diff --git a/lib/accelerated/intel/aes-x86.c b/lib/accelerated/intel/aes-x86.c
index 6801e7e..ff5b714 100644
--- a/lib/accelerated/intel/aes-x86.c
+++ b/lib/accelerated/intel/aes-x86.c
@@ -40,6 +40,10 @@ struct aes_ctx
   uint8_t iv[16];
 };
 
+#define AESNI_MIN_ALIGN 16
+#define AESNI_ALIGN(x) \
+        ((void *)(((size_t)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
+
 static int
 aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
 {
@@ -69,11 +73,11 @@ aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
   struct aes_ctx *ctx = _ctx;
   int ret;
 
-  ret = aesni_set_encrypt_key (userkey, keysize * 8, &ctx->expanded_key);
+  ret = aesni_set_encrypt_key (userkey, keysize * 8, AESNI_ALIGN(&ctx->expanded_key));
   if (ret != 0)
     return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
 
-  ret = aesni_set_decrypt_key (userkey, keysize * 8, &ctx->expanded_key_dec);
+  ret = aesni_set_decrypt_key (userkey, keysize * 8, AESNI_ALIGN(&ctx->expanded_key_dec));
   if (ret != 0)
     return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
 
@@ -95,7 +99,7 @@ aes_encrypt (void *_ctx, const void *src, size_t src_size,
 {
   struct aes_ctx *ctx = _ctx;
 
-  aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key, ctx->iv, 1);
+  aesni_cbc_encrypt (src, dst, src_size, AESNI_ALIGN(&ctx->expanded_key), ctx->iv, 1);
   return 0;
 }
 
@@ -105,7 +109,7 @@ aes_decrypt (void *_ctx, const void *src, size_t src_size,
 {
   struct aes_ctx *ctx = _ctx;
 
-  aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key_dec, ctx->iv, 0);
+  aesni_cbc_encrypt (src, dst, src_size, AESNI_ALIGN(&ctx->expanded_key_dec), ctx->iv, 0);
 
   return 0;
 }
diff --git a/lib/accelerated/intel/aes-x86.h b/lib/accelerated/intel/aes-x86.h
index 8f49ff3..20a169e 100644
--- a/lib/accelerated/intel/aes-x86.h
+++ b/lib/accelerated/intel/aes-x86.h
@@ -11,10 +11,11 @@ void register_x86_crypto (void);
 # define ALIGN16
 #endif
 
+#define AES_KEY_ALIGN_SIZE 8
 #define AES_MAXNR 14
 typedef struct
 {
-  uint32_t ALIGN16 rd_key[4 * (AES_MAXNR + 1)];
+  uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE];
   int rounds;
 } AES_KEY;