diff --git a/tuf/ngclient/_internal/trusted_metadata_set.py b/tuf/ngclient/_internal/trusted_metadata_set.py
index d5674d8b10..c20963cfd3 100644
--- a/tuf/ngclient/_internal/trusted_metadata_set.py
+++ b/tuf/ngclient/_internal/trusted_metadata_set.py
@@ -71,8 +71,6 @@
 from datetime import datetime
 from typing import Dict, Iterator, Optional
 
-from securesystemslib import hash as sslib_hash
-
 from tuf import exceptions
 from tuf.api.metadata import Metadata, Root, Targets
 from tuf.api.serialization import DeserializationError
@@ -305,8 +303,7 @@ def update_timestamp(self, data: bytes):
         self._trusted_set["timestamp"] = new_timestamp
         logger.debug("Updated timestamp")
 
-    # TODO: remove pylint disable once the hash verification is in metadata.py
-    def update_snapshot(self, data: bytes):  # pylint: disable=too-many-branches
+    def update_snapshot(self, data: bytes):
         """Verifies and loads 'data' as new snapshot metadata.
 
         Args:
@@ -326,13 +323,12 @@ def update_snapshot(self, data: bytes):  # pylint: disable=too-many-branches
         meta = self.timestamp.signed.meta["snapshot.json"]
 
         # Verify against the hashes in timestamp, if any
-        hashes = meta.hashes or {}
-        for algo, stored_hash in hashes.items():
-            digest_object = sslib_hash.digest(algo)
-            digest_object.update(data)
-            observed_hash = digest_object.hexdigest()
-            if observed_hash != stored_hash:
-                raise exceptions.BadHashError(stored_hash, observed_hash)
+        try:
+            meta.verify_length_and_hashes(data)
+        except exceptions.LengthOrHashMismatchError as e:
+            raise exceptions.RepositoryError(
+                "Snapshot length or hashes do not match"
+            ) from e
 
         try:
             new_snapshot = Metadata.from_bytes(data)
@@ -426,14 +422,12 @@ def update_delegated_targets(
                 f"Snapshot does not contain information for '{role_name}'"
             )
 
-        hashes = meta.hashes or {}
-        for algo, stored_hash in hashes.items():
-            digest_object = sslib_hash.digest(algo)
-            digest_object.update(data)
-            observed_hash = digest_object.hexdigest()
-            if observed_hash != stored_hash:
-                # TODO: Error should derive from RepositoryError
-                raise exceptions.BadHashError(stored_hash, observed_hash)
+        try:
+            meta.verify_length_and_hashes(data)
+        except exceptions.LengthOrHashMismatchError as e:
+            raise exceptions.RepositoryError(
+                f"{role_name} length or hashes do not match"
+            ) from e
 
         try:
             new_delegate = Metadata.from_bytes(data)