pkg/verify: load default Verifier given a public key

ret2libc · ret2libc · commit 4371c3e01917 · 2025-03-04T17:23:53.000+01:00
Signed-off-by: Riccardo Schirone &lt;riccardo.schirone@trailofbits.com&gt;
diff --git a/pkg/verify/signature.go b/pkg/verify/signature.go
@@ -96,8 +96,7 @@ func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verification
 
 func getSignatureVerifier(verificationContent VerificationContent, tm root.TrustedMaterial) (signature.Verifier, error) {
 	if leafCert := verificationContent.Certificate(); leafCert != nil {
-		// TODO: Inspect certificate's SignatureAlgorithm to determine hash function
-		return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)
+		return signature.LoadVerifierFromPublicKey(leafCert.PublicKey)
 	} else if pk := verificationContent.PublicKey(); pk != nil {
 		return tm.PublicKeyVerifier(pk.Hint())
 	}

Original file line number	Diff line number	Diff line change
`@@ -96,8 +96,7 @@ func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verification`
`96`	`96`
`97`	`97`	`func getSignatureVerifier(verificationContent VerificationContent, tm root.TrustedMaterial) (signature.Verifier, error) {`
`98`	`98`	`if leafCert := verificationContent.Certificate(); leafCert != nil {`
`99`		`- // TODO: Inspect certificate's SignatureAlgorithm to determine hash function`
`100`		`- return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)`
	`99`	`+ return signature.LoadVerifierFromPublicKey(leafCert.PublicKey)`
`101`	`100`	`} else if pk := verificationContent.PublicKey(); pk != nil {`
`102`	`101`	`return tm.PublicKeyVerifier(pk.Hint())`
`103`	`102`	`}`