< 0 to check for failure is a very common idiom througout the illumos code base.

Not a stopper of course, but yes, illumos code base has a lot of weird stuff that needs to be fixed and not followed :)

It certainly should return -1, but it's not "weird" to handle some unusual fault condition where it returns a larger negative number.  No negative value would be valid, so it seems fine -- even better, frankly -- to just treat the entire range as a fault.

As Toomas points out, we should probably clear these out (there is currently no portable way of doing this as AFAIK Linux, Windows, and OS X don't have explicit_bzero() or freezero(), and given these are passphrases, it's probably worth taking the porting/merging hit to provide better security here since we can.

That comes from the original code ('file://').  It can be changed into an ASSERT0(strncmp(uri, 'file://')).

freezero() is probably better. Neither it nor explicit_bzero() an option in OpenZFS, but I think the security concerns probably outweight the portability/merge issues here.

It turns out, stashed way in an appendix of RFC3986 there's a regex for parsing a URI that appears to be locale agnostic. I'll update the code to use that.