3 files changed, 22 insertions, 27 deletions

diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index b1bb65c7dc..e27838f5d6 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -85,6 +85,7 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
 # define ARMV8_UNROLL8_EOR3      (1<<12)
 # define ARMV8_SVE       (1<<13)
 # define ARMV8_SVE2      (1<<14)
+# define ARMV8_WORTH_USING_SHA3  (1<<15)
 
 /*
  * MIDR_EL1 system register
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 03bc659bdb..8443f8fcbd 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -300,6 +300,7 @@ void OPENSSL_cpuid_setup(void)
                ((strncmp(uarch, "Apple M1", 8) == 0) ||
                 (strncmp(uarch, "Apple M2", 8) == 0))) {
                 OPENSSL_armcap_P |= ARMV8_UNROLL8_EOR3;
+                OPENSSL_armcap_P |= ARMV8_WORTH_USING_SHA3;
             }
         }
     }
@@ -419,6 +420,20 @@ void OPENSSL_cpuid_setup(void)
          MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_V2)) &&
         (OPENSSL_armcap_P & ARMV8_SHA3))
         OPENSSL_armcap_P |= ARMV8_UNROLL8_EOR3;
+    if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM)     ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_ICESTORM)      ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM_PRO) ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_ICESTORM_PRO)  ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM_MAX) ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_ICESTORM_MAX)  ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE)     ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD)      ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_PRO) ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_PRO)  ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX) ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX)) &&
+        (OPENSSL_armcap_P & ARMV8_SHA3))
+        OPENSSL_armcap_P |= ARMV8_WORTH_USING_SHA3;
 # endif
 }
 #endif /* _WIN32, __ARM_MAX_ARCH__ >= 7 */
diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c
index 1348d0e06a..a03df0b7fc 100644
--- a/providers/implementations/digests/sha3_prov.c
+++ b/providers/implementations/digests/sha3_prov.c
@@ -271,43 +271,22 @@ static PROV_SHA3_METHOD sha3_ARMSHA3_md =
     armsha3_sha3_absorb,
     generic_sha3_final
 };
-/* Detection on Apple operating systems */
-# if defined(__APPLE__)
-#  define ARM_SHA3_CAPABLE (OPENSSL_armcap_P & ARMV8_SHA3)
-#  define SHA3_SET_MD(uname, typ)                                              \
+/* Users can switch back to the generic code by clearing either of the bits */
+# define ARM_SHA3_CAPABLE                                                      \
+    ((OPENSSL_armcap_P & ARMV8_SHA3) &&                                        \
+     (OPENSSL_armcap_P & ARMV8_WORTH_USING_SHA3))
+# define SHA3_SET_MD(uname, typ)                                               \
     if (ARM_SHA3_CAPABLE) {                                                    \
         ctx->meth = sha3_ARMSHA3_md;                                           \
     } else {                                                                   \
         ctx->meth = sha3_generic_md;                                           \
     }
-#  define KMAC_SET_MD(bitlen)                                                  \
+# define KMAC_SET_MD(bitlen)                                                   \
     if (ARM_SHA3_CAPABLE) {                                                    \
         ctx->meth = sha3_ARMSHA3_md;                                           \
     } else {                                                                   \
         ctx->meth = sha3_generic_md;                                           \
     }
-/* Detection on other operating systems */
-# else
-#  define ARM_HAS_FASTER_SHA3                                                                  \
-    (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM)     ||\
-     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM_PRO) ||\
-     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM_MAX) ||\
-     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE)     ||\
-     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_PRO) ||\
-     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX))
-#  define SHA3_SET_MD(uname, typ)                                              \
-    if (ARM_HAS_FASTER_SHA3) {                                                 \
-        ctx->meth = sha3_ARMSHA3_md;                                           \
-    } else {                                                                   \
-        ctx->meth = sha3_generic_md;                                           \
-    }
-#  define KMAC_SET_MD(bitlen)                                                  \
-    if (ARM_HAS_FASTER_SHA3) {                                                 \
-        ctx->meth = sha3_ARMSHA3_md;                                           \
-    } else {                                                                   \
-        ctx->meth = sha3_generic_md;                                           \
-    }
-# endif /* APPLE */
 #else
 # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
 # define KMAC_SET_MD(bitlen) ctx->meth = sha3_generic_md;