RSA-PSS Sign() function ignores the boolean returned from rs.alg.hashFunc(). While the current code returns a valid hash function for RSA, the code is brittle and error-prone. The boolean return should be validated to ensure that there is a recognized hash function (check for a true value) and there is a hash function (hash = crypto.Hash is not zero).
File: go-cose/rsa.go.
RSA-PSS Sign() function ignores the boolean returned from rs.alg.hashFunc(). While the current code returns a valid hash function for RSA, the code is brittle and error-prone. The boolean return should be validated to ensure that there is a recognized hash function (check for a true value) and there is a hash function (hash = crypto.Hash is not zero).
File: go-cose/rsa.go.