mintlayer · OBorce · Jan 8, 2026
@@ -52,7 +52,7 @@ pub fn web_server<
     socket: TcpListener,
     state: ApiServerWebServerState<Arc<T>, Arc<R>>,
     enable_post_endpoints: bool,
-) -> axum::serve::Serve<Router, Router> {
+) -> axum::serve::Serve<TcpListener, Router, Router> {
     let cors_layer = CorsLayer::new()
         .allow_methods(AllowMethods::list([Method::GET, Method::POST]))
         .allow_headers(Any)

@@ -27,7 +27,7 @@ num.workspace = true
 parity-scale-codec.workspace = true
 ripemd.workspace = true
 schnorrkel.workspace = true
-secp256k1 = { workspace = true, default-features = false, features = ["rand-std", "std", "rand"] }
+secp256k1 = { workspace = true, default-features = false, features = ["std", "rand"] }
 serde = { workspace = true, features = ["derive"] }
 sha-1.workspace = true
 sha2.workspace = true

@@ -57,7 +57,7 @@ fn to_key_and_chain_code(
     mac: Hmac<Sha512>,
 ) -> Result<(secp256k1::SecretKey, ChainCode), DerivationError> {
     util::to_key_and_chain_code(mac, |secret_key_bytes| {
-        secp256k1::SecretKey::from_slice(secret_key_bytes)
+        secp256k1::SecretKey::from_byte_array(&secret_key_bytes)
             .map_err(|_| DerivationError::KeyDerivationError)
     })
 }

@@ -44,7 +44,7 @@ impl Encode for Secp256k1PrivateKey {
 impl Decode for Secp256k1PrivateKey {
     fn decode<I: serialization::Input>(input: &mut I) -> Result<Self, serialization::Error> {
         let mut v = <[u8; secp256k1::constants::SECRET_KEY_SIZE]>::decode(input)?;
-        let result = secp256k1::SecretKey::from_slice(&v)
+        let result = secp256k1::SecretKey::from_byte_array(&v)
             .map(|r| Secp256k1PrivateKey { data: r })
             .map_err(|_| serialization::Error::from("Private Key deserialization failed"));
         v.zeroize();
@@ -73,9 +73,11 @@ impl Secp256k1PrivateKey {
     }
 
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, Secp256k1KeyError> {
-        secp256k1::SecretKey::from_slice(bytes)
-            .map(|r| Secp256k1PrivateKey { data: r })
-            .map_err(|_| Secp256k1KeyError::InvalidData)
+        secp256k1::SecretKey::from_byte_array(
+            &bytes.try_into().map_err(|_| Secp256k1KeyError::InvalidData)?,
+        )
+        .map(|r| Secp256k1PrivateKey { data: r })
+        .map_err(|_| Secp256k1KeyError::InvalidData)
     }
 
     pub fn as_native(&self) -> &secp256k1::SecretKey {
@@ -94,15 +96,14 @@ impl Secp256k1PrivateKey {
         let secp = secp256k1::Secp256k1::new();
         // Hash the message
         let e = Blake2b32Stream::new().write(msg).finalize();
-        let msg_hash =
-            secp256k1::Message::from_digest_slice(e.as_slice()).expect("Blake2b32 is 32 bytes");
+        let msg_hash = secp256k1::Message::from_digest(e.into());
         // Sign the hash
         // TODO(SECURITY) erase keypair after signing
         let keypair = self.data.keypair(&secp);
 
         let aux_data = aux_data_provider.get_secp256k1_schnorr_aux_data();
 
-        secp.sign_schnorr_with_aux_rand(&msg_hash, &keypair, &aux_data)
+        secp.sign_schnorr_with_aux_rand(msg_hash.as_ref(), &keypair, &aux_data)
     }
 }
 
@@ -168,8 +169,7 @@ impl Secp256k1PublicKey {
     ) -> bool {
         // Hash the message
         let e = Blake2b32Stream::new().write(msg).finalize();
-        let msg_hashed =
-            secp256k1::Message::from_digest_slice(e.as_slice()).expect("Blake2b32 is 32 bytes");
+        let msg_hashed = secp256k1::Message::from_digest(e.into());
         // Verify the signature
         self.verify_message_hashed(signature, &msg_hashed)
     }
@@ -182,7 +182,7 @@ impl Secp256k1PublicKey {
         let secp = secp256k1::Secp256k1::new();
         secp.verify_schnorr(
             signature,
-            msg_hashed,
+            msg_hashed.as_ref(),
             &self.pubkey_data.x_only_public_key().0,
         )
         .is_ok()
@@ -377,7 +377,7 @@ mod test {
         assert!(pk.verify_message(&sig1, &msg));
         assert!(pk.verify_message(&sig2, &msg));
         assert_eq!(sig1, sig2);
-        assert_eq!(sig1.serialize(), sig2.serialize());
+        assert_eq!(sig1.to_byte_array(), sig2.to_byte_array());
     }
 
     #[rstest]

@@ -65,8 +65,7 @@ impl Decode for Signature {
         match sig_kind {
             SignatureKind::Secp256k1Schnorr => {
                 let data = <[u8; secp256k1::constants::SCHNORR_SIGNATURE_SIZE]>::decode(input)?;
-                let sig = secp256k1::schnorr::Signature::from_slice(&data)
-                    .map_err(|_| serialization::Error::from("Signature deserialization failed"))?;
+                let sig = secp256k1::schnorr::Signature::from_byte_array(data);
                 Ok(Signature::Secp256k1Schnorr(sig))
             }
         }
@@ -85,8 +84,11 @@ impl Signature {
     ) -> Result<Self, SignatureError> {
         match kind {
             SignatureKind::Secp256k1Schnorr => {
-                let decoded_sig = secp256k1::schnorr::Signature::from_slice(data.as_ref())
-                    .map_err(|_| SignatureError::SignatureConstructionError)?;
+                let decoded_sig = secp256k1::schnorr::Signature::from_byte_array(
+                    data.as_ref()
+                        .try_into()
+                        .map_err(|_| SignatureError::SignatureConstructionError)?,
+                );
                 Ok(Self::Secp256k1Schnorr(decoded_sig))
             }
         }

@@ -15,6 +15,7 @@
 
 use generic_array::{sequence::Split, typenum::U32, GenericArray};
 use hmac::{Hmac, Mac};
+use secp256k1::constants;
 use sha2::Sha512;
 use zeroize::Zeroize;
 
@@ -31,7 +32,7 @@ pub fn new_hmac_sha_512(key: &[u8]) -> Hmac<Sha512> {
 
 pub fn to_key_and_chain_code<SecretKey>(
     mac: Hmac<Sha512>,
-    to_key: impl FnOnce(&[u8]) -> Result<SecretKey, DerivationError>,
+    to_key: impl FnOnce([u8; constants::SECRET_KEY_SIZE]) -> Result<SecretKey, DerivationError>,
 ) -> Result<(SecretKey, ChainCode), DerivationError> {
     // Finalize the hmac
     let mut result = mac.finalize().into_bytes();
@@ -44,7 +45,7 @@ pub fn to_key_and_chain_code<SecretKey>(
     result.zeroize();
 
     // Create the secret key key
-    let secret_key = to_key(secret_key_bytes.as_slice())?;
+    let secret_key = to_key(secret_key_bytes.into())?;
     secret_key_bytes.zeroize();
 
     // Chain code

@@ -328,7 +328,7 @@ fn to_key_and_chain_code(
     key_kind: VRFKeyKind,
 ) -> Result<(VRFPrivateKey, ChainCode), DerivationError> {
     util::to_key_and_chain_code(mac, |secret_key_bytes| {
-        VRFPrivateKey::new_using_random_bytes(secret_key_bytes, key_kind)
+        VRFPrivateKey::new_using_random_bytes(&secret_key_bytes, key_kind)
             .map(|(prv, _pub)| prv)
             .map_err(|_| DerivationError::KeyDerivationError)
     })

@@ -19,7 +19,7 @@ use std::{
 };
 
 use clap::Parser;
-use hickory_client::rr::Name;
+use hickory_client::proto::rr::Name;
 use utils_networking::IpOrSocketAddress;
 
 use common::primitives::per_thousand::PerThousand;

@@ -23,17 +23,14 @@ use std::{
 
 use common::{chain::ChainConfig, primitives::per_thousand::PerThousand};
 use futures::never::Never;
-use hickory_client::{
-    proto::rr::{LowerName, RrKey},
-    rr::{
-        rdata::{NS, SOA},
-        Name, RData, RecordSet, RecordType,
-    },
+use hickory_client::proto::rr::{
+    rdata::{NS, SOA},
+    LowerName, Name, RData, RecordSet, RecordType, RrKey,
 };
 use hickory_server::{
     authority::{
-        AuthLookup, Authority, Catalog, LookupError, LookupOptions, MessageRequest, UpdateResult,
-        ZoneType,
+        AuthLookup, Authority, Catalog, LookupControlFlow, LookupError, LookupOptions,
+        MessageRequest, UpdateResult, ZoneType,
     },
     server::RequestInfo,
     store::in_memory::InMemoryAuthority,
@@ -103,7 +100,8 @@ impl DnsServer {
 
         let mut catalog = Catalog::new();
 
-        catalog.upsert(config.host.clone().into(), Box::new(Arc::clone(&auth)));
+        let dyn_auth: Arc<dyn hickory_server::authority::AuthorityObject> = auth.clone();
+        catalog.upsert(config.host.clone().into(), vec![dyn_auth]);
 
         let mut server = ServerFuture::new(catalog);
 
@@ -376,7 +374,7 @@ impl Authority for AuthorityImpl {
         name: &LowerName,
         query_type: RecordType,
         lookup_options: LookupOptions,
-    ) -> Result<Self::Lookup, LookupError> {
+    ) -> LookupControlFlow<Self::Lookup, LookupError> {
         log::trace!(
             "In lookup for {:?}, query_type = {:?}, lookup_options = {:?}",
             name,
@@ -391,7 +389,7 @@ impl Authority for AuthorityImpl {
         &self,
         request_info: RequestInfo<'_>,
         lookup_options: LookupOptions,
-    ) -> Result<Self::Lookup, LookupError> {
+    ) -> LookupControlFlow<Self::Lookup, LookupError> {
         log::trace!(
             "In search, src = {:?}, protocol = {:?}, header = {:?}, query = {:?}, lookup_options = {:?}",
             request_info.src,
@@ -408,7 +406,7 @@ impl Authority for AuthorityImpl {
         &self,
         name: &LowerName,
         lookup_options: LookupOptions,
-    ) -> Result<Self::Lookup, LookupError> {
+    ) -> LookupControlFlow<Self::Lookup, LookupError> {
         self.inner.get_nsec_records(name, lookup_options).await
     }
 }

@@ -19,7 +19,7 @@ use std::{
     sync::Arc,
 };
 
-use hickory_client::rr::{RData, RecordType};
+use hickory_client::proto::rr::{RData, RecordType};
 use hickory_server::{
     authority::{Authority, ZoneType},
     store::in_memory::InMemoryAuthority,
@@ -91,7 +91,7 @@ async fn dns_server_basic() {
         .cloned()
         .collect::<Vec<_>>();
     assert_eq!(result_a.len(), 1);
-    assert_eq!(result_a[0].data(), Some(&RData::A(ip1.into())));
+    assert_eq!(result_a[0].data(), &RData::A(ip1.into()));
 
     let result_aaaa = auth
         .lookup(&host.clone().into(), RecordType::AAAA, Default::default())
@@ -102,7 +102,7 @@ async fn dns_server_basic() {
         .cloned()
         .collect::<Vec<_>>();
     assert_eq!(result_aaaa.len(), 1);
-    assert_eq!(result_aaaa[0].data(), Some(&RData::AAAA(ip2.into())));
+    assert_eq!(result_aaaa[0].data(), &RData::AAAA(ip2.into()));
 
     handle_command(&auth, DnsServerCommand::DelAddress(ip1.into()));
     handle_command(&auth, DnsServerCommand::DelAddress(ip2.into()));
@@ -170,7 +170,7 @@ mod same_software_version_addr_selection_test {
         let selected_v4_addrs = records[0]
             .1
             .records_without_rrsigs()
-            .map(|rec| assert_matches_return_val!(rec.data(), Some(&RData::A(a)), a.0))
+            .map(|rec| assert_matches_return_val!(rec.data(), &RData::A(a), a.0))
             .collect::<Vec<_>>();
         assert_eq!(
             selected_v4_addrs.len(),
@@ -188,7 +188,7 @@ mod same_software_version_addr_selection_test {
         let selected_v6_addrs = records[1]
             .1
             .records_without_rrsigs()
-            .map(|rec| assert_matches_return_val!(rec.data(), Some(&RData::AAAA(a)), a.0))
+            .map(|rec| assert_matches_return_val!(rec.data(), &RData::AAAA(a), a.0))
             .collect::<Vec<_>>();
         assert_eq!(
             selected_v6_addrs.len(),

@@ -15,7 +15,7 @@
 
 use std::net::AddrParseError;
 
-use hickory_client::proto::error::ProtoError;
+use hickory_client::proto::ProtoError;
 use p2p::{error::P2pError, peer_manager::peerdb_common};
 use thiserror::Error;
 use utils::try_as::TryAsRef;

@@ -13,7 +13,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use criterion::{black_box, criterion_group, criterion_main, Criterion};
+use std::hint::black_box;
+
+use criterion::{criterion_group, criterion_main, Criterion};
 
 use randomness::make_pseudo_rng;
 use utils::bloom_filters::rolling_bloom_filter::RollingBloomFilter;

@@ -48,6 +48,7 @@ impl Completer for WalletCompletions {
                     span: Span::new(0, 0),
                     append_whitespace: false,
                     style: None,
+                    match_indices: None,
                 })
                 .collect()
         } else {