

 static int
 aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
-    crypto_key_t *key, crypto_spi_ctx_template_t template,
-    crypto_req_handle_t req)
+    crypto_key_t *key, crypto_spi_ctx_template_t template)
 {
-	return (aes_common_init(ctx, mechanism, key, template, req, B_FALSE));
+	return (aes_common_init(ctx, mechanism, key, template, B_FALSE));
 }


@@ -279,18 +273,16 @@ aes_decrypt_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 static int
 aes_common_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_spi_ctx_template_t template,
-    crypto_req_handle_t req, boolean_t is_encrypt_init)
+    boolean_t is_encrypt_init)
 {
 	aes_ctx_t *aes_ctx;
 	int rv;
-	int kmflag;

-	kmflag = crypto_kmflag(req);
-	if ((rv = aes_check_mech_param(mechanism, &aes_ctx, kmflag))
+	if ((rv = aes_check_mech_param(mechanism, &aes_ctx))
 	    != CRYPTO_SUCCESS)
 		return (rv);

-	rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, kmflag,
+	rv = aes_common_init_ctx(aes_ctx, template, mechanism, key, KM_SLEEP,
 	    is_encrypt_init);
 	if (rv != CRYPTO_SUCCESS) {
 		crypto_free_mode_ctx(aes_ctx);
@@ -320,7 +312,7 @@ aes_copy_block64(uint8_t *in, uint64_t *out)

 static int
 aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
-    crypto_data_t *ciphertext, crypto_req_handle_t req)
+    crypto_data_t *ciphertext)
 {
 	int ret = CRYPTO_FAILED;

@@ -372,7 +364,7 @@ aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,
 	/*
 	 * Do an update on the specified input data.
 	 */
-	ret = aes_encrypt_update(ctx, plaintext, ciphertext, req);
+	ret = aes_encrypt_update(ctx, plaintext, ciphertext);
 	if (ret != CRYPTO_SUCCESS) {
 		return (ret);
 	}
@@ -435,7 +427,7 @@ aes_encrypt(crypto_ctx_t *ctx, crypto_data_t *plaintext,

 static int
 aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
-    crypto_data_t *plaintext, crypto_req_handle_t req)
+    crypto_data_t *plaintext)
 {
 	int ret = CRYPTO_FAILED;

@@ -493,7 +485,7 @@ aes_decrypt(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 	/*
 	 * Do an update on the specified input data.
 	 */
-	ret = aes_decrypt_update(ctx, ciphertext, plaintext, req);
+	ret = aes_decrypt_update(ctx, ciphertext, plaintext);
 	if (ret != CRYPTO_SUCCESS) {
 		goto cleanup;
 	}
@@ -549,9 +541,8 @@ cleanup:

 static int
 aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,
-    crypto_data_t *ciphertext, crypto_req_handle_t req)
+    crypto_data_t *ciphertext)
 {
-	(void) req;
 	off_t saved_offset;
 	size_t saved_length, out_len;
 	int ret = CRYPTO_SUCCESS;
@@ -618,7 +609,7 @@ aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext,

 static int
 aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
-    crypto_data_t *plaintext, crypto_req_handle_t req)
+    crypto_data_t *plaintext)
 {
 	off_t saved_offset;
 	size_t saved_length, out_len;
@@ -650,9 +641,6 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 	saved_offset = plaintext->cd_offset;
 	saved_length = plaintext->cd_length;

-	if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE))
-		gcm_set_kmflag((gcm_ctx_t *)aes_ctx, crypto_kmflag(req));
-
 	/*
 	 * Do the AES update on the specified input data.
 	 */
@@ -696,10 +684,8 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext,
 }

 static int
-aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
-    crypto_req_handle_t req)
+aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
 {
-	(void) req;
 	aes_ctx_t *aes_ctx;
 	int ret;

@@ -753,10 +739,8 @@ aes_encrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
 }

 static int
-aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data,
-    crypto_req_handle_t req)
+aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data)
 {
-	(void) req;
 	aes_ctx_t *aes_ctx;
 	int ret;
 	off_t saved_offset;
@@ -859,7 +843,7 @@ static int
 aes_encrypt_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext,
-    crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t template)
 {
 	(void) provider, (void) session_id;
 	aes_ctx_t aes_ctx;	/* on the stack */
@@ -885,13 +869,13 @@ aes_encrypt_atomic(crypto_provider_handle_t provider,
 			return (CRYPTO_DATA_LEN_RANGE);
 	}

-	if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS)
+	if ((ret = aes_check_mech_param(mechanism, NULL)) != CRYPTO_SUCCESS)
 		return (ret);

 	bzero(&aes_ctx, sizeof (aes_ctx_t));

 	ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key,
-	    crypto_kmflag(req), B_TRUE);
+	    KM_SLEEP, B_TRUE);
 	if (ret != CRYPTO_SUCCESS)
 		return (ret);

@@ -995,7 +979,7 @@ static int
 aes_decrypt_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext,
-    crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t template)
 {
 	(void) provider, (void) session_id;
 	aes_ctx_t aes_ctx;	/* on the stack */
@@ -1021,13 +1005,13 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
 			return (CRYPTO_ENCRYPTED_DATA_LEN_RANGE);
 	}

-	if ((ret = aes_check_mech_param(mechanism, NULL, 0)) != CRYPTO_SUCCESS)
+	if ((ret = aes_check_mech_param(mechanism, NULL)) != CRYPTO_SUCCESS)
 		return (ret);

 	bzero(&aes_ctx, sizeof (aes_ctx_t));

 	ret = aes_common_init_ctx(&aes_ctx, template, mechanism, key,
-	    crypto_kmflag(req), B_FALSE);
+	    KM_SLEEP, B_FALSE);
 	if (ret != CRYPTO_SUCCESS)
 		return (ret);

@@ -1057,10 +1041,6 @@ aes_decrypt_atomic(crypto_provider_handle_t provider,
 	saved_offset = plaintext->cd_offset;
 	saved_length = plaintext->cd_length;

-	if (mechanism->cm_type == AES_GCM_MECH_INFO_TYPE ||
-	    mechanism->cm_type == AES_GMAC_MECH_INFO_TYPE)
-		gcm_set_kmflag((gcm_ctx_t *)&aes_ctx, crypto_kmflag(req));
-
 	/*
 	 * Do an update on the specified input data.
 	 */
@@ -1164,7 +1144,7 @@ out:
 static int
 aes_create_ctx_template(crypto_provider_handle_t provider,
    crypto_mechanism_t *mechanism, crypto_key_t *key,
-    crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size)
 {
 	(void) provider;
 	void *keysched;
@@ -1179,8 +1159,7 @@ aes_create_ctx_template(crypto_provider_handle_t provider,
 	    mechanism->cm_type != AES_GMAC_MECH_INFO_TYPE)
 		return (CRYPTO_MECHANISM_INVALID);

-	if ((keysched = aes_alloc_keysched(&size,
-	    crypto_kmflag(req))) == NULL) {
+	if ((keysched = aes_alloc_keysched(&size, KM_SLEEP)) == NULL) {
 		return (CRYPTO_HOST_MEMORY);
 	}

@@ -1342,7 +1321,7 @@ static int
 aes_mac_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
-    crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t template)
 {
 	CK_AES_GCM_PARAMS gcm_params;
 	crypto_mechanism_t gcm_mech;
@@ -1357,14 +1336,14 @@ aes_mac_atomic(crypto_provider_handle_t provider,
 	gcm_mech.cm_param = (char *)&gcm_params;

 	return (aes_encrypt_atomic(provider, session_id, &gcm_mech,
-	    key, &null_crypto_data, mac, template, req));
+	    key, &null_crypto_data, mac, template));
 }

 static int
 aes_mac_verify_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
-    crypto_spi_ctx_template_t template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t template)
 {
 	CK_AES_GCM_PARAMS gcm_params;
 	crypto_mechanism_t gcm_mech;
@@ -1379,5 +1358,5 @@ aes_mac_verify_atomic(crypto_provider_handle_t provider,
 	gcm_mech.cm_param = (char *)&gcm_params;

 	return (aes_decrypt_atomic(provider, session_id, &gcm_mech,
-	    key, mac, &null_crypto_data, template, req));
+	    key, mac, &null_crypto_data, template));
 }
@@ -105,17 +105,12 @@ static const crypto_mech_info_t sha2_mech_info_tab[] = {
 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES}
 };

-static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
-    crypto_req_handle_t);
-static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
-    crypto_req_handle_t);
-static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *,
-    crypto_req_handle_t);
-static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *,
-    crypto_req_handle_t);
+static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
+static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
+static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *);
+static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *);
 static int sha2_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
-    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
-    crypto_req_handle_t);
+    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);

 static const crypto_digest_ops_t sha2_digest_ops = {
 	.digest_init = sha2_digest_init,
@@ -126,16 +121,15 @@ static const crypto_digest_ops_t sha2_digest_ops = {
 };

 static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
-static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *,
-    crypto_req_handle_t);
-static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);
+static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *);
+static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *);
 static int sha2_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);
 static int sha2_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);

 static const crypto_mac_ops_t sha2_mac_ops = {
 	.mac_init = sha2_mac_init,
@@ -148,7 +142,7 @@ static const crypto_mac_ops_t sha2_mac_ops = {

 static int sha2_create_ctx_template(crypto_provider_handle_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
-    size_t *, crypto_req_handle_t);
+    size_t *);
 static int sha2_free_context(crypto_ctx_t *);

 static const crypto_ctx_ops_t sha2_ctx_ops = {
@@ -215,15 +209,13 @@ sha2_mod_fini(void)
 */

 static int
-sha2_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
-    crypto_req_handle_t req)
+sha2_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism)
 {

 	/*
 	 * Allocate and initialize SHA2 context.
 	 */
-	ctx->cc_provider_private = kmem_alloc(sizeof (sha2_ctx_t),
-	    crypto_kmflag(req));
+	ctx->cc_provider_private = kmem_alloc(sizeof (sha2_ctx_t), KM_SLEEP);
 	if (ctx->cc_provider_private == NULL)
 		return (CRYPTO_HOST_MEMORY);

@@ -388,10 +380,8 @@ sha2_digest_final_uio(SHA2_CTX *sha2_ctx, crypto_data_t *digest,
 }

 static int
-sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
-    crypto_req_handle_t req)
+sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest)
 {
-	(void) req;
 	int ret = CRYPTO_SUCCESS;
 	uint_t sha_digest_len;

@@ -476,10 +466,8 @@ sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
 }

 static int
-sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
-    crypto_req_handle_t req)
+sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data)
 {
-	(void) req;
 	int ret = CRYPTO_SUCCESS;

 	ASSERT(ctx->cc_provider_private != NULL);
@@ -505,10 +493,8 @@ sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data,
 }

 static int
-sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
-    crypto_req_handle_t req)
+sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest)
 {
-	(void) req;
 	int ret = CRYPTO_SUCCESS;
 	uint_t sha_digest_len;

@@ -570,10 +556,9 @@ sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest,
 static int
 sha2_digest_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
-    crypto_data_t *data, crypto_data_t *digest,
-    crypto_req_handle_t req)
+    crypto_data_t *data, crypto_data_t *digest)
 {
-	(void) provider, (void) session_id, (void) req;
+	(void) provider, (void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	SHA2_CTX sha2_ctx;
 	uint32_t sha_digest_len;
@@ -709,8 +694,7 @@ sha2_mac_init_ctx(sha2_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes)
 */
 static int
 sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
-    crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
-    crypto_req_handle_t req)
+    crypto_key_t *key, crypto_spi_ctx_template_t ctx_template)
 {
 	int ret = CRYPTO_SUCCESS;
 	uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length);
@@ -737,8 +721,8 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 		return (CRYPTO_MECHANISM_INVALID);
 	}

-	ctx->cc_provider_private = kmem_alloc(sizeof (sha2_hmac_ctx_t),
-	    crypto_kmflag(req));
+	ctx->cc_provider_private =
+	    kmem_alloc(sizeof (sha2_hmac_ctx_t), KM_SLEEP);
 	if (ctx->cc_provider_private == NULL)
 		return (CRYPTO_HOST_MEMORY);

@@ -792,10 +776,8 @@ sha2_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
 }

 static int
-sha2_mac_update(crypto_ctx_t *ctx, crypto_data_t *data,
-    crypto_req_handle_t req)
+sha2_mac_update(crypto_ctx_t *ctx, crypto_data_t *data)
 {
-	(void) req;
 	int ret = CRYPTO_SUCCESS;

 	ASSERT(ctx->cc_provider_private != NULL);
@@ -822,9 +804,8 @@ sha2_mac_update(crypto_ctx_t *ctx, crypto_data_t *data,
 }

 static int
-sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac, crypto_req_handle_t req)
+sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac)
 {
-	(void) req;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	uint32_t digest_len, sha_digest_len;
@@ -938,9 +919,9 @@ static int
 sha2_mac_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
-    crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t ctx_template)
 {
-	(void) provider, (void) session_id, (void) req;
+	(void) provider, (void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	sha2_hmac_ctx_t sha2_hmac_ctx;
@@ -1072,9 +1053,9 @@ static int
 sha2_mac_verify_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
-    crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t ctx_template)
 {
-	(void) provider, (void) session_id, (void) req;
+	(void) provider, (void) session_id;
 	int ret = CRYPTO_SUCCESS;
 	uchar_t digest[SHA512_DIGEST_LENGTH];
 	sha2_hmac_ctx_t sha2_hmac_ctx;
@@ -1247,8 +1228,7 @@ bail:
 static int
 sha2_create_ctx_template(crypto_provider_handle_t provider,
    crypto_mechanism_t *mechanism, crypto_key_t *key,
-    crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
-    crypto_req_handle_t req)
+    crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size)
 {
 	(void) provider;
 	sha2_hmac_ctx_t *sha2_hmac_ctx_tmpl;
@@ -1279,8 +1259,7 @@ sha2_create_ctx_template(crypto_provider_handle_t provider,
 	/*
 	 * Allocate and initialize SHA2 context.
 	 */
-	sha2_hmac_ctx_tmpl = kmem_alloc(sizeof (sha2_hmac_ctx_t),
-	    crypto_kmflag(req));
+	sha2_hmac_ctx_tmpl = kmem_alloc(sizeof (sha2_hmac_ctx_t), KM_SLEEP);
 	if (sha2_hmac_ctx_tmpl == NULL)
 		return (CRYPTO_HOST_MEMORY);

@@ -51,15 +51,12 @@ static const crypto_mech_info_t skein_mech_info_tab[] = {
 	    CRYPTO_KEYSIZE_UNIT_IN_BYTES}
 };

-static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *,
-    crypto_req_handle_t);
-static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *,
-    crypto_req_handle_t);
-static int skein_update(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
-static int skein_final(crypto_ctx_t *, crypto_data_t *, crypto_req_handle_t);
+static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
+static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
+static int skein_update(crypto_ctx_t *, crypto_data_t *);
+static int skein_final(crypto_ctx_t *, crypto_data_t *);
 static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
-    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
-    crypto_req_handle_t);
+    crypto_mechanism_t *, crypto_data_t *, crypto_data_t *);

 static const crypto_digest_ops_t skein_digest_ops = {
 	.digest_init = skein_digest_init,
@@ -70,10 +67,10 @@ static const crypto_digest_ops_t skein_digest_ops = {
 };

 static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);
 static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
-    crypto_spi_ctx_template_t, crypto_req_handle_t);
+    crypto_spi_ctx_template_t);

 static const crypto_mac_ops_t skein_mac_ops = {
 	.mac_init = skein_mac_init,
@@ -86,7 +83,7 @@ static const crypto_mac_ops_t skein_mac_ops = {

 static int skein_create_ctx_template(crypto_provider_handle_t,
    crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *,
-    size_t *, crypto_req_handle_t);
+    size_t *);
 static int skein_free_context(crypto_ctx_t *);

 static const crypto_ctx_ops_t skein_ctx_ops = {
@@ -264,8 +261,7 @@ skein_digest_update_uio(skein_ctx_t *ctx, const crypto_data_t *data)
 * Performs a Final on a context and writes to a uio digest output.
 */
 static int
-skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
-    crypto_req_handle_t req)
+skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest)
 {
 	off_t offset = digest->cd_offset;
 	uint_t vec_idx = 0;
@@ -298,7 +294,7 @@ skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
 		size_t cur_len;

 		digest_tmp = kmem_alloc(CRYPTO_BITS2BYTES(
-		    ctx->sc_digest_bitlen), crypto_kmflag(req));
+		    ctx->sc_digest_bitlen), KM_SLEEP);
 		if (digest_tmp == NULL)
 			return (CRYPTO_HOST_MEMORY);
 		SKEIN_OP(ctx, Final, digest_tmp);
@@ -342,16 +338,14 @@ skein_digest_final_uio(skein_ctx_t *ctx, crypto_data_t *digest,
 * for Skein-1024).
 */
 static int
-skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
-    crypto_req_handle_t req)
+skein_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism)
 {
 	int	error = CRYPTO_SUCCESS;

 	if (!VALID_SKEIN_DIGEST_MECH(mechanism->cm_type))
 		return (CRYPTO_MECHANISM_INVALID);

-	SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
-	    crypto_kmflag(req));
+	SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), KM_SLEEP);
 	if (SKEIN_CTX(ctx) == NULL)
 		return (CRYPTO_HOST_MEMORY);

@@ -376,8 +370,7 @@ errout:
 * see what to pass here.
 */
 static int
-skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
-    crypto_req_handle_t req)
+skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest)
 {
 	int error = CRYPTO_SUCCESS;

@@ -390,7 +383,7 @@ skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
 		return (CRYPTO_BUFFER_TOO_SMALL);
 	}

-	error = skein_update(ctx, data, req);
+	error = skein_update(ctx, data);
 	if (error != CRYPTO_SUCCESS) {
 		bzero(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
 		kmem_free(SKEIN_CTX(ctx), sizeof (*SKEIN_CTX(ctx)));
@@ -398,7 +391,7 @@ skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
 		digest->cd_length = 0;
 		return (error);
 	}
-	error = skein_final(ctx, digest, req);
+	error = skein_final(ctx, digest);

 	return (error);
 }
@@ -409,9 +402,8 @@ skein_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest,
 * Supported input data formats are raw, uio and mblk.
 */
 static int
-skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
+skein_update(crypto_ctx_t *ctx, crypto_data_t *data)
 {
-	(void) req;
 	int error = CRYPTO_SUCCESS;

 	ASSERT(SKEIN_CTX(ctx) != NULL);
@@ -438,7 +430,7 @@ skein_update(crypto_ctx_t *ctx, crypto_data_t *data, crypto_req_handle_t req)
 * Supported output digest formats are raw, uio and mblk.
 */
 static int
-skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
+skein_final(crypto_ctx_t *ctx, crypto_data_t *digest)
 {
 	int error = CRYPTO_SUCCESS;

@@ -457,7 +449,7 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
 		    (uint8_t *)digest->cd_raw.iov_base + digest->cd_offset);
 		break;
 	case CRYPTO_DATA_UIO:
-		error = skein_digest_final_uio(SKEIN_CTX(ctx), digest, req);
+		error = skein_digest_final_uio(SKEIN_CTX(ctx), digest);
 		break;
 	default:
 		error = CRYPTO_ARGUMENTS_BAD;
@@ -485,9 +477,9 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest, crypto_req_handle_t req)
 static int
 skein_digest_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
-    crypto_data_t *data, crypto_data_t *digest, crypto_req_handle_t req)
+    crypto_data_t *data, crypto_data_t *digest)
 {
-	(void) provider, (void) session_id, (void) req;
+	(void) provider, (void) session_id;
 	int	 error;
 	skein_ctx_t skein_ctx;
 	crypto_ctx_t ctx;
@@ -502,9 +494,9 @@ skein_digest_atomic(crypto_provider_handle_t provider,
 		goto out;
 	SKEIN_OP(&skein_ctx, Init, skein_ctx.sc_digest_bitlen);

-	if ((error = skein_update(&ctx, data, digest)) != CRYPTO_SUCCESS)
+	if ((error = skein_update(&ctx, data)) != CRYPTO_SUCCESS)
 		goto out;
-	if ((error = skein_final(&ctx, data, digest)) != CRYPTO_SUCCESS)
+	if ((error = skein_final(&ctx, data)) != CRYPTO_SUCCESS)
 		goto out;

 out:
@@ -553,13 +545,11 @@ skein_mac_ctx_build(skein_ctx_t *ctx, crypto_mechanism_t *mechanism,
 */
 static int
 skein_mac_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism,
-    crypto_key_t *key, crypto_spi_ctx_template_t ctx_template,
-    crypto_req_handle_t req)
+    crypto_key_t *key, crypto_spi_ctx_template_t ctx_template)
 {
 	int	error;

-	SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)),
-	    crypto_kmflag(req));
+	SKEIN_CTX_LVALUE(ctx) = kmem_alloc(sizeof (*SKEIN_CTX(ctx)), KM_SLEEP);
 	if (SKEIN_CTX(ctx) == NULL)
 		return (CRYPTO_HOST_MEMORY);

@@ -592,7 +582,7 @@ static int
 skein_mac_atomic(crypto_provider_handle_t provider,
    crypto_session_id_t session_id, crypto_mechanism_t *mechanism,
    crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac,
-    crypto_spi_ctx_template_t ctx_template, crypto_req_handle_t req)
+    crypto_spi_ctx_template_t ctx_template)
 {
 	/* faux crypto context just for skein_digest_{update,final} */
 	(void) provider, (void) session_id;
@@ -609,9 +599,9 @@ skein_mac_atomic(crypto_provider_handle_t provider,
 			goto errout;
 	}

-	if ((error = skein_update(&ctx, data, req)) != CRYPTO_SUCCESS)
+	if ((error = skein_update(&ctx, data)) != CRYPTO_SUCCESS)
 		goto errout;
-	if ((error = skein_final(&ctx, mac, req)) != CRYPTO_SUCCESS)
+	if ((error = skein_final(&ctx, mac)) != CRYPTO_SUCCESS)
 		goto errout;

 	return (CRYPTO_SUCCESS);
@@ -632,14 +622,13 @@ errout:
 static int
 skein_create_ctx_template(crypto_provider_handle_t provider,
    crypto_mechanism_t *mechanism, crypto_key_t *key,
-    crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size,
-    crypto_req_handle_t req)
+    crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size)
 {
 	(void) provider;
 	int	 error;
 	skein_ctx_t *ctx_tmpl;

-	ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), crypto_kmflag(req));
+	ctx_tmpl = kmem_alloc(sizeof (*ctx_tmpl), KM_SLEEP);
 	if (ctx_tmpl == NULL)
 		return (CRYPTO_HOST_MEMORY);
 	error = skein_mac_ctx_build(ctx_tmpl, mechanism, key);