pkg/verify: load default Verifier given a public key

ret2libc · ret2libc · commit f87ab7381226 · 2025-03-04T17:25:38.000+01:00
Signed-off-by: Riccardo Schirone &lt;riccardo.schirone@trailofbits.com&gt;
diff --git a/pkg/verify/signature.go b/pkg/verify/signature.go
@@ -97,8 +97,7 @@ func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verification
 
 func getSignatureVerifier(verificationContent VerificationContent, tm root.TrustedMaterial) (signature.Verifier, error) {
 	if leafCert := verificationContent.Certificate(); leafCert != nil {
-		// TODO: Inspect certificate's SignatureAlgorithm to determine hash function
-		return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)
+		return signature.LoadVerifierFromPublicKey(leafCert.PublicKey)
 	} else if pk := verificationContent.PublicKey(); pk != nil {
 		return tm.PublicKeyVerifier(pk.Hint())
 	}

Original file line number	Diff line number	Diff line change
`@@ -97,8 +97,7 @@ func VerifySignatureWithArtifactDigest(sigContent SignatureContent, verification`
`97`	`97`
`98`	`98`	`func getSignatureVerifier(verificationContent VerificationContent, tm root.TrustedMaterial) (signature.Verifier, error) {`
`99`	`99`	`if leafCert := verificationContent.Certificate(); leafCert != nil {`
`100`		`- // TODO: Inspect certificate's SignatureAlgorithm to determine hash function`
`101`		`- return signature.LoadVerifier(leafCert.PublicKey, crypto.SHA256)`
	`100`	`+ return signature.LoadVerifierFromPublicKey(leafCert.PublicKey)`
`102`	`101`	`} else if pk := verificationContent.PublicKey(); pk != nil {`
`103`	`102`	`return tm.PublicKeyVerifier(pk.Hint())`
`104`	`103`	`}`