lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly

mldsa_verify() implements ML-DSA.Verify with ctx='', so document this more explicitly. Remove the one-liner comment above mldsa_verify() which was somewhat misleading. Reviewed-by: David Howells <dhowells@redhat.com> Link: https://lore.kernel.org/r/20260202221552.174341-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org>
2026-03-22 07:27:12 +08:00 · 2026-02-02 14:15:52 -08:00
parent fbfeca7404
commit ffd42b6d04
2 changed files with 3 additions and 2 deletions
--- a/include/crypto/mldsa.h
+++ b/include/crypto/mldsa.h
@@ -39,7 +39,9 @@ enum mldsa_alg {
 *	    otherwise -EBADMSG will be returned.
 *
 * This verifies a signature using pure ML-DSA with the specified parameter set.
- * The context string is assumed to be empty.
+ * The context string is assumed to be empty.  This corresponds to FIPS 204
+ * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string
+ * and the lengths of the signature and key given explicitly by the caller.
 *
 * Context: Might sleep
 *
--- a/lib/crypto/mldsa.c
+++ b/lib/crypto/mldsa.c
@@ -525,7 +525,6 @@ static size_t encode_w1(u8 out[MAX_W1_ENCODED_LEN],
 	return pos;
 }

-/* Reference: FIPS 204 Section 6.3 "ML-DSA Verifying (Internal)" */
 int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len,
 		 const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len)
 {