openssl: add kTLS support option

This commit add option to enable kTLS support, improving
performance by offloading TLS encryption and decryption to
kernel space.

- Reduced CPU usage by minimizing data copying between user space
  and kernel space.
- Enables the use of the sendfile() system call with encrypted
  sockets for zero-copy data transmission.
- Leverages hardware-accelerated NIC that support TLS offloading.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21306
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/libs/openssl/Config.in

@@ -26,6 +26,14 @@ config OPENSSL_SMALL_FOOTPRINT
 		Chacha20-Poly1305 is 15% slower.  X86_64 drops 1% of its size
 		for 3% of performance.  Other arches have not been tested.
 
+config OPENSSL_KTLS
+	bool
+	prompt "Enable kTLS support"
+	select PACKAGE_kmod-tls
+	help
+		This will enable kTLS support, allowing data encryption
+		operations to be performed in kernel space.
+
 config OPENSSL_WITH_ASM
 	bool
 	default y

package/libs/openssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_VERSION:=3.5.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
 
 PKG_BUILD_PARALLEL:=1
@@ -37,6 +37,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_OPENSSL_OPTIMIZE_SPEED \
 	CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
 	CONFIG_OPENSSL_SMALL_FOOTPRINT \
+	CONFIG_OPENSSL_KTLS \
 	CONFIG_OPENSSL_WITH_ARIA \
 	CONFIG_OPENSSL_WITH_ASM \
 	CONFIG_OPENSSL_WITH_ASYNC \
@@ -293,6 +294,10 @@ ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 endif
 
+ifdef CONFIG_OPENSSL_KTLS
+  OPENSSL_OPTIONS += enable-ktls
+endif
+
 ifdef CONFIG_OPENSSL_ENGINE
   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
     OPENSSL_OPTIONS += disable-dynamic-engine