PQC: address review nits (drop experimental mentions, early-return inits)

aidangarske · aidangarske · commit 65953c2033f2 · 2026-06-04T12:59:47.000-07:00
diff --git a/docs/INTEGRATION_GUIDE.md b/docs/INTEGRATION_GUIDE.md
@@ -83,7 +83,7 @@ sudo make install
 | `--enable-pwdbased` | PKCS#12 support |
 | `--enable-hmac-copy` | Faster repeated HMAC with same key (wolfSSL 5.7.8+) |
 | `--enable-sp=yes,asm --enable-sp-math-all` | SP Integer maths |
-| `--enable-mlkem --enable-mldsa` | ML-KEM and ML-DSA post-quantum algorithms (wolfSSL post-v5.9.1-stable). The `build-wolfprovider.sh --enable-pqc` flag sets these automatically. Neither algorithm requires `--enable-experimental`. |
+| `--enable-mlkem --enable-mldsa` | ML-KEM and ML-DSA post-quantum algorithms (wolfSSL post-v5.9.1-stable). The `build-wolfprovider.sh --enable-pqc` flag sets these automatically. |
 
 **Optional CPPFLAGS:**
 
@@ -175,7 +175,7 @@ ML-DSA uses pure mode with an empty context string (FIPS 204 sec 5.2, Algorithm
 ./scripts/build-wolfprovider.sh --enable-pqc
 ```
 
-This adds `--enable-mlkem --enable-mldsa` to the wolfSSL configure step (neither flag requires `--enable-experimental`). wolfProvider auto-detects the resulting `WOLFSSL_HAVE_MLKEM` / `WOLFSSL_HAVE_MLDSA` macros via `include/wolfprovider/settings.h` (gated on `__has_include` of `<wolfssl/wolfcrypt/wc_mlkem.h>` / `<wolfssl/wolfcrypt/wc_mldsa.h>`) and registers the six PQC algorithms.
+This adds `--enable-mlkem --enable-mldsa` to the wolfSSL configure step. wolfProvider auto-detects the resulting `WOLFSSL_HAVE_MLKEM` / `WOLFSSL_HAVE_MLDSA` macros via `include/wolfprovider/settings.h` (gated on `__has_include` of `<wolfssl/wolfcrypt/wc_mlkem.h>` / `<wolfssl/wolfcrypt/wc_mldsa.h>`) and registers the six PQC algorithms.
 
 ### Usage Example
 
diff --git a/include/wolfprovider/settings.h b/include/wolfprovider/settings.h
@@ -169,7 +169,7 @@
 #ifdef HAVE_ED448
      #define WP_HAVE_ED448
 #endif
-/* PQC: gate on both the wolfSSL feature macro AND header availability. The
+/* Gate on both the wolfSSL feature macro AND header availability. The
  * canonical post-rename names (WOLFSSL_HAVE_MLKEM / WOLFSSL_HAVE_MLDSA and
  * wc_mlkem.h / wc_mldsa.h) are required. Older wolfSSL releases that only
  * exposed the pre-standardization names (HAVE_DILITHIUM, dilithium.h) are
diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh
@@ -39,8 +39,7 @@ if [ "$WOLFPROV_SEED_SRC" = "1" ]; then
 fi
 
 # Enable ML-KEM and ML-DSA in wolfSSL when --enable-pqc is requested.
-# Use the canonical FIPS 203 / FIPS 204 flag names. Neither algorithm
-# requires --enable-experimental anymore.
+# Use the canonical FIPS 203 / FIPS 204 flag names.
 if [ "$WOLFPROV_PQC" = "1" ]; then
     WOLFSSL_CONFIG_OPTS="${WOLFSSL_CONFIG_OPTS} --enable-mlkem --enable-mldsa"
 fi
diff --git a/src/wp_mldsa_sig.c b/src/wp_mldsa_sig.c
@@ -220,31 +220,25 @@ static wp_MlDsaSigCtx* wp_mldsa_dupctx(wp_MlDsaSigCtx* srcCtx)
 static int wp_mldsa_init(wp_MlDsaSigCtx* ctx, wp_MlDsa* mldsa,
     const OSSL_PARAM params[])
 {
-    int ok = 1;
-
     (void)params;
 
     if (ctx == NULL) {
-        ok = 0;
+        return 0;
     }
     /* NULL key means "reinit, reuse the key already on the context" -- only
      * valid if the context actually has one. */
-    if (ok && (mldsa == NULL) && (ctx->mldsa == NULL)) {
-        ok = 0;
+    if ((mldsa == NULL) && (ctx->mldsa == NULL)) {
+        return 0;
     }
-    if (ok && (mldsa != NULL)) {
+    if (mldsa != NULL) {
         if (!wp_mldsa_up_ref(mldsa)) {
-            ok = 0;
+            return 0;
         }
-        if (ok) {
-            wp_mldsa_free(ctx->mldsa);
-            ctx->mldsa = mldsa;
-        }
-    }
-    if (ok) {
-        wp_mldsa_buf_reset(ctx);
+        wp_mldsa_free(ctx->mldsa);
+        ctx->mldsa = mldsa;
     }
-    return ok;
+    wp_mldsa_buf_reset(ctx);
+    return 1;
 }
 
 static int wp_mldsa_sign_init(wp_MlDsaSigCtx* ctx, wp_MlDsa* mldsa,
diff --git a/src/wp_mlkem_kem.c b/src/wp_mlkem_kem.c
@@ -124,21 +124,17 @@ static wp_MlKemCtx* wp_mlkem_kem_dupctx(wp_MlKemCtx* srcCtx)
 static int wp_mlkem_kem_init(wp_MlKemCtx* ctx, wp_MlKem* mlkem,
     const OSSL_PARAM params[])
 {
-    int ok = 1;
-
     (void)params;
 
     if ((ctx == NULL) || (mlkem == NULL)) {
-        ok = 0;
-    }
-    if (ok && !wp_mlkem_up_ref(mlkem)) {
-        ok = 0;
+        return 0;
     }
-    if (ok) {
-        wp_mlkem_free(ctx->mlkem);
-        ctx->mlkem = mlkem;
+    if (!wp_mlkem_up_ref(mlkem)) {
+        return 0;
     }
-    return ok;
+    wp_mlkem_free(ctx->mlkem);
+    ctx->mlkem = mlkem;
+    return 1;
 }
 
 static int wp_mlkem_kem_encapsulate_init(wp_MlKemCtx* ctx, wp_MlKem* mlkem,
