lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly

mldsa_verify() implements ML-DSA.Verify with ctx='', so document this
more explicitly.  Remove the one-liner comment above mldsa_verify()
which was somewhat misleading.

Reviewed-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20260202221552.174341-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Author: Eric Biggers

include/crypto/mldsa.h

@@ -39,7 +39,9 @@ enum mldsa_alg {
  *	    otherwise -EBADMSG will be returned.
  *
  * This verifies a signature using pure ML-DSA with the specified parameter set.
- * The context string is assumed to be empty.
+ * The context string is assumed to be empty.  This corresponds to FIPS 204
+ * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string
+ * and the lengths of the signature and key given explicitly by the caller.
  *
  * Context: Might sleep
  *

lib/crypto/mldsa.c

@@ -525,7 +525,6 @@ static size_t encode_w1(u8 out[MAX_W1_ENCODED_LEN],
 	return pos;
 }
 
-/* Reference: FIPS 204 Section 6.3 "ML-DSA Verifying (Internal)" */
 int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len,
 		 const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len)
 {