mbox series

[v2,00/15] crypto: add raw vector support in DPAAx

Message ID 20210907075957.28848-1-hemant.agrawal@nxp.com
Headers show
Series crypto: add raw vector support in DPAAx | expand

Message

Hemant Agrawal Sept. 7, 2021, 7:59 a.m. UTC
This patch series adds support for raw vector API in dpaax_sec drivers
This also enhances the raw vector APIs to support OOP and security
protocol support.

v2: fix aesni compilation and add release notes.

Gagandeep Singh (11):
  crypto: add total raw buffer length
  crypto: fix raw process for multi-seg case
  crypto/dpaa2_sec: support raw datapath APIs
  crypto/dpaa2_sec: support AUTH only with raw buffer APIs
  crypto/dpaa2_sec: support AUTHENC with raw buffer APIs
  crypto/dpaa2_sec: support AEAD with raw buffer APIs
  crypto/dpaa2_sec: support OOP with raw buffer API
  crypto/dpaa2_sec: enhance error checks with raw buffer APIs
  crypto/dpaa_sec: support raw datapath APIs
  crypto/dpaa_sec: support authonly and chain with raw APIs
  crypto/dpaa_sec: support AEAD and proto with raw APIs

Hemant Agrawal (4):
  crypto: change sgl to src_sgl in vector
  crypto: add dest_sgl in raw vector APIs
  test/crypto: add raw API test for dpaax
  test/crypto: add raw API support in 5G algos

 app/test/test_cryptodev.c                   |  179 +++-
 doc/guides/rel_notes/release_21_11.rst      |    8 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    |   12 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |    6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |   13 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   |   82 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 1045 ++++++++++++++++++
 drivers/crypto/dpaa2_sec/meson.build        |    3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c          |   23 +-
 drivers/crypto/dpaa_sec/dpaa_sec.h          |   40 +-
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c   | 1052 +++++++++++++++++++
 drivers/crypto/dpaa_sec/meson.build         |    4 +-
 drivers/crypto/qat/qat_sym_hw_dp.c          |   27 +-
 lib/cryptodev/rte_crypto_sym.h              |   13 +-
 lib/ipsec/misc.h                            |    4 +-
 15 files changed, 2407 insertions(+), 104 deletions(-)
 create mode 100644 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
 create mode 100644 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c

-- 
2.17.1

Comments

Troy, Rebecca Sept. 15, 2021, 4:01 p.m. UTC | #1
-----Original Message-----
From: dev <dev-bounces@dpdk.org> On Behalf Of Hemant Agrawal

Sent: Tuesday 7 September 2021 09:00
To: dev@dpdk.org; gakhil@marvell.com
Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>
Subject: [dpdk-dev] [PATCH v2 00/15] crypto: add raw vector support in DPAAx

This patch series adds support for raw vector API in dpaax_sec drivers This also enhances the raw vector APIs to support OOP and security protocol support.

v2: fix aesni compilation and add release notes.

Gagandeep Singh (11):
  crypto: add total raw buffer length
  crypto: fix raw process for multi-seg case
  crypto/dpaa2_sec: support raw datapath APIs
  crypto/dpaa2_sec: support AUTH only with raw buffer APIs
  crypto/dpaa2_sec: support AUTHENC with raw buffer APIs
  crypto/dpaa2_sec: support AEAD with raw buffer APIs
  crypto/dpaa2_sec: support OOP with raw buffer API
  crypto/dpaa2_sec: enhance error checks with raw buffer APIs
  crypto/dpaa_sec: support raw datapath APIs
  crypto/dpaa_sec: support authonly and chain with raw APIs
  crypto/dpaa_sec: support AEAD and proto with raw APIs

Hemant Agrawal (4):
  crypto: change sgl to src_sgl in vector
  crypto: add dest_sgl in raw vector APIs
  test/crypto: add raw API test for dpaax
  test/crypto: add raw API support in 5G algos

 app/test/test_cryptodev.c                   |  179 +++-
 doc/guides/rel_notes/release_21_11.rst      |    8 +
 drivers/crypto/aesni_gcm/aesni_gcm_pmd.c    |   12 +-
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c  |    6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |   13 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   |   82 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 1045 ++++++++++++++++++
 drivers/crypto/dpaa2_sec/meson.build        |    3 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c          |   23 +-
 drivers/crypto/dpaa_sec/dpaa_sec.h          |   40 +-
 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c   | 1052 +++++++++++++++++++
 drivers/crypto/dpaa_sec/meson.build         |    4 +-
 drivers/crypto/qat/qat_sym_hw_dp.c          |   27 +-
 lib/cryptodev/rte_crypto_sym.h              |   13 +-
 lib/ipsec/misc.h                            |    4 +-
 15 files changed, 2407 insertions(+), 104 deletions(-)  create mode 100644 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
 create mode 100644 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c

--
2.17.1

Series-acked-by: Rebecca Troy <rebecca.troy@intel.com>
Zhang, Roy Fan Oct. 14, 2021, 12:39 p.m. UTC | #2
Hi Hemant,

I still think it is enough to use rte_crypto_vec as well as 
rte_crypto_sym_ofs is enough to describe the data including both the data
and aad.

Imagine 2 10 bytes segments case, encryption/hash size of 12 and aad of 8.
We will have 
struct rte_crypto_vec sgl[2] = {{.base = x, .len = 10}, {.base = y, .len = 10}};
union rte_crypto_sym_ofs ofs  = {.cipher.head = 0, .cipher.tail = 8, .auth.head = 0, .auth.tail = 8};

The driver shall understand there are 8 bytes not included for cipher/auth.

Regards,
Fan

> -----Original Message-----

> From: Hemant Agrawal <hemant.agrawal@nxp.com>

> Sent: Wednesday, October 13, 2021 8:00 PM

> To: dev@dpdk.org; gakhil@marvell.com

> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Roy Fan

> <roy.fan.zhang@intel.com>; Gagandeep Singh <g.singh@nxp.com>

> Subject: [PATCH v4 02/15] crypto: add total raw buffer length

> 

> From: Gagandeep Singh <g.singh@nxp.com>

> 

> The current crypto raw data vectors is extended to support

> rte_security usecases, where we need total data length to know

> how much additional memory space is available in buffer other

> than data length so that driver/HW can write expanded size

> data after encryption.

> 

> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>

> Acked-by: Akhil Goyal <gakhil@marvell.com>

> ---

>  doc/guides/rel_notes/deprecation.rst | 7 -------

>  lib/cryptodev/rte_crypto_sym.h       | 7 +++++++

>  2 files changed, 7 insertions(+), 7 deletions(-)

> 

> diff --git a/doc/guides/rel_notes/deprecation.rst

> b/doc/guides/rel_notes/deprecation.rst

> index a4e86b31f5..53155459a0 100644

> --- a/doc/guides/rel_notes/deprecation.rst

> +++ b/doc/guides/rel_notes/deprecation.rst

> @@ -188,13 +188,6 @@ Deprecation Notices

>    This field will be null for inplace processing.

>    This change is targeted for DPDK 21.11.

> 

> -* cryptodev: The structure ``rte_crypto_vec`` would be updated to add

> -  ``tot_len`` to support total buffer length.

> -  This is required for security cases like IPsec and PDCP encryption offload

> -  to know how much additional memory space is available in buffer other

> than

> -  data length so that driver/HW can write expanded size data after

> encryption.

> -  This change is targeted for DPDK 21.11.

> -

>  * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and

>    ``rte_cryptodev_asym_session`` to remove unnecessary indirection

> between

>    session and the private data of session. An opaque pointer can be exposed

> diff --git a/lib/cryptodev/rte_crypto_sym.h

> b/lib/cryptodev/rte_crypto_sym.h

> index dcc0bd5933..6be283e83c 100644

> --- a/lib/cryptodev/rte_crypto_sym.h

> +++ b/lib/cryptodev/rte_crypto_sym.h

> @@ -37,6 +37,8 @@ struct rte_crypto_vec {

>  	rte_iova_t iova;

>  	/** length of the data buffer */

>  	uint32_t len;

> +	/** total buffer length */

> +	uint32_t tot_len;

>  };

> 

>  /**

> @@ -980,12 +982,14 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf

> *mb, uint32_t ofs, uint32_t len,

>  	seglen = mb->data_len - ofs;

>  	if (len <= seglen) {

>  		vec[0].len = len;

> +		vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)

> - ofs;

>  		return 1;

>  	}

> 

>  	/* data spread across segments */

>  	vec[0].len = seglen;

>  	left = len - seglen;

> +	vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;

>  	for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) {

> 

>  		vec[i].base = rte_pktmbuf_mtod(nseg, void *);

> @@ -995,6 +999,8 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb,

> uint32_t ofs, uint32_t len,

>  		if (left <= seglen) {

>  			/* whole requested data is completed */

>  			vec[i].len = left;

> +			vec[i].tot_len = mb->buf_len -

> rte_pktmbuf_headroom(mb)

> +					- ofs;

>  			left = 0;

>  			break;

>  		}

> @@ -1002,6 +1008,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf

> *mb, uint32_t ofs, uint32_t len,

>  		/* use whole segment */

>  		vec[i].len = seglen;

>  		left -= seglen;

> +		vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)

> - ofs;

>  	}

> 

>  	RTE_ASSERT(left == 0);

> --

> 2.17.1
Ananyev, Konstantin Oct. 15, 2021, 5:39 p.m. UTC | #3
> 

> From: Gagandeep Singh <g.singh@nxp.com>

> 

> If no next segment available the “for” loop will fail and it still

> returns i+1 i.e. 2, which is wrong as it has filled only 1 buffer.

> 

> Fixes: 7adf992fb9bf ("cryptodev: introduce CPU crypto API")

> Cc: marcinx.smoczynski@intel.com

> Cc: stable@dpdk.org

> 

> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>

> ---

>  lib/cryptodev/rte_crypto_sym.h | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)

> 

> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h

> index b6a229e263..dc88ad6dcc 100644

> --- a/lib/cryptodev/rte_crypto_sym.h

> +++ b/lib/cryptodev/rte_crypto_sym.h

> @@ -1004,6 +1004,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len,

>  			vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)

>  					- ofs;

>  			left = 0;

> +			i++;

>  			break;

>  		}

> 

> @@ -1014,7 +1015,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len,

>  	}

> 

>  	RTE_ASSERT(left == 0);

> -	return i + 1;

> +	return i;

>  }

> 

> 

> --


Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>


> 2.17.1
Ananyev, Konstantin Oct. 15, 2021, 5:45 p.m. UTC | #4
> The current crypto raw data vectors is extended to support

> rte_security usecases, where we need total data length to know

> how much additional memory space is available in buffer other

> than data length so that driver/HW can write expanded size

> data after encryption.

> 

> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>

> Acked-by: Akhil Goyal <gakhil@marvell.com>

> ---

>  doc/guides/rel_notes/deprecation.rst | 7 -------

>  lib/cryptodev/rte_crypto_sym.h       | 7 +++++++

>  2 files changed, 7 insertions(+), 7 deletions(-)

> 

> diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst

> index a4e86b31f5..53155459a0 100644

> --- a/doc/guides/rel_notes/deprecation.rst

> +++ b/doc/guides/rel_notes/deprecation.rst

> @@ -188,13 +188,6 @@ Deprecation Notices

>    This field will be null for inplace processing.

>    This change is targeted for DPDK 21.11.

> 

> -* cryptodev: The structure ``rte_crypto_vec`` would be updated to add

> -  ``tot_len`` to support total buffer length.

> -  This is required for security cases like IPsec and PDCP encryption offload

> -  to know how much additional memory space is available in buffer other than

> -  data length so that driver/HW can write expanded size data after encryption.

> -  This change is targeted for DPDK 21.11.

> -

>  * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and

>    ``rte_cryptodev_asym_session`` to remove unnecessary indirection between

>    session and the private data of session. An opaque pointer can be exposed

> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h

> index dcc0bd5933..6be283e83c 100644

> --- a/lib/cryptodev/rte_crypto_sym.h

> +++ b/lib/cryptodev/rte_crypto_sym.h

> @@ -37,6 +37,8 @@ struct rte_crypto_vec {

>  	rte_iova_t iova;

>  	/** length of the data buffer */

>  	uint32_t len;

> +	/** total buffer length */

> +	uint32_t tot_len;

>  };

> 

>  /**

> @@ -980,12 +982,14 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len,

>  	seglen = mb->data_len - ofs;

>  	if (len <= seglen) {

>  		vec[0].len = len;

> +		vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;

>  		return 1;

>  	}

> 

>  	/* data spread across segments */

>  	vec[0].len = seglen;

>  	left = len - seglen;

> +	vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;


As a nit this line and similar line above can be merged into one and put
before 'if' statement above, i.e.:

vec[0].base = rte_pktmbuf_mtod_offset(mb, void *, ofs);
vec[0].iova = rte_pktmbuf_iova_offset(mb, ofs);
vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;

>  	for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) {

> 

>  		vec[i].base = rte_pktmbuf_mtod(nseg, void *);

> @@ -995,6 +999,8 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len,

>  		if (left <= seglen) {

>  			/* whole requested data is completed */

>  			vec[i].len = left;

> +			vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)

> +					- ofs;


Same as above - these two lines can be put as one before 'if'.


>  			left = 0;

>  			break;

>  		}

> @@ -1002,6 +1008,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len,

>  		/* use whole segment */

>  		vec[i].len = seglen;

>  		left -= seglen;

> +		vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;

>  	}

> 

>  	RTE_ASSERT(left == 0);

> --

> 2.17.1


With nits above applied:
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Hemant Agrawal Oct. 17, 2021, 8:30 a.m. UTC | #5
Hi Fan

On 10/14/2021 6:09 PM, Zhang, Roy Fan wrote:
> Hi Hemant,

>

> I still think it is enough to use rte_crypto_vec as well as

> rte_crypto_sym_ofs is enough to describe the data including both the data

> and aad.

>

> Imagine 2 10 bytes segments case, encryption/hash size of 12 and aad of 8.

> We will have

> struct rte_crypto_vec sgl[2] = {{.base = x, .len = 10}, {.base = y, .len = 10}};

> union rte_crypto_sym_ofs ofs  = {.cipher.head = 0, .cipher.tail = 8, .auth.head = 0, .auth.tail = 8};

>

> The driver shall understand there are 8 bytes not included for cipher/auth.


This is the protocol offload case. It won't work in that case.

>

> Regards,

> Fan

>

>> -----Original Message-----

>> From: Hemant Agrawal <hemant.agrawal@nxp.com>

>> Sent: Wednesday, October 13, 2021 8:00 PM

>> To: dev@dpdk.org; gakhil@marvell.com

>> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Roy Fan

>> <roy.fan.zhang@intel.com>; Gagandeep Singh <g.singh@nxp.com>

>> Subject: [PATCH v4 02/15] crypto: add total raw buffer length

>>

>> From: Gagandeep Singh <g.singh@nxp.com>

>>

>> The current crypto raw data vectors is extended to support

>> rte_security usecases, where we need total data length to know

>> how much additional memory space is available in buffer other

>> than data length so that driver/HW can write expanded size

>> data after encryption.

>>

>> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>

>> Acked-by: Akhil Goyal <gakhil@marvell.com>

>> ---

>>   doc/guides/rel_notes/deprecation.rst | 7 -------

>>   lib/cryptodev/rte_crypto_sym.h       | 7 +++++++

>>   2 files changed, 7 insertions(+), 7 deletions(-)

>>

>> diff --git a/doc/guides/rel_notes/deprecation.rst

>> b/doc/guides/rel_notes/deprecation.rst

>> index a4e86b31f5..53155459a0 100644

>> --- a/doc/guides/rel_notes/deprecation.rst

>> +++ b/doc/guides/rel_notes/deprecation.rst

>> @@ -188,13 +188,6 @@ Deprecation Notices

>>     This field will be null for inplace processing.

>>     This change is targeted for DPDK 21.11.

>>

>> -* cryptodev: The structure ``rte_crypto_vec`` would be updated to add

>> -  ``tot_len`` to support total buffer length.

>> -  This is required for security cases like IPsec and PDCP encryption offload

>> -  to know how much additional memory space is available in buffer other

>> than

>> -  data length so that driver/HW can write expanded size data after

>> encryption.

>> -  This change is targeted for DPDK 21.11.

>> -

>>   * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and

>>     ``rte_cryptodev_asym_session`` to remove unnecessary indirection

>> between

>>     session and the private data of session. An opaque pointer can be exposed

>> diff --git a/lib/cryptodev/rte_crypto_sym.h

>> b/lib/cryptodev/rte_crypto_sym.h

>> index dcc0bd5933..6be283e83c 100644

>> --- a/lib/cryptodev/rte_crypto_sym.h

>> +++ b/lib/cryptodev/rte_crypto_sym.h

>> @@ -37,6 +37,8 @@ struct rte_crypto_vec {

>>   	rte_iova_t iova;

>>   	/** length of the data buffer */

>>   	uint32_t len;

>> +	/** total buffer length */

>> +	uint32_t tot_len;

>>   };

>>

>>   /**

>> @@ -980,12 +982,14 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf

>> *mb, uint32_t ofs, uint32_t len,

>>   	seglen = mb->data_len - ofs;

>>   	if (len <= seglen) {

>>   		vec[0].len = len;

>> +		vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)

>> - ofs;

>>   		return 1;

>>   	}

>>

>>   	/* data spread across segments */

>>   	vec[0].len = seglen;

>>   	left = len - seglen;

>> +	vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;

>>   	for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) {

>>

>>   		vec[i].base = rte_pktmbuf_mtod(nseg, void *);

>> @@ -995,6 +999,8 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb,

>> uint32_t ofs, uint32_t len,

>>   		if (left <= seglen) {

>>   			/* whole requested data is completed */

>>   			vec[i].len = left;

>> +			vec[i].tot_len = mb->buf_len -

>> rte_pktmbuf_headroom(mb)

>> +					- ofs;

>>   			left = 0;

>>   			break;

>>   		}

>> @@ -1002,6 +1008,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf

>> *mb, uint32_t ofs, uint32_t len,

>>   		/* use whole segment */

>>   		vec[i].len = seglen;

>>   		left -= seglen;

>> +		vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)

>> - ofs;

>>   	}

>>

>>   	RTE_ASSERT(left == 0);

>> --

>> 2.17.1
Akhil Goyal Oct. 17, 2021, 12:21 p.m. UTC | #6
> The structure rte_crypto_sym_vec is updated to

> add dest_sgl to support out of place processing.

> 

> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>

> Acked-by: Akhil Goyal <gakhil@marvell.com>

> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> ---

>  doc/guides/rel_notes/deprecation.rst | 5 -----

>  lib/cryptodev/rte_crypto_sym.h       | 2 ++

>  2 files changed, 2 insertions(+), 5 deletions(-)

> 

> diff --git a/doc/guides/rel_notes/deprecation.rst

> b/doc/guides/rel_notes/deprecation.rst

> index 53155459a0..581ee21449 100644

> --- a/doc/guides/rel_notes/deprecation.rst

> +++ b/doc/guides/rel_notes/deprecation.rst

> @@ -183,11 +183,6 @@ Deprecation Notices

>    has a limited size ``uint16_t``.

>    It will be moved and extended as ``uint32_t`` in DPDK 21.11.

> 

> -* cryptodev: The structure ``rte_crypto_sym_vec`` would be updated to add

> -  ``dest_sgl`` to support out of place processing.

> -  This field will be null for inplace processing.

> -  This change is targeted for DPDK 21.11.

> -


Corresponding release notes update missing.


>  * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and

>    ``rte_cryptodev_asym_session`` to remove unnecessary indirection

> between

>    session and the private data of session. An opaque pointer can be exposed

> diff --git a/lib/cryptodev/rte_crypto_sym.h

> b/lib/cryptodev/rte_crypto_sym.h

> index 6be283e83c..b6a229e263 100644

> --- a/lib/cryptodev/rte_crypto_sym.h

> +++ b/lib/cryptodev/rte_crypto_sym.h

> @@ -72,6 +72,8 @@ struct rte_crypto_sym_vec {

>  	uint32_t num;

>  	/** array of SGL vectors */

>  	struct rte_crypto_sgl *src_sgl;

> +	/** array of SGL vectors for OOP, keep it NULL for inplace*/

> +	struct rte_crypto_sgl *dest_sgl;

>  	/** array of pointers to cipher IV */

>  	struct rte_crypto_va_iova_ptr *iv;

>  	/** array of pointers to digest */

> --

> 2.17.1