lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly

mldsa_verify() implements ML-DSA.Verify with ctx='', so document this
more explicitly.  Remove the one-liner comment above mldsa_verify()
which was somewhat misleading.

Reviewed-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20260202221552.174341-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

diff --git a/include/crypto/mldsa.h b/include/crypto/mldsa.h
index cf30aef299706f089d617713fb457636b0b3e2c1..3ef2676787c9ed72280a5f20b877fb09d9088b95 100644 (file)
--- a/include/crypto/mldsa.h
+++ b/include/crypto/mldsa.h
@@ -39,7 +39,9 @@ enum mldsa_alg {
  *         otherwise -EBADMSG will be returned.
  *
  * This verifies a signature using pure ML-DSA with the specified parameter set.
- * The context string is assumed to be empty.
+ * The context string is assumed to be empty.  This corresponds to FIPS 204
+ * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string
+ * and the lengths of the signature and key given explicitly by the caller.
  *
  * Context: Might sleep
  *

diff --git a/lib/crypto/mldsa.c b/lib/crypto/mldsa.c
index ba0c0468956e2a318a47c4cf4c1a93af1740baf1..c96fddc4e7dcf94417008f28e0c6dbf87b3746e6 100644 (file)
--- a/lib/crypto/mldsa.c
+++ b/lib/crypto/mldsa.c
@@ -525,7 +525,6 @@ static size_t encode_w1(u8 out[MAX_W1_ENCODED_LEN],
        return pos;
 }
 
-/* Reference: FIPS 204 Section 6.3 "ML-DSA Verifying (Internal)" */
 int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len,
                 const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len)
 {