Why crypto in the kernel, not in user space? [LWN.net]

Why crypto in the kernel, not in user space?

Posted May 3, 2026 16:29 UTC (Sun) by marekm (subscriber, #174682)
Parent article: A security bug in AEAD sockets

Does all that crypto API really need to be exposed from the kernel to user space, adding attack surface? Is there any good reason why user space crypto libraries (which wouldn't have access to important kernel data structures like page cache) are not sufficient?

Why crypto in the kernel, not in user space?

Posted May 4, 2026 16:58 UTC (Mon) by neggles (subscriber, #153254) [Link]

it's primarily intended as an interface for some hardware crypto acceleration engines (like AMD's CCP, on systems it works in anyway)

Why crypto in the kernel, not in user space?

Posted May 4, 2026 17:06 UTC (Mon) by mfuzzey (subscriber, #57966) [Link]

I think the reason used to be some hardware crypto accelerators that require a kernel driver to access.

The more modern way of getting hardware accelerated crypto is special CPU instructions (like the ARM cryptographic extensions) which can be used from userspace too.
But a number of older SoCs have crypto accelerators implemented as memory mapped peripheral devices so you need a kernel driver there .

However such things tend to be pretty slow, especially when used from userspace with a context switch involved. Years ago I tested the i.MX53 crypto accelerator from userspace and it was actually slower at most clock frequencies than a pure software userspace implementation. It did have the advantage however of freeing the single core CPU for other things and a small power consumption advantage too.