From ffd42b6d0420c4be97cc28fd1bb5f4c29e286e98 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 2 Feb 2026 14:15:52 -0800 Subject: [PATCH] lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly mldsa_verify() implements ML-DSA.Verify with ctx='', so document this more explicitly. Remove the one-liner comment above mldsa_verify() which was somewhat misleading. Reviewed-by: David Howells Link: https://lore.kernel.org/r/20260202221552.174341-1-ebiggers@kernel.org Signed-off-by: Eric Biggers --- include/crypto/mldsa.h | 4 +++- lib/crypto/mldsa.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/crypto/mldsa.h b/include/crypto/mldsa.h index cf30aef299706..3ef2676787c9e 100644 --- a/include/crypto/mldsa.h +++ b/include/crypto/mldsa.h @@ -39,7 +39,9 @@ enum mldsa_alg { * otherwise -EBADMSG will be returned. * * This verifies a signature using pure ML-DSA with the specified parameter set. - * The context string is assumed to be empty. + * The context string is assumed to be empty. This corresponds to FIPS 204 + * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string + * and the lengths of the signature and key given explicitly by the caller. * * Context: Might sleep * diff --git a/lib/crypto/mldsa.c b/lib/crypto/mldsa.c index ba0c0468956e2..c96fddc4e7dcf 100644 --- a/lib/crypto/mldsa.c +++ b/lib/crypto/mldsa.c @@ -525,7 +525,6 @@ static size_t encode_w1(u8 out[MAX_W1_ENCODED_LEN], return pos; } -/* Reference: FIPS 204 Section 6.3 "ML-DSA Verifying (Internal)" */ int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len, const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len) { -- 2.47.3