From dc7f754dff968779d6df76d4ad8eb742723e740e Mon Sep 17 00:00:00 2001 From: Noah Stapp Date: Thu, 2 Apr 2026 16:57:02 -0400 Subject: [PATCH 1/3] PYTHON-5740 - Fix weak OCSP hashing algorithm --- pymongo/ocsp_support.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pymongo/ocsp_support.py b/pymongo/ocsp_support.py index 41fdd7fda6..a0ec2c99aa 100644 --- a/pymongo/ocsp_support.py +++ b/pymongo/ocsp_support.py @@ -36,7 +36,7 @@ from cryptography.hazmat.primitives.asymmetric.x25519 import ( X25519PublicKey as _X25519PublicKey, ) -from cryptography.hazmat.primitives.hashes import SHA1 as _SHA1 +from cryptography.hazmat.primitives.hashes import SHA256 as _SHA256 from cryptography.hazmat.primitives.hashes import Hash as _Hash from cryptography.hazmat.primitives.serialization import Encoding as _Encoding from cryptography.hazmat.primitives.serialization import PublicFormat as _PublicFormat @@ -158,7 +158,7 @@ def _get_extension( def _public_key_hash(cert: Certificate) -> bytes: public_key = cert.public_key() # https://tools.ietf.org/html/rfc2560#section-4.2.1 - # "KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key + # "KeyHash ::= OCTET STRING -- SHA-256 hash of responder's public key # (excluding the tag and length fields)" # https://stackoverflow.com/a/46309453/600498 if isinstance(public_key, _RSAPublicKey): @@ -167,7 +167,7 @@ def _public_key_hash(cert: Certificate) -> bytes: pbytes = public_key.public_bytes(_Encoding.X962, _PublicFormat.UncompressedPoint) else: pbytes = public_key.public_bytes(_Encoding.DER, _PublicFormat.SubjectPublicKeyInfo) - digest = _Hash(_SHA1(), backend=_default_backend()) # noqa: S303 + digest = _Hash(_SHA256(), backend=_default_backend()) digest.update(pbytes) return digest.finalize() @@ -249,7 +249,7 @@ def _verify_response_signature(issuer: Certificate, response: OCSPResponse) -> i def _build_ocsp_request(cert: Certificate, issuer: Certificate) -> OCSPRequest: # https://cryptography.io/en/latest/x509/ocsp/#creating-requests builder = _OCSPRequestBuilder() - builder = builder.add_certificate(cert, issuer, _SHA1()) # noqa: S303 + builder = builder.add_certificate(cert, issuer, _SHA256()) return builder.build() From 2920c76baaa1f7ae1a6322b51afd379357cb242d Mon Sep 17 00:00:00 2001 From: Noah Stapp Date: Wed, 8 Apr 2026 11:34:30 -0400 Subject: [PATCH 2/3] Update changelog --- doc/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index 23d5b2fc9e..fa86c237ad 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -10,10 +10,10 @@ PyMongo 4.17 brings a number of changes including: been deprecated and will be removed in PyMongo 5.0. These methods were deprecated in favor of the standard dictionary containment operator ``in`` and the ``keys()`` and ``values()`` methods, respectively. - - Added the :meth:`~pymongo.asynchronous.client_session.AsyncClientSession.bind` and :meth:`~pymongo.client_session.ClientSession.bind` methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See for examples and more information. +- OCSP authentication now uses the more secure SHA-256 hashing algorithm for certificate verification instead of SHA-1. Changes in Version 4.16.0 (2026/01/07) -------------------------------------- From 0f3a61af760b3433ef195bc1b45d751cdf75f67b Mon Sep 17 00:00:00 2001 From: Noah Stapp Date: Wed, 8 Apr 2026 11:40:04 -0400 Subject: [PATCH 3/3] Update doc/changelog.rst Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- doc/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index fa86c237ad..14b257fdcc 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -13,7 +13,7 @@ PyMongo 4.17 brings a number of changes including: - Added the :meth:`~pymongo.asynchronous.client_session.AsyncClientSession.bind` and :meth:`~pymongo.client_session.ClientSession.bind` methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See for examples and more information. -- OCSP authentication now uses the more secure SHA-256 hashing algorithm for certificate verification instead of SHA-1. +- OCSP request certificate identifiers (CertID) now use the SHA-256 hashing algorithm instead of SHA-1. Changes in Version 4.16.0 (2026/01/07) --------------------------------------