VIA PadLock support for Linux

VIA PadLock Advanced Cryptography Engine (VIA PadLock ACE) is a technology used in VIA C3 Nehemiah processors that provides very fast hardware encryption and decryption. Although the processors are completely x86-compatible they provide some new instructions for accessing the ACE (xcrypt-group instructions). See the list of available boards.
Check out results of some simple benchmarks.

If you want to be informed about updated patches, new features, etc., you may subscribe to the PadLock mailing list (archive).

More informations about programming for VIA PadLock and its linux support can be found in this article:

[english]  VIA PadLock - Wicked Fast Encryption
[czech]  VIA PadLock - Dabelsky rychle sifrovani


Anyone unable to load PadLock engine in OpenSSL 0.9.8 should apply this patch
Linux kernel 2.6.19 released with full PadLock support, i.e. AES, SHA1, SHA256
SHA1/SHA256 patches for Linux kernels 2.6.16, 2.6.17 and 2.6.18
OpenSSL patch for SHA1/SHA256 support
Up to 6-times faster sha1sum for CPUs with SHA1 hardware support. Download and more information.

Linux Kernel

Kernels 2.6.11 and newer have driver for AES in VIA C3 PadLock out of the box. No need to patch it anymore to get fast AES encryption.

Kernels 2.6.19 and newer have driver for SHA1/SHA256 in VIA C7 PadLock out of the box. No need to patch it anymore to get fast SHA hashing.

VIA C7 processors have extended PadLock engine that supports SHA1 and SHA256 digest algorithms. To get access to superfast SHA-family digests in the Linux kernel apply the following patch. If you're running kernel 2.6.16, 2.6.17 or 2.6.18-rc1 apply the appropriate prereq patch before the padlock-sha patch itself. From 2.6.18-rc2 on there is no need for prereq patch anymore. Kernels 2.6.15 and older are not supported.

PadLock SHA patch for 2.6.16, 2.6.17 and 2.6.18

padlock-sha-complete.diff2014-09-21 13:36, MD5, SHA1, gpg signature
Padlock SHA1 / SHA256 for Linux kernel

prerequisities for Linux kernel before 2.6.18-rc2

padlock-prereq-2.6.18-rc1.diff2014-09-21 13:36, MD5, SHA1, gpg signature
prereq patch for 2.6.18-rc1
padlock-prereq-2.6.17.diff2014-09-21 13:36, MD5, SHA1, gpg signature
prereq patch for 2.6.17
padlock-prereq-2.6.16.diff2014-09-21 13:36, MD5, SHA1, gpg signature
prereq patch for 2.6.16

OpenSSL 0.9.8

OpenSSL provides a standard way to have drivers for hardware crypto engines. The following patches add a new engine called padlock.
OpenSSL 0.9.8 has AES support out of the box. However to use VIA C7 hash engine to speed up SHA1, SHA224 or SHA256 you need the following patch:

openssl-0.9.8b-sha.diff2014-09-21 13:36, MD5, SHA1, gpg signature
SHA1 / SHA224 / SHA256 engine

IMPORTANT: In certain setups most OpenSSL hardware accelerator drivers (so called engines) are compiled as shared modules. Although PadLock engine is always compiled statically OpenSSL core doesn't know that, tries to load it dynamically and fails. That renders PadLock support in OpenSSL 0.9.8 unusable. Please attach the following patch should you encounter any such problems and recompile your openssl library.

openssl-0.9.8-padlock-static.diff2014-09-21 13:36, MD5, SHA1, gpg signature
Initialize PadLock engine statically

Alternatively apply the following two patches instead of the above one to correctly compile the padlock engine into a standalone

openssl098-padlock-shared-move.diff2014-09-21 13:36, MD5, SHA1, gpg signature
Patch to move crypto/engine/eng_padlock.c to engines/e_padlock.c
openssl098-padlock-shared-makefiles.diff2014-09-21 13:36, MD5, SHA1, gpg signature
Update for Makefiles to compile the padlock module as a shared module

OpenSSL 0.9.7

Patches for OpenSSL 0.9.7 to speed up AES128 in ECB, CBC, CFB and OFB modes. Supported is AES128 in ECB, CBC, CFB and OFB modes and AES192/AES256 in ECB and CBC modes.


openssl-0.9.7d-padlock-glue.diff2014-09-21 13:36, MD5, SHA1, gpg signature
- registration of the padlock engine in required places.
openssl-0.9.7d-padlock-engine.diff2014-09-21 13:36, MD5, SHA1, gpg signature
- the engine itself.

Applications using OpenSSL

Applications that use OpenSSL library for their cryptographic needs (such as OpenSSH) must explicitly load the available hardware crypto engines. This can be done with these simple calls during startup of the program:

#include <openssl/engine.h>

int main ()
	/* Init available hardware crypto engines. */

Contributed patches

Following patches add such a support for some popular applications:

Apache 2.2.4
No patch needed, see SSLCryptoDevice directive
(Thx cilly for info)
Postfix 2.3.6
postfix-2.3.6-padlock.diff2014-09-21 13:36
(Thx cilly for contribution)
Courier-imap 4.0.6
courier-imap-4.0.6-padlock.diff2014-09-21 13:36
(Thx cilly for contribution)
LigHTTPd 1.4.13
lighttpd-1.4.13-padlock.diff2014-09-21 13:36
(Thx Michael Baudino for contribution)
OpenSSh 4.5p1
openssh-4.5p1-engines.diff2014-09-21 13:36
(Thx Danielle for contribution)
OpenSSH 3.8p1
openssh-3.8p1-engines.diff2014-09-21 13:36, MD5, SHA1, gpg signature
openssh 4.6p, openssl 0.9.7l, mini_httpd 1.19
(Thx Kristian Kielhofner for contribution)

Once you get bored with patching heaps of client programs have a look at this patch from Cecilia: openssl-0.9.8e-engine.diff2014-09-21 13:36
"The openssl-0.9.8e patch will make the ssl-library to load the padlock engine. This means, if you apply the openssl-0.9.8e patch, you do not have to apply any other patches or modifications, since every time the ssl-library is called, the padlock-engine is initialized by the ssl-library."
In other words - Patch for OpenSSL to always load PadLock engine.


Have you found PadLock support useful? If so please consider making a PayPal donation for author's expenses.


Place for your feedback...
I'm sick of spam, feedback form disabled, send me an email instead. Cheers!