A set of 36 patches sent out overnight is making big improvements to the Linux kernel’s AES library. The patches allow for making use of the kernel’s existing architecture-optimized AES code for better performance, that code is also constant-time, lower memory use, and all-around a nice improvement over the status quo.
Google engineer Eric Biggers has been responsible for many very nice Linux x86_64 performance optimizations in recent years around the kernel’s crytographic “crypto” subsystem. His latest work for kicking off 2026 is enhancing the Advanced Encryption Standard (AES) cipher library code.
Biggers explained of the work with the new patch series:
“This series makes three main improvements to the kernel’s AES library:
1. Make it use the kernel’s existing architecture-optimized AES code, including AES instructions, when available. Previously, only the traditional crypto API gave access to the optimized AES code. (As a reminder, AES instructions typically make AES over 10 times as fast as the generic code. They also make it constant-time.)
2. Support preparing an AES key for only the forward direction of the block cipher, using about half as much memory. This is a helpful optimization for many common AES modes of operation. It also helps keep structs small enough to be allocated on the stack, especially considering potential future library APIs for AES modes.
3. Replace the library’s generic AES implementation with a much faster one that is almost as fast as “aes-generic”, while still keeping the table size reasonably small and maintaining some constant-time hardening. This allows removing “aes-generic”, unifying the current two generic AES implementations in the kernel tree.”
Those wishing to learn more can see this 36 patch series now out for review on the Linux kernel mailing list.
