From 98dba648635f596d3c58ac3faa330eb11ffc30f7 Mon Sep 17 00:00:00 2001 From: Kevin Albertson Date: Wed, 17 Dec 2025 12:38:30 -0500 Subject: [PATCH 1/3] MONGOCRYPT-864 do not load crypt_shared in ClientEncryption --- pymongo/asynchronous/encryption.py | 4 +++- pymongo/synchronous/encryption.py | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pymongo/asynchronous/encryption.py b/pymongo/asynchronous/encryption.py index 4dfd36aa49..7f4f2f2a2f 100644 --- a/pymongo/asynchronous/encryption.py +++ b/pymongo/asynchronous/encryption.py @@ -714,10 +714,12 @@ def __init__( self._io_callbacks: Optional[_EncryptionIO] = _EncryptionIO( None, key_vault_coll, None, opts ) + + # Pass bypass_encryption=True to skip loading crypt_shared. self._encryption = AsyncExplicitEncrypter( self._io_callbacks, _create_mongocrypt_options( - kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms + kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms, bypass_encryption=True ), ) # Use the same key vault collection as the callback. diff --git a/pymongo/synchronous/encryption.py b/pymongo/synchronous/encryption.py index 2d666b9763..9ffa00cad6 100644 --- a/pymongo/synchronous/encryption.py +++ b/pymongo/synchronous/encryption.py @@ -707,10 +707,15 @@ def __init__( self._io_callbacks: Optional[_EncryptionIO] = _EncryptionIO( None, key_vault_coll, None, opts ) + + # Pass bypass_encryption=True to skip loading crypt_shared. self._encryption = ExplicitEncrypter( self._io_callbacks, _create_mongocrypt_options( - kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms + kms_providers=kms_providers, + schema_map=None, + key_expiration_ms=key_expiration_ms, + bypass_encryption=True, ), ) # Use the same key vault collection as the callback. From c64bc2c3c99096b7dd7edb1427db6b8b598397b7 Mon Sep 17 00:00:00 2001 From: "Jeffrey A. Clark" Date: Fri, 19 Dec 2025 14:33:25 -0500 Subject: [PATCH 2/3] Add changelog entry --- doc/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/changelog.rst b/doc/changelog.rst index a2a8f6c211..011f3bce5c 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -17,6 +17,8 @@ PyMongo 4.16 brings a number of changes including: - Fixed return type annotation for ``find_one_and_*`` methods on :class:`~pymongo.asynchronous.collection.AsyncCollection` and :class:`~pymongo.synchronous.collection.Collection` to include ``None``. - Added support for NumPy 1D-arrays in :class:`bson.binary.BinaryVector`. +- Fixed a bug in :class:`~pymongo.encryption.ClientEncryption`: ClientEncryption + shouldn't try to load mongo crypt shared library. Changes in Version 4.15.5 (2025/XX/XX) -------------------------------------- From 22c09ec20405affc67dbb30f34254e9eba94f284 Mon Sep 17 00:00:00 2001 From: "Jeffrey A. Clark" Date: Fri, 19 Dec 2025 15:22:45 -0500 Subject: [PATCH 3/3] Address review --- doc/changelog.rst | 5 +++-- pymongo/asynchronous/encryption.py | 6 +++++- pymongo/synchronous/encryption.py | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/doc/changelog.rst b/doc/changelog.rst index 011f3bce5c..b2fc239e08 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -17,8 +17,9 @@ PyMongo 4.16 brings a number of changes including: - Fixed return type annotation for ``find_one_and_*`` methods on :class:`~pymongo.asynchronous.collection.AsyncCollection` and :class:`~pymongo.synchronous.collection.Collection` to include ``None``. - Added support for NumPy 1D-arrays in :class:`bson.binary.BinaryVector`. -- Fixed a bug in :class:`~pymongo.encryption.ClientEncryption`: ClientEncryption - shouldn't try to load mongo crypt shared library. +- Prevented :class:`~pymongo.encryption.ClientEncryption` from loading the crypt + shared library to fix "MongoCryptError: An existing crypt_shared library is + loaded by the application" unless the linked library search path is set. Changes in Version 4.15.5 (2025/XX/XX) -------------------------------------- diff --git a/pymongo/asynchronous/encryption.py b/pymongo/asynchronous/encryption.py index 7f4f2f2a2f..c43aa38e76 100644 --- a/pymongo/asynchronous/encryption.py +++ b/pymongo/asynchronous/encryption.py @@ -13,6 +13,7 @@ # limitations under the License. """Support for explicit client-side field level encryption.""" + from __future__ import annotations import asyncio @@ -719,7 +720,10 @@ def __init__( self._encryption = AsyncExplicitEncrypter( self._io_callbacks, _create_mongocrypt_options( - kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms, bypass_encryption=True + kms_providers=kms_providers, + schema_map=None, + key_expiration_ms=key_expiration_ms, + bypass_encryption=True, # Don't load crypt_shared ), ) # Use the same key vault collection as the callback. diff --git a/pymongo/synchronous/encryption.py b/pymongo/synchronous/encryption.py index 9ffa00cad6..e09ab9165c 100644 --- a/pymongo/synchronous/encryption.py +++ b/pymongo/synchronous/encryption.py @@ -13,6 +13,7 @@ # limitations under the License. """Support for explicit client-side field level encryption.""" + from __future__ import annotations import contextlib @@ -715,7 +716,7 @@ def __init__( kms_providers=kms_providers, schema_map=None, key_expiration_ms=key_expiration_ms, - bypass_encryption=True, + bypass_encryption=True, # Don't load crypt_shared ), ) # Use the same key vault collection as the callback.