mongo 2.23.0 → 2.24.0

data/lib/mongo/crypt/context.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -17,9 +16,8 @@
 
 module Mongo
   module Crypt
-
     # A wrapper around mongocrypt_ctx_t, which manages the
-    # state machine for encryption and decription.
+    # state machine for encryption and decryption.
     #
     # This class is a superclass that defines shared methods
     # amongst contexts that are initialized for different purposes
@@ -150,7 +148,7 @@ module Mongo
       end
 
       def feed_kms
-        while (kms_context = Binding.ctx_next_kms_ctx(self)) do
+        while (kms_context = Binding.ctx_next_kms_ctx(self))
           begin
             delay = Binding.kms_ctx_usleep(kms_context)
             sleep(delay / 1_000_000.0) unless delay.nil?
@@ -158,15 +156,10 @@ module Mongo
             tls_options = @mongocrypt_handle.kms_tls_options(provider)
             @encryption_io.feed_kms(kms_context, tls_options)
           rescue Error::KmsError => e
-            if e.network_error?
-              if Binding.kms_ctx_fail(kms_context)
-                next
-              else
-                raise
-              end
-            else
-              raise
-            end
+            raise unless e.network_error?
+            next if Binding.kms_ctx_fail(kms_context)
+
+            raise
           end
         end
         Binding.ctx_kms_done(self)
@@ -195,20 +188,20 @@ module Mongo
       #   KMS providers.
       def retrieve_kms_credentials(timeout_holder)
         providers = {}
-        if kms_providers.aws&.empty?
+        if kms_providers.aws && kms_providers.aws.empty?
           begin
             aws_credentials = Mongo::Auth::Aws::CredentialsRetriever.new.credentials(timeout_holder)
           rescue Auth::Aws::CredentialsNotFound
             raise Error::CryptError.new(
-              "Could not locate AWS credentials (checked environment variables, ECS and EC2 metadata)"
+              'Could not locate AWS credentials (checked environment variables, ECS and EC2 metadata)'
             )
           end
           providers[:aws] = aws_credentials.to_h
         end
-        if kms_providers.gcp&.empty?
+        if kms_providers.gcp && kms_providers.gcp.empty?
           providers[:gcp] = { access_token: gcp_access_token(timeout_holder) }
         end
-        if kms_providers.azure&.empty?
+        if kms_providers.azure && kms_providers.azure.empty?
           providers[:azure] = { access_token: azure_access_token(timeout_holder) }
         end
         KMS::Credentials.new(providers)

data/lib/mongo/crypt/data_key_context.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -17,13 +16,11 @@
 
 module Mongo
   module Crypt
-
     # A Context object initialized specifically for the purpose of creating
     # a data key in the key management system.
     #
     # @api private
     class DataKeyContext < Context
-
       # Create a new DataKeyContext object
       #
       # @param [ Mongo::Crypt::Handle ] mongocrypt a Handle that
@@ -50,14 +47,12 @@ module Mongo
 
       # Set the alt names option on the context
       def set_key_alt_names(key_alt_names)
-        unless key_alt_names.is_a?(Array)
-          raise ArgumentError.new, 'The :key_alt_names option must be an Array'
-        end
+        raise ArgumentError.new, 'The :key_alt_names option must be an Array' unless key_alt_names.is_a?(Array)
 
         unless key_alt_names.all? { |key_alt_name| key_alt_name.is_a?(String) }
           raise ArgumentError.new(
             "#{key_alt_names} contains an invalid alternate key name. All " +
-            "values of the :key_alt_names option Array must be Strings"
+            'values of the :key_alt_names option Array must be Strings'
           )
         end
 

data/lib/mongo/crypt/encryption_io.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -17,13 +16,11 @@
 
 module Mongo
   module Crypt
-
     # A class that implements I/O methods between the driver and
     # the MongoDB server or mongocryptd.
     #
     # @api private
     class EncryptionIO
-
       # Timeout used for TLS socket connection, reading, and writing.
       # There is no specific timeout written in the spec. See SPEC-1394
       # for a discussion and updates on what this timeout should be.
@@ -55,8 +52,7 @@ module Mongo
       # @note This class expects that the key_vault_client and key_vault_namespace
       #   options are not nil and are in the correct format.
       def initialize(
-        client: nil, mongocryptd_client: nil, key_vault_namespace:,
-        key_vault_client:, metadata_client:, mongocryptd_options: {}
+        key_vault_namespace:, key_vault_client:, metadata_client:, client: nil, mongocryptd_client: nil, mongocryptd_options: {}
       )
         validate_key_vault_client!(key_vault_client)
         validate_key_vault_namespace!(key_vault_namespace)
@@ -104,7 +100,8 @@ module Mongo
       # @return [ Hash ] The collection information
       def collection_info(db_name, filter, timeout_ms: nil)
         unless @metadata_client
-          raise ArgumentError, 'collection_info requires metadata_client to have been passed to the constructor, but it was not'
+          raise ArgumentError,
+                'collection_info requires metadata_client to have been passed to the constructor, but it was not'
         end
 
         @metadata_client
@@ -124,7 +121,8 @@ module Mongo
       # @return [ Hash ] The marked command
       def mark_command(cmd, timeout_ms: nil)
         unless @mongocryptd_client
-          raise ArgumentError, 'mark_command requires mongocryptd_client to have been passed to the constructor, but it was not'
+          raise ArgumentError,
+                'mark_command requires mongocryptd_client to have been passed to the constructor, but it was not'
         end
 
         # Ensure the response from mongocryptd is deserialized with { mode: :bson }
@@ -143,7 +141,7 @@ module Mongo
           response = @mongocryptd_client.database.command(cmd, options)
         end
 
-        return response.first
+        response.first
       end
 
       # Get information about the remote KMS encryption key and feed it to the the
@@ -161,16 +159,14 @@ module Mongo
       def feed_kms(kms_context, tls_options, timeout_ms: nil)
         with_ssl_socket(kms_context.endpoint, tls_options) do |ssl_socket|
           Timeout.timeout(timeout_ms || SOCKET_TIMEOUT, Error::SocketTimeoutError,
-            'Socket write operation timed out'
-          ) do
+                          'Socket write operation timed out') do
             ssl_socket.syswrite(kms_context.message)
           end
 
           bytes_needed = kms_context.bytes_needed
-          while bytes_needed > 0 do
+          while bytes_needed > 0
             bytes = Timeout.timeout(timeout_ms || SOCKET_TIMEOUT, Error::SocketTimeoutError,
-              'Socket read operation timed out'
-            ) do
+                                    'Socket read operation timed out') do
               ssl_socket.sysread(bytes_needed)
             end
 
@@ -227,7 +223,7 @@ module Mongo
                     {
                       '$filter' => {
                         input: '$keyAltNames',
-                        cond: { '$ne' =>  [ '$$this', key_alt_name ] }
+                        cond: { '$ne' => [ '$$this', key_alt_name ] }
                       }
                     }
                   ]
@@ -251,28 +247,24 @@ module Mongo
       private
 
       def validate_key_vault_client!(key_vault_client)
-        unless key_vault_client
-          raise ArgumentError.new('The :key_vault_client option cannot be nil')
-        end
+        raise ArgumentError.new('The :key_vault_client option cannot be nil') unless key_vault_client
 
-        unless key_vault_client.is_a?(Client)
-          raise ArgumentError.new(
-            'The :key_vault_client option must be an instance of Mongo::Client'
-          )
-        end
+        return if key_vault_client.is_a?(Client)
+
+        raise ArgumentError.new(
+          'The :key_vault_client option must be an instance of Mongo::Client'
+        )
       end
 
       def validate_key_vault_namespace!(key_vault_namespace)
-        unless key_vault_namespace
-          raise ArgumentError.new('The :key_vault_namespace option cannot be nil')
-        end
+        raise ArgumentError.new('The :key_vault_namespace option cannot be nil') unless key_vault_namespace
 
-        unless key_vault_namespace.split('.').length == 2
-          raise ArgumentError.new(
-            "#{key_vault_namespace} is an invalid key vault namespace." +
-            "The :key_vault_namespace option must be in the format database.collection"
-          )
-        end
+        return if key_vault_namespace.split('.').length == 2
+
+        raise ArgumentError.new(
+          "#{key_vault_namespace} is an invalid key vault namespace." +
+          'The :key_vault_namespace option must be in the format database.collection'
+        )
       end
 
       # Use the provided key vault client and namespace to construct a
@@ -309,8 +301,7 @@ module Mongo
         end
 
         if mongocryptd_spawn_path.nil? ||
-          mongocryptd_spawn_args.nil? || mongocryptd_spawn_args.empty?
-        then
+           mongocryptd_spawn_args.nil? || mongocryptd_spawn_args.empty?
           raise ArgumentError.new(
             'Cannot spawn mongocryptd process when no :mongocryptd_spawn_args ' +
             'option is provided. To start mongocryptd without arguments, pass ' +
@@ -322,7 +313,7 @@ module Mongo
           Process.spawn(
             mongocryptd_spawn_path,
             *mongocryptd_spawn_args,
-            [:out, :err]=>'/dev/null'
+            %i[out err] => '/dev/null'
           )
         rescue Errno::ENOENT => e
           raise Error::MongocryptdSpawnError.new(
@@ -351,12 +342,10 @@ module Mongo
         address = begin
           host, port = endpoint.split(':')
           port ||= 443 # All supported KMS APIs use this port by default.
-          Address.new([host, port].join(':'))
+          Address.new([ host, port ].join(':'))
         end
         socket_options = { ssl: true, csot: csot }.tap do |opts|
-          if csot
-            opts[:connect_timeout] = (timeout_ms / 1_000.0)
-          end
+          opts[:connect_timeout] = (timeout_ms / 1_000.0) if csot
         end
         mongo_socket = address.socket(
           SOCKET_TIMEOUT,
@@ -366,7 +355,8 @@ module Mongo
       rescue Error::KmsError
         raise
       rescue StandardError => e
-        raise Error::KmsError.new("Error when connecting to KMS provider: #{e.class}: #{e.message}", network_error: true)
+        raise Error::KmsError.new("Error when connecting to KMS provider: #{e.class}: #{e.message}",
+                                  network_error: true)
       ensure
         mongo_socket&.close
       end

data/lib/mongo/crypt/explicit_decryption_context.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -17,12 +16,10 @@
 
 module Mongo
   module Crypt
-
     # A Context object initialized for explicit decryption
     #
     # @api private
     class ExplicitDecryptionContext < Context
-
       # Create a new ExplicitDecryptionContext object
       #
       # @param [ Mongo::Crypt::Handle ] mongocrypt a Handle that

data/lib/mongo/crypt/explicit_encrypter.rb

@@ -317,7 +317,7 @@ module Mongo
         KMS::MasterKeyDocument.new(provider, options)
       end
 
-      # Returns the corresponding update document for each for of the given
+      # Returns the corresponding update document for each of the given
       # data key documents.
       #
       # @param [ Array<Hash> ] documents the data key documents

data/lib/mongo/crypt/explicit_encryption_context.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -17,12 +16,10 @@
 
 module Mongo
   module Crypt
-
     # A Context object initialized for explicit encryption
     #
     # @api private
     class ExplicitEncryptionContext < Context
-
       # Create a new ExplicitEncryptionContext object
       #
       # @param [ Mongo::Crypt::Handle ] mongocrypt a Handle that
@@ -76,6 +73,7 @@ module Mongo
       end
 
       private
+
       def set_key_opts(options)
         if options[:key_id].nil? && options[:key_alt_name].nil?
           raise ArgumentError.new(
@@ -99,31 +97,26 @@ module Mongo
 
       def set_key_id(key_id)
         unless key_id.is_a?(BSON::Binary) &&
-            key_id.type == :uuid
-              raise ArgumentError.new(
-                "Expected the :key_id option to be a BSON::Binary object with " +
-                "type :uuid. #{key_id} is an invalid :key_id option"
-              )
-          end
-          Binding.ctx_setopt_key_id(self, key_id.data)
+               key_id.type == :uuid
+          raise ArgumentError.new(
+            'Expected the :key_id option to be a BSON::Binary object with ' +
+            "type :uuid. #{key_id} is an invalid :key_id option"
+          )
+        end
+        Binding.ctx_setopt_key_id(self, key_id.data)
       end
 
       def set_key_alt_name(key_alt_name)
-        unless key_alt_name.is_a?(String)
-            raise ArgumentError.new(':key_alt_name option must be a String')
-          end
-          Binding.ctx_setopt_key_alt_names(self, [key_alt_name])
+        raise ArgumentError.new(':key_alt_name option must be a String') unless key_alt_name.is_a?(String)
+
+        Binding.ctx_setopt_key_alt_names(self, [ key_alt_name ])
       end
 
       def set_algorithm_opts(options)
         Binding.ctx_setopt_algorithm(self, options[:algorithm])
-        if %w(Indexed Range).include?(options[:algorithm])
-          if options[:contention_factor]
-            Binding.ctx_setopt_contention_factor(self, options[:contention_factor])
-          end
-          if options[:query_type]
-            Binding.ctx_setopt_query_type(self, options[:query_type])
-          end
+        if %w[Indexed Range].include?(options[:algorithm])
+          Binding.ctx_setopt_contention_factor(self, options[:contention_factor]) if options[:contention_factor]
+          Binding.ctx_setopt_query_type(self, options[:query_type]) if options[:query_type]
         else
           if options[:contention_factor]
             raise ArgumentError.new(':contention_factor is allowed only for "Indexed" or "Range" algorithms')
@@ -132,19 +125,15 @@ module Mongo
             raise ArgumentError.new(':query_type is allowed only for "Indexed" or "Range" algorithms')
           end
         end
-        if options[:algorithm] == 'Range'
-          Binding.ctx_setopt_algorithm_range(self, convert_range_opts(options[:range_opts]))
-        end
+        return unless options[:algorithm] == 'Range'
+
+        Binding.ctx_setopt_algorithm_range(self, convert_range_opts(options[:range_opts]))
       end
 
       def convert_range_opts(range_opts)
         range_opts.dup.tap do |opts|
-          if opts[:sparsity] && !opts[:sparsity].is_a?(BSON::Int64)
-            opts[:sparsity] = BSON::Int64.new(opts[:sparsity])
-          end
-          if opts[:trim_factor]
-            opts[:trimFactor] = opts.delete(:trim_factor)
-          end
+          opts[:sparsity] = BSON::Int64.new(opts[:sparsity]) if opts[:sparsity] && !opts[:sparsity].is_a?(BSON::Int64)
+          opts[:trimFactor] = opts.delete(:trim_factor) if opts[:trim_factor]
         end
       end
     end

data/lib/mongo/crypt/explicit_encryption_expression_context.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -17,7 +16,6 @@
 
 module Mongo
   module Crypt
-
     # A Context object initialized for explicit expression encryption.
     #
     # @api private

data/lib/mongo/crypt/handle.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-# rubocop:todo all
 
 # Copyright (C) 2019-2020 MongoDB Inc.
 #
@@ -20,15 +19,13 @@ require 'base64'
 
 module Mongo
   module Crypt
-
     # A handle to the libmongocrypt library that wraps a mongocrypt_t object,
     # allowing clients to set options on that object or perform operations such
     # as encryption and decryption
     #
     # @api private
     class Handle
-
-      # @returns [ Crypt::KMS::Credentials ] Credentials for KMS providers.
+      # @return [ Crypt::KMS::Credentials ] Credentials for KMS providers.
       attr_reader :kms_providers
 
       # Creates a new Handle object and initializes it with options
@@ -62,9 +59,14 @@ module Mongo
       # @option options [ Boolean | nil ] :explicit_encryption_only Whether this
       #   handle is going to be used only for explicit encryption. If true,
       #   libmongocrypt is instructed not to load crypt shared library.
+      # @option options [ Boolean | nil ] :disable_crypt_shared_lib_search When
+      #   true, suppresses the automatic "$SYSTEM" search for crypt_shared. Use
+      #   this when a previous Handle in the same process has already loaded the
+      #   library via a path override and you want to avoid the conflicting-load
+      #   error that libmongocrypt raises on a subsequent "$SYSTEM" search.
       # @option options [ Logger ] :logger A Logger object to which libmongocrypt logs
       #   will be sent
-      def initialize(kms_providers, kms_tls_options, options={})
+      def initialize(kms_providers, kms_tls_options, options = {})
         # FFI::AutoPointer uses a custom release strategy to automatically free
         # the pointer once this object goes out of scope
         @mongocrypt = FFI::AutoPointer.new(
@@ -73,7 +75,7 @@ module Mongo
         )
         Binding.kms_ctx_setopt_retry_kms(self, true)
         @kms_providers = kms_providers
-        @kms_tls_options =  kms_tls_options
+        @kms_tls_options = kms_tls_options
 
         maybe_set_schema_map(options)
 
@@ -85,10 +87,11 @@ module Mongo
 
         @crypt_shared_lib_path = options[:crypt_shared_lib_path]
         @explicit_encryption_only = options[:explicit_encryption_only]
+        @disable_crypt_shared_lib_search = options[:disable_crypt_shared_lib_search]
         if @crypt_shared_lib_path
           Binding.setopt_set_crypt_shared_lib_path_override(self, @crypt_shared_lib_path)
-        elsif !@bypass_query_analysis && !@explicit_encryption_only
-          Binding.setopt_append_crypt_shared_lib_search_path(self, "$SYSTEM")
+        elsif !@bypass_query_analysis && !@explicit_encryption_only && !@disable_crypt_shared_lib_search
+          Binding.setopt_append_crypt_shared_lib_search_path(self, '$SYSTEM')
         end
 
         @logger = options[:logger]
@@ -105,11 +108,11 @@ module Mongo
         initialize_mongocrypt
 
         @crypt_shared_lib_required = !!options[:crypt_shared_lib_required]
-        if @crypt_shared_lib_required && crypt_shared_lib_version == 0
-          raise Mongo::Error::CryptError.new(
-            "Crypt shared library is required, but cannot be loaded  according to libmongocrypt"
-          )
-        end
+        return unless @crypt_shared_lib_required && crypt_shared_lib_version == 0
+
+        raise Mongo::Error::CryptError.new(
+          'Crypt shared library is required, but cannot be loaded  according to libmongocrypt'
+        )
       end
 
       # Return the reference to the underlying @mongocrypt object
@@ -145,7 +148,7 @@ module Mongo
           @schema_map = nil
         elsif options[:schema_map] && options[:schema_map_path]
           raise ArgumentError.new(
-            "Cannot set both schema_map and schema_map_path options."
+            'Cannot set both schema_map and schema_map_path options.'
           )
         elsif options[:schema_map]
           unless options[:schema_map].is_a?(Hash)
@@ -176,7 +179,7 @@ module Mongo
       end
 
       def set_bypass_query_analysis
-        unless [true, false].include?(@bypass_query_analysis)
+        unless [ true, false ].include?(@bypass_query_analysis)
           raise ArgumentError.new(
             "#{@bypass_query_analysis} is an invalid bypass_query_analysis value; must be a Boolean or nil"
           )
@@ -187,7 +190,7 @@ module Mongo
 
       # Send the logs from libmongocrypt to the Mongo::Logger
       def set_logger_callback
-        @log_callback = Proc.new do |level, msg|
+        @log_callback = proc do |level, msg|
           @logger.send(level, msg)
         end
 
@@ -207,15 +210,13 @@ module Mongo
       # @return [ true | false ] Whether block executed without raising
       #   exceptions.
       def handle_error(status_p)
-        begin
-          yield
-
-          true
-        rescue => e
-          status = Status.from_pointer(status_p)
-          status.update(:error_client, 1, "#{e.class}: #{e}")
-          false
-        end
+        yield
+
+        true
+      rescue StandardError => e
+        status = Status.from_pointer(status_p)
+        status.update(:error_client, 1, "#{e.class}: #{e}")
+        false
       end
 
       # Yields to the provided block and writes the return value of block
@@ -242,7 +243,7 @@ module Mongo
       # Perform AES encryption or decryption and write the output to the
       # provided mongocrypt_binary_t object.
       def do_aes(key_binary_p, iv_binary_p, input_binary_p, output_binary_p,
-        response_length_p, status_p, decrypt: false, mode: :CBC)
+                 response_length_p, status_p, decrypt: false, mode: :CBC)
         key = Binary.from_pointer(key_binary_p).to_s
         iv = Binary.from_pointer(iv_binary_p).to_s
         input = Binary.from_pointer(input_binary_p).to_s
@@ -258,7 +259,7 @@ module Mongo
       # Perform HMAC SHA encryption and write the output to the provided
       # mongocrypt_binary_t object.
       def do_hmac_sha(digest_name, key_binary_p, input_binary_p,
-        output_binary_p, status_p)
+                      output_binary_p, status_p)
         key = Binary.from_pointer(key_binary_p).to_s
         input = Binary.from_pointer(input_binary_p).to_s
 
@@ -270,7 +271,7 @@ module Mongo
       # Perform signing using RSASSA-PKCS1-v1_5 with SHA256 hash and write
       # the output to the provided mongocrypt_binary_t object.
       def do_rsaes_pkcs_signature(key_binary_p, input_binary_p,
-        output_binary_p, status_p)
+                                  output_binary_p, status_p)
         key = Binary.from_pointer(key_binary_p).to_s
         input = Binary.from_pointer(input_binary_p).to_s
 
@@ -287,8 +288,7 @@ module Mongo
       # Every crypto binding ignores its first argument, which is an option
       # mongocrypt_ctx_t object and is not required to use crypto hooks.
       def set_crypto_hooks
-        @aes_encrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
-          output_binary_p, response_length_p, status_p|
+        @aes_encrypt = proc do |_, key_binary_p, iv_binary_p, input_binary_p, output_binary_p, response_length_p, status_p|
           do_aes(
             key_binary_p,
             iv_binary_p,
@@ -299,8 +299,7 @@ module Mongo
           )
         end
 
-        @aes_decrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
-          output_binary_p, response_length_p, status_p|
+        @aes_decrypt = proc do |_, key_binary_p, iv_binary_p, input_binary_p, output_binary_p, response_length_p, status_p|
           do_aes(
             key_binary_p,
             iv_binary_p,
@@ -312,23 +311,21 @@ module Mongo
           )
         end
 
-        @random = Proc.new do |_, output_binary_p, num_bytes, status_p|
+        @random = proc do |_, output_binary_p, num_bytes, status_p|
           write_binary_string_and_set_status(output_binary_p, status_p) do
             Hooks.random(num_bytes)
           end
         end
 
-        @hmac_sha_512 = Proc.new do |_, key_binary_p, input_binary_p,
-          output_binary_p, status_p|
+        @hmac_sha_512 = proc do |_, key_binary_p, input_binary_p, output_binary_p, status_p|
           do_hmac_sha('SHA512', key_binary_p, input_binary_p, output_binary_p, status_p)
         end
 
-        @hmac_sha_256 = Proc.new do |_, key_binary_p, input_binary_p,
-          output_binary_p, status_p|
+        @hmac_sha_256 = proc do |_, key_binary_p, input_binary_p, output_binary_p, status_p|
           do_hmac_sha('SHA256', key_binary_p, input_binary_p, output_binary_p, status_p)
         end
 
-        @hmac_hash = Proc.new do |_, input_binary_p, output_binary_p, status_p|
+        @hmac_hash = proc do |_, input_binary_p, output_binary_p, status_p|
           input = Binary.from_pointer(input_binary_p).to_s
 
           write_binary_string_and_set_status(output_binary_p, status_p) do
@@ -343,11 +340,10 @@ module Mongo
           @random,
           @hmac_sha_512,
           @hmac_sha_256,
-          @hmac_hash,
+          @hmac_hash
         )
 
-        @aes_ctr_encrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
-          output_binary_p, response_length_p, status_p|
+        @aes_ctr_encrypt = proc do |_, key_binary_p, iv_binary_p, input_binary_p, output_binary_p, response_length_p, status_p|
           do_aes(
             key_binary_p,
             iv_binary_p,
@@ -355,12 +351,11 @@ module Mongo
             output_binary_p,
             response_length_p,
             status_p,
-            mode: :CTR,
+            mode: :CTR
           )
         end
 
-        @aes_ctr_decrypt = Proc.new do |_, key_binary_p, iv_binary_p, input_binary_p,
-          output_binary_p, response_length_p, status_p|
+        @aes_ctr_decrypt = proc do |_, key_binary_p, iv_binary_p, input_binary_p, output_binary_p, response_length_p, status_p|
           do_aes(
             key_binary_p,
             iv_binary_p,
@@ -369,18 +364,17 @@ module Mongo
             response_length_p,
             status_p,
             decrypt: true,
-            mode: :CTR,
+            mode: :CTR
           )
         end
 
         Binding.setopt_aes_256_ctr(
           self,
           @aes_ctr_encrypt,
-          @aes_ctr_decrypt,
+          @aes_ctr_decrypt
         )
 
-        @rsaes_pkcs_signature_cb = Proc.new do |_, key_binary_p, input_binary_p,
-          output_binary_p, status_p|
+        @rsaes_pkcs_signature_cb = proc do |_, key_binary_p, input_binary_p, output_binary_p, status_p|
           do_rsaes_pkcs_signature(key_binary_p, input_binary_p, output_binary_p, status_p)
         end