rpass

compats.c (43803B)

---

 #include "config.h"
 #if !HAVE_ERR
 /*
  * Copyright (c) 1993
  *      The Regents of the University of California.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 
 #include <errno.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 void
 vwarnx(const char *fmt, va_list ap)
 {
 	fprintf(stderr, "%s: ", getprogname());
 	if (fmt != NULL)
 		vfprintf(stderr, fmt, ap);
 }
 
 void
 vwarn(const char *fmt, va_list ap)
 {
 	int sverrno;
 
 	sverrno = errno;
 	vwarnx(fmt, ap);
 	if (fmt != NULL)
 		fputs(": ", stderr);
 	fprintf(stderr, "%s\n", strerror(sverrno));
 }
 
 void
 err(int eval, const char *fmt, ...)
 {
 	va_list ap;
 
 	va_start(ap, fmt);
 	vwarn(fmt, ap);
 	va_end(ap);
 	exit(eval);
 }
 
 void
 errx(int eval, const char *fmt, ...)
 {
 	va_list ap;
 
 	va_start(ap, fmt);
 	vwarnx(fmt, ap);
 	va_end(ap);
 	fputc('\n', stderr);
 	exit(eval);
 }
 
 void
 warn(const char *fmt, ...)
 {
 	va_list ap;
 
 	va_start(ap, fmt);
 	vwarn(fmt, ap);
 	va_end(ap);
 }
 
 void
 warnx(const char *fmt, ...)
 {
 	va_list ap;
 
 	va_start(ap, fmt);
 	vwarnx(fmt, ap);
 	va_end(ap);
 	fputc('\n', stderr);
 }
 #endif /* !HAVE_ERR */
 #if !HAVE_B64_NTOP
 /*	$OpenBSD$	*/
 
 /*
  * Copyright (c) 1996 by Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
  * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
  * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
  * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
  * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
  * SOFTWARE.
  */
 
 /*
  * Portions Copyright (c) 1995 by International Business Machines, Inc.
  *
  * International Business Machines, Inc. (hereinafter called IBM) grants
  * permission under its copyrights to use, copy, modify, and distribute this
  * Software with or without fee, provided that the above copyright notice and
  * all paragraphs of this notice appear in all copies, and that the name of IBM
  * not be used in connection with the marketing of any product incorporating
  * the Software or modifications thereof, without specific, written prior
  * permission.
  *
  * To the extent it has a right to do so, IBM grants an immunity from suit
  * under its patents, if any, for the use, sale or manufacture of products to
  * the extent that such products are used for performing Domain Name System
  * dynamic updates in TCP/IP networks by means of the Software.  No immunity is
  * granted for any product per se or for any other function of any product.
  *
  * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
  * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
  * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
  */
 
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
 
 #include <ctype.h>
 #include <resolv.h>
 #include <stdio.h>
 
 #include <stdlib.h>
 #include <string.h>
 
 static const char b64_Base64[] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 static const char b64_Pad64 = '=';
 
 /* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
    The following encoding technique is taken from RFC 1521 by Borenstein
    and Freed.  It is reproduced here in a slightly edited form for
    convenience.
 
    A 65-character subset of US-ASCII is used, enabling 6 bits to be
    represented per printable character. (The extra 65th character, "=",
    is used to signify a special processing function.)
 
    The encoding process represents 24-bit groups of input bits as output
    strings of 4 encoded characters. Proceeding from left to right, a
    24-bit input group is formed by concatenating 3 8-bit input groups.
    These 24 bits are then treated as 4 concatenated 6-bit groups, each
    of which is translated into a single digit in the base64 alphabet.
 
    Each 6-bit group is used as an index into an array of 64 printable
    characters. The character referenced by the index is placed in the
    output string.
 
                          Table 1: The Base64 Alphabet
 
       Value Encoding  Value Encoding  Value Encoding  Value Encoding
           0 A            17 R            34 i            51 z
           1 B            18 S            35 j            52 0
           2 C            19 T            36 k            53 1
           3 D            20 U            37 l            54 2
           4 E            21 V            38 m            55 3
           5 F            22 W            39 n            56 4
           6 G            23 X            40 o            57 5
           7 H            24 Y            41 p            58 6
           8 I            25 Z            42 q            59 7
           9 J            26 a            43 r            60 8
          10 K            27 b            44 s            61 9
          11 L            28 c            45 t            62 +
          12 M            29 d            46 u            63 /
          13 N            30 e            47 v
          14 O            31 f            48 w         (pad) =
          15 P            32 g            49 x
          16 Q            33 h            50 y
 
    Special processing is performed if fewer than 24 bits are available
    at the end of the data being encoded.  A full encoding quantum is
    always completed at the end of a quantity.  When fewer than 24 input
    bits are available in an input group, zero bits are added (on the
    right) to form an integral number of 6-bit groups.  Padding at the
    end of the data is performed using the '=' character.
 
    Since all base64 input is an integral number of octets, only the
          -------------------------------------------------                       
    following cases can arise:
    
        (1) the final quantum of encoding input is an integral
            multiple of 24 bits; here, the final unit of encoded
 	   output will be an integral multiple of 4 characters
 	   with no "=" padding,
        (2) the final quantum of encoding input is exactly 8 bits;
            here, the final unit of encoded output will be two
 	   characters followed by two "=" padding characters, or
        (3) the final quantum of encoding input is exactly 16 bits;
            here, the final unit of encoded output will be three
 	   characters followed by one "=" padding character.
    */
 
 int
 b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
 {
 	size_t datalength = 0;
 	u_char input[3];
 	u_char output[4];
 	size_t i;
 
 	while (2 < srclength) {
 		input[0] = *src++;
 		input[1] = *src++;
 		input[2] = *src++;
 		srclength -= 3;
 
 		output[0] = input[0] >> 2;
 		output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
 		output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
 		output[3] = input[2] & 0x3f;
 
 		if (datalength + 4 > targsize)
 			return (-1);
 		target[datalength++] = b64_Base64[output[0]];
 		target[datalength++] = b64_Base64[output[1]];
 		target[datalength++] = b64_Base64[output[2]];
 		target[datalength++] = b64_Base64[output[3]];
 	}
     
 	/* Now we worry about padding. */
 	if (0 != srclength) {
 		/* Get what's left. */
 		input[0] = input[1] = input[2] = '\0';
 		for (i = 0; i < srclength; i++)
 			input[i] = *src++;
 	
 		output[0] = input[0] >> 2;
 		output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
 		output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
 
 		if (datalength + 4 > targsize)
 			return (-1);
 		target[datalength++] = b64_Base64[output[0]];
 		target[datalength++] = b64_Base64[output[1]];
 		if (srclength == 1)
 			target[datalength++] = b64_Pad64;
 		else
 			target[datalength++] = b64_Base64[output[2]];
 		target[datalength++] = b64_Pad64;
 	}
 	if (datalength >= targsize)
 		return (-1);
 	target[datalength] = '\0';	/* Returned value doesn't count \0. */
 	return (datalength);
 }
 
 /* skips all whitespace anywhere.
    converts characters, four at a time, starting at (or after)
    src from base - 64 numbers into three 8 bit bytes in the target area.
    it returns the number of data bytes stored at the target, or -1 on error.
  */
 
 int
 b64_pton(char const *src, u_char *target, size_t targsize)
 {
 	int state, ch;
 	size_t tarindex;
 	u_char nextbyte;
 	char *pos;
 
 	state = 0;
 	tarindex = 0;
 
 	while ((ch = (unsigned char)*src++) != '\0') {
 		if (isspace(ch))	/* Skip whitespace anywhere. */
 			continue;
 
 		if (ch == b64_Pad64)
 			break;
 
 		pos = strchr(b64_Base64, ch);
 		if (pos == 0) 		/* A non-base64 character. */
 			return (-1);
 
 		switch (state) {
 		case 0:
 			if (target) {
 				if (tarindex >= targsize)
 					return (-1);
 				target[tarindex] = (pos - b64_Base64) << 2;
 			}
 			state = 1;
 			break;
 		case 1:
 			if (target) {
 				if (tarindex >= targsize)
 					return (-1);
 				target[tarindex]   |=  (pos - b64_Base64) >> 4;
 				nextbyte = ((pos - b64_Base64) & 0x0f) << 4;
 				if (tarindex + 1 < targsize)
 					target[tarindex+1] = nextbyte;
 				else if (nextbyte)
 					return (-1);
 			}
 			tarindex++;
 			state = 2;
 			break;
 		case 2:
 			if (target) {
 				if (tarindex >= targsize)
 					return (-1);
 				target[tarindex]   |=  (pos - b64_Base64) >> 2;
 				nextbyte = ((pos - b64_Base64) & 0x03) << 6;
 				if (tarindex + 1 < targsize)
 					target[tarindex+1] = nextbyte;
 				else if (nextbyte)
 					return (-1);
 			}
 			tarindex++;
 			state = 3;
 			break;
 		case 3:
 			if (target) {
 				if (tarindex >= targsize)
 					return (-1);
 				target[tarindex] |= (pos - b64_Base64);
 			}
 			tarindex++;
 			state = 0;
 			break;
 		}
 	}
 
 	/*
 	 * We are done decoding Base-64 chars.  Let's see if we ended
 	 * on a byte boundary, and/or with erroneous trailing characters.
 	 */
 
 	if (ch == b64_Pad64) {			/* We got a pad char. */
 		ch = (unsigned char)*src++;	/* Skip it, get next. */
 		switch (state) {
 		case 0:		/* Invalid = in first position */
 		case 1:		/* Invalid = in second position */
 			return (-1);
 
 		case 2:		/* Valid, means one byte of info */
 			/* Skip any number of spaces. */
 			for (; ch != '\0'; ch = (unsigned char)*src++)
 				if (!isspace(ch))
 					break;
 			/* Make sure there is another trailing = sign. */
 			if (ch != b64_Pad64)
 				return (-1);
 			ch = (unsigned char)*src++;		/* Skip the = */
 			/* Fall through to "single trailing =" case. */
 			/* FALLTHROUGH */
 
 		case 3:		/* Valid, means two bytes of info */
 			/*
 			 * We know this char is an =.  Is there anything but
 			 * whitespace after it?
 			 */
 			for (; ch != '\0'; ch = (unsigned char)*src++)
 				if (!isspace(ch))
 					return (-1);
 
 			/*
 			 * Now make sure for cases 2 and 3 that the "extra"
 			 * bits that slopped past the last full byte were
 			 * zeros.  If we don't check them, they become a
 			 * subliminal channel.
 			 */
 			if (target && tarindex < targsize &&
 			    target[tarindex] != 0)
 				return (-1);
 		}
 	} else {
 		/*
 		 * We ended by seeing the end of the string.  Make sure we
 		 * have no partial bytes lying around.
 		 */
 		if (state != 0)
 			return (-1);
 	}
 
 	return (tarindex);
 }
 #endif /* !HAVE_B64_NTOP */
 #if !HAVE_EXPLICIT_BZERO
 /* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
 /*
  * Public domain.
  * Written by Ted Unangst
  */
 
 #include <string.h>
 
 /*
  * explicit_bzero - don't let the compiler optimize away bzero
  */
 
 #if HAVE_MEMSET_S
 
 void
 explicit_bzero(void *p, size_t n)
 {
 	if (n == 0)
 		return;
 	(void)memset_s(p, n, 0, n);
 }
 
 #else /* HAVE_MEMSET_S */
 
 /*
  * Indirect bzero through a volatile pointer to hopefully avoid
  * dead-store optimisation eliminating the call.
  */
 static void (* volatile ssh_bzero)(void *, size_t) = bzero;
 
 void
 explicit_bzero(void *p, size_t n)
 {
 	if (n == 0)
 		return;
 	/*
 	 * clang -fsanitize=memory needs to intercept memset-like functions
 	 * to correctly detect memory initialisation. Make sure one is called
 	 * directly since our indirection trick above sucessfully confuses it.
 	 */
 #if defined(__has_feature)
 # if __has_feature(memory_sanitizer)
 	memset(p, 0, n);
 # endif
 #endif
 
 	ssh_bzero(p, n);
 }
 
 #endif /* HAVE_MEMSET_S */
 #endif /* !HAVE_EXPLICIT_BZERO */
 #if !HAVE_GETPROGNAME
 /*
  * Copyright (c) 2016 Nicholas Marriott <nicholas.marriott@gmail.com>
  * Copyright (c) 2017 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2020 Stephen Gregoratto <dev@sgregoratto.me>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
  * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <sys/types.h>
 
 #include <errno.h>
 
 #if HAVE_GETEXECNAME
 #include <stdlib.h>
 const char *
 getprogname(void)
 {
 	return getexecname();
 }
 #elif HAVE_PROGRAM_INVOCATION_SHORT_NAME
 const char *
 getprogname(void)
 {
 	return (program_invocation_short_name);
 }
 #elif HAVE___PROGNAME
 const char *
 getprogname(void)
 {
 	extern char	*__progname;
 
 	return (__progname);
 }
 #else
 #error No getprogname available.
 #endif
 #endif /* !HAVE_GETPROGNAME */
 #if !HAVE_MD5
 /*
  * This code implements the MD5 message-digest algorithm.
  * The algorithm is due to Ron Rivest.	This code was
  * written by Colin Plumb in 1993, no copyright is claimed.
  * This code is in the public domain; do with it what you wish.
  *
  * Equivalent code is available from RSA Data Security, Inc.
  * This code has been tested against that, and is equivalent,
  * except that you don't need to include two pages of legalese
  * with every copy.
  *
  * To compute the message digest of a chunk of bytes, declare an
  * MD5Context structure, pass it to MD5Init, call MD5Update as
  * needed on buffers full of bytes, and then call MD5Final, which
  * will fill a supplied 16-byte array with the digest.
  */
 
 #include <sys/types.h>
 #include <stdlib.h>
 #include <string.h>
 
 #define PUT_64BIT_LE(cp, value) do {					\
 	(cp)[7] = (value) >> 56;					\
 	(cp)[6] = (value) >> 48;					\
 	(cp)[5] = (value) >> 40;					\
 	(cp)[4] = (value) >> 32;					\
 	(cp)[3] = (value) >> 24;					\
 	(cp)[2] = (value) >> 16;					\
 	(cp)[1] = (value) >> 8;						\
 	(cp)[0] = (value); } while (0)
 
 #define PUT_32BIT_LE(cp, value) do {					\
 	(cp)[3] = (value) >> 24;					\
 	(cp)[2] = (value) >> 16;					\
 	(cp)[1] = (value) >> 8;						\
 	(cp)[0] = (value); } while (0)
 
 static u_int8_t PADDING[MD5_BLOCK_LENGTH] = {
 	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 
 /*
  * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
  * initialization constants.
  */
 void
 MD5Init(MD5_CTX *ctx)
 {
 	ctx->count = 0;
 	ctx->state[0] = 0x67452301;
 	ctx->state[1] = 0xefcdab89;
 	ctx->state[2] = 0x98badcfe;
 	ctx->state[3] = 0x10325476;
 }
 
 /*
  * Update context to reflect the concatenation of another buffer full
  * of bytes.
  */
 void
 MD5Update(MD5_CTX *ctx, const unsigned char *input, size_t len)
 {
 	size_t have, need;
 
 	/* Check how many bytes we already have and how many more we need. */
 	have = (size_t)((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
 	need = MD5_BLOCK_LENGTH - have;
 
 	/* Update bitcount */
 	ctx->count += (u_int64_t)len << 3;
 
 	if (len >= need) {
 		if (have != 0) {
 			memcpy(ctx->buffer + have, input, need);
 			MD5Transform(ctx->state, ctx->buffer);
 			input += need;
 			len -= need;
 			have = 0;
 		}
 
 		/* Process data in MD5_BLOCK_LENGTH-byte chunks. */
 		while (len >= MD5_BLOCK_LENGTH) {
 			MD5Transform(ctx->state, input);
 			input += MD5_BLOCK_LENGTH;
 			len -= MD5_BLOCK_LENGTH;
 		}
 	}
 
 	/* Handle any remaining bytes of data. */
 	if (len != 0)
 		memcpy(ctx->buffer + have, input, len);
 }
 
 /*
  * Pad pad to 64-byte boundary with the bit pattern
  * 1 0* (64-bit count of bits processed, MSB-first)
  */
 void
 MD5Pad(MD5_CTX *ctx)
 {
 	u_int8_t count[8];
 	size_t padlen;
 
 	/* Convert count to 8 bytes in little endian order. */
 	PUT_64BIT_LE(count, ctx->count);
 
 	/* Pad out to 56 mod 64. */
 	padlen = MD5_BLOCK_LENGTH -
 	    ((ctx->count >> 3) & (MD5_BLOCK_LENGTH - 1));
 	if (padlen < 1 + 8)
 		padlen += MD5_BLOCK_LENGTH;
 	MD5Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
 	MD5Update(ctx, count, 8);
 }
 
 /*
  * Final wrapup--call MD5Pad, fill in digest and zero out ctx.
  */
 void
 MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
 {
 	int i;
 
 	MD5Pad(ctx);
 	for (i = 0; i < 4; i++)
 		PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
 	memset(ctx, 0, sizeof(*ctx));
 }
 
 
 /* The four core functions - F1 is optimized somewhat */
 
 /* #define F1(x, y, z) (x & y | ~x & z) */
 #define F1(x, y, z) (z ^ (x & (y ^ z)))
 #define F2(x, y, z) F1(z, x, y)
 #define F3(x, y, z) (x ^ y ^ z)
 #define F4(x, y, z) (y ^ (x | ~z))
 
 /* This is the central step in the MD5 algorithm. */
 #define MD5STEP(f, w, x, y, z, data, s) \
 	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
 
 /*
  * The core of the MD5 algorithm, this alters an existing MD5 hash to
  * reflect the addition of 16 longwords of new data.  MD5Update blocks
  * the data and converts bytes into longwords for this routine.
  */
 void
 MD5Transform(u_int32_t state[4], const u_int8_t block[MD5_BLOCK_LENGTH])
 {
 	u_int32_t a, b, c, d, in[MD5_BLOCK_LENGTH / 4];
 
 #if BYTE_ORDER == LITTLE_ENDIAN
 	memcpy(in, block, sizeof(in));
 #else
 	for (a = 0; a < MD5_BLOCK_LENGTH / 4; a++) {
 		in[a] = (u_int32_t)(
 		    (u_int32_t)(block[a * 4 + 0]) |
 		    (u_int32_t)(block[a * 4 + 1]) <<  8 |
 		    (u_int32_t)(block[a * 4 + 2]) << 16 |
 		    (u_int32_t)(block[a * 4 + 3]) << 24);
 	}
 #endif
 
 	a = state[0];
 	b = state[1];
 	c = state[2];
 	d = state[3];
 
 	MD5STEP(F1, a, b, c, d, in[ 0] + 0xd76aa478,  7);
 	MD5STEP(F1, d, a, b, c, in[ 1] + 0xe8c7b756, 12);
 	MD5STEP(F1, c, d, a, b, in[ 2] + 0x242070db, 17);
 	MD5STEP(F1, b, c, d, a, in[ 3] + 0xc1bdceee, 22);
 	MD5STEP(F1, a, b, c, d, in[ 4] + 0xf57c0faf,  7);
 	MD5STEP(F1, d, a, b, c, in[ 5] + 0x4787c62a, 12);
 	MD5STEP(F1, c, d, a, b, in[ 6] + 0xa8304613, 17);
 	MD5STEP(F1, b, c, d, a, in[ 7] + 0xfd469501, 22);
 	MD5STEP(F1, a, b, c, d, in[ 8] + 0x698098d8,  7);
 	MD5STEP(F1, d, a, b, c, in[ 9] + 0x8b44f7af, 12);
 	MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
 	MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
 	MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122,  7);
 	MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
 	MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
 	MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
 
 	MD5STEP(F2, a, b, c, d, in[ 1] + 0xf61e2562,  5);
 	MD5STEP(F2, d, a, b, c, in[ 6] + 0xc040b340,  9);
 	MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
 	MD5STEP(F2, b, c, d, a, in[ 0] + 0xe9b6c7aa, 20);
 	MD5STEP(F2, a, b, c, d, in[ 5] + 0xd62f105d,  5);
 	MD5STEP(F2, d, a, b, c, in[10] + 0x02441453,  9);
 	MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
 	MD5STEP(F2, b, c, d, a, in[ 4] + 0xe7d3fbc8, 20);
 	MD5STEP(F2, a, b, c, d, in[ 9] + 0x21e1cde6,  5);
 	MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6,  9);
 	MD5STEP(F2, c, d, a, b, in[ 3] + 0xf4d50d87, 14);
 	MD5STEP(F2, b, c, d, a, in[ 8] + 0x455a14ed, 20);
 	MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905,  5);
 	MD5STEP(F2, d, a, b, c, in[ 2] + 0xfcefa3f8,  9);
 	MD5STEP(F2, c, d, a, b, in[ 7] + 0x676f02d9, 14);
 	MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
 
 	MD5STEP(F3, a, b, c, d, in[ 5] + 0xfffa3942,  4);
 	MD5STEP(F3, d, a, b, c, in[ 8] + 0x8771f681, 11);
 	MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
 	MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
 	MD5STEP(F3, a, b, c, d, in[ 1] + 0xa4beea44,  4);
 	MD5STEP(F3, d, a, b, c, in[ 4] + 0x4bdecfa9, 11);
 	MD5STEP(F3, c, d, a, b, in[ 7] + 0xf6bb4b60, 16);
 	MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
 	MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6,  4);
 	MD5STEP(F3, d, a, b, c, in[ 0] + 0xeaa127fa, 11);
 	MD5STEP(F3, c, d, a, b, in[ 3] + 0xd4ef3085, 16);
 	MD5STEP(F3, b, c, d, a, in[ 6] + 0x04881d05, 23);
 	MD5STEP(F3, a, b, c, d, in[ 9] + 0xd9d4d039,  4);
 	MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
 	MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
 	MD5STEP(F3, b, c, d, a, in[2 ] + 0xc4ac5665, 23);
 
 	MD5STEP(F4, a, b, c, d, in[ 0] + 0xf4292244,  6);
 	MD5STEP(F4, d, a, b, c, in[7 ] + 0x432aff97, 10);
 	MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
 	MD5STEP(F4, b, c, d, a, in[5 ] + 0xfc93a039, 21);
 	MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3,  6);
 	MD5STEP(F4, d, a, b, c, in[3 ] + 0x8f0ccc92, 10);
 	MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
 	MD5STEP(F4, b, c, d, a, in[1 ] + 0x85845dd1, 21);
 	MD5STEP(F4, a, b, c, d, in[8 ] + 0x6fa87e4f,  6);
 	MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
 	MD5STEP(F4, c, d, a, b, in[6 ] + 0xa3014314, 15);
 	MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
 	MD5STEP(F4, a, b, c, d, in[4 ] + 0xf7537e82,  6);
 	MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
 	MD5STEP(F4, c, d, a, b, in[2 ] + 0x2ad7d2bb, 15);
 	MD5STEP(F4, b, c, d, a, in[9 ] + 0xeb86d391, 21);
 
 	state[0] += a;
 	state[1] += b;
 	state[2] += c;
 	state[3] += d;
 }
 
 char *
 MD5End(MD5_CTX *ctx, char *buf)
 {
 	int i;
 	unsigned char digest[MD5_DIGEST_LENGTH];
 	static const char hex[]="0123456789abcdef";
 
 	if (!buf)
 		buf = malloc(2*MD5_DIGEST_LENGTH + 1);
 	if (!buf)
 		return 0;
 	MD5Final(digest, ctx);
 	for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
 		buf[i+i] = hex[digest[i] >> 4];
 		buf[i+i+1] = hex[digest[i] & 0x0f];
 	}
 	buf[i+i] = '\0';
 	return buf;
 }
 #endif /* !HAVE_MD5 */
 #if !HAVE_MEMMEM
 /*-
  * Copyright (c) 2005 Pascal Gloor <pascal.gloor@spale.com>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
  *    the documentation and/or other materials provided with the
  *    distribution.
  * 3. The name of the author may not be used to endorse or promote
  *    products derived from this software without specific prior written
  *    permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Find the first occurrence of the byte string s in byte string l.
  */
 void *
 memmem(const void *l, size_t l_len, const void *s, size_t s_len)
 {
 	const char *cur, *last;
 	const char *cl = l;
 	const char *cs = s;
 
 	/* a zero length needle should just return the haystack */
 	if (l_len == 0)
 		return (void *)cl;
 
 	/* "s" must be smaller or equal to "l" */
 	if (l_len < s_len)
 		return NULL;
 
 	/* special case where s_len == 1 */
 	if (s_len == 1)
 		return memchr(l, *cs, l_len);
 
 	/* the last position where its possible to find "s" in "l" */
 	last = cl + l_len - s_len;
 
 	for (cur = cl; cur <= last; cur++)
 		if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0)
 			return (void *)cur;
 
 	return NULL;
 }
 #endif /* !HAVE_MEMMEM */
 #if !HAVE_MEMRCHR
 /*
  * Copyright (c) 2007 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
  */
 
 #include <string.h>
 
 /*
  * Reverse memchr()
  * Find the last occurrence of 'c' in the buffer 's' of size 'n'.
  */
 void *
 memrchr(const void *s, int c, size_t n)
 {
     const unsigned char *cp;
 
     if (n != 0) {
         cp = (unsigned char *)s + n;
         do {
             if (*(--cp) == (unsigned char)c)
                 return((void *)cp);
         } while (--n != 0);
     }
     return(NULL);
 }
 #endif /* !HAVE_MEMRCHR */
 #if !HAVE_READPASSPHRASE
 /* 
  * Original: readpassphrase.c in OpenSSH portable
  */
 /*
  * Copyright (c) 2000-2002, 2007, 2010
  *	Todd C. Miller <millert@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
  * Sponsored in part by the Defense Advanced Research Projects
  * Agency (DARPA) and Air Force Research Laboratory, Air Force
  * Materiel Command, USAF, under agreement number F39502-99-1-0512.
  */
 
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <paths.h>
 #include <pwd.h>
 #include <signal.h>
 #include <string.h>
 #include <termios.h>
 #include <unistd.h>
 
 #if defined(_NSIG)
 static volatile sig_atomic_t readpassphrase_signo[_NSIG];
 #else
 static volatile sig_atomic_t readpassphrase_signo[NSIG];
 #endif
 
 static void
 readpassphrase_handler(int s)
 {
 
 	readpassphrase_signo[s] = 1;
 }
 
 char *
 readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 {
 	ssize_t nr;
 	int input, output, save_errno, i, need_restart;
 	char ch, *p, *end;
 	struct termios term, oterm;
 	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
 	struct sigaction savetstp, savettin, savettou, savepipe;
 /* If we don't have TCSASOFT define it so that ORing it it below is a no-op. */
 #ifndef TCSASOFT
 	const int tcasoft = 0;
 #else
 	const int tcasoft = TCSASOFT;
 #endif
 
 	/* I suppose we could alloc on demand in this case (XXX). */
 	if (bufsiz == 0) {
 		errno = EINVAL;
 		return(NULL);
 	}
 
 restart:
 	for (i = 0; i < _NSIG; i++)
 		readpassphrase_signo[i] = 0;
 	nr = -1;
 	save_errno = 0;
 	need_restart = 0;
 	/*
 	 * Read and write to /dev/tty if available.  If not, read from
 	 * stdin and write to stderr unless a tty is required.
 	 */
 	if ((flags & RPP_STDIN) ||
 	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
 		if (flags & RPP_REQUIRE_TTY) {
 			errno = ENOTTY;
 			return(NULL);
 		}
 		input = STDIN_FILENO;
 		output = STDERR_FILENO;
 	}
 
 	/*
 	 * Turn off echo if possible.
 	 * If we are using a tty but are not the foreground pgrp this will
 	 * generate SIGTTOU, so do it *before* installing the signal handlers.
 	 */
 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
 		memcpy(&term, &oterm, sizeof(term));
 		if (!(flags & RPP_ECHO_ON))
 			term.c_lflag &= ~(ECHO | ECHONL);
 #ifdef VSTATUS
 		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
 			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
 #endif
 		(void)tcsetattr(input, TCSAFLUSH|tcasoft, &term);
 	} else {
 		memset(&term, 0, sizeof(term));
 		term.c_lflag |= ECHO;
 		memset(&oterm, 0, sizeof(oterm));
 		oterm.c_lflag |= ECHO;
 	}
 
 	/*
 	 * Catch signals that would otherwise cause the user to end
 	 * up with echo turned off in the shell.  Don't worry about
 	 * things like SIGXCPU and SIGVTALRM for now.
 	 */
 	sigemptyset(&sa.sa_mask);
 	sa.sa_flags = 0;		/* don't restart system calls */
 	sa.sa_handler = readpassphrase_handler;
 	(void)sigaction(SIGALRM, &sa, &savealrm);
 	(void)sigaction(SIGHUP, &sa, &savehup);
 	(void)sigaction(SIGINT, &sa, &saveint);
 	(void)sigaction(SIGPIPE, &sa, &savepipe);
 	(void)sigaction(SIGQUIT, &sa, &savequit);
 	(void)sigaction(SIGTERM, &sa, &saveterm);
 	(void)sigaction(SIGTSTP, &sa, &savetstp);
 	(void)sigaction(SIGTTIN, &sa, &savettin);
 	(void)sigaction(SIGTTOU, &sa, &savettou);
 
 	if (!(flags & RPP_STDIN))
 		(void)write(output, prompt, strlen(prompt));
 	end = buf + bufsiz - 1;
 	p = buf;
 	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
 		if (p < end) {
 			if ((flags & RPP_SEVENBIT))
 				ch &= 0x7f;
 			if (isalpha((unsigned char)ch)) {
 				if ((flags & RPP_FORCELOWER))
 					ch = (char)tolower((unsigned char)ch);
 				if ((flags & RPP_FORCEUPPER))
 					ch = (char)toupper((unsigned char)ch);
 			}
 			*p++ = ch;
 		}
 	}
 	*p = '\0';
 	save_errno = errno;
 	if (!(term.c_lflag & ECHO))
 		(void)write(output, "\n", 1);
 
 	/* Restore old terminal settings and signals. */
 	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
 		const int sigttou = readpassphrase_signo[SIGTTOU];
 
 		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
 		while (tcsetattr(input, TCSAFLUSH|tcasoft, &oterm) == -1 &&
 		    errno == EINTR && !readpassphrase_signo[SIGTTOU])
 			continue;
 		readpassphrase_signo[SIGTTOU] = sigttou;
 	}
 	(void)sigaction(SIGALRM, &savealrm, NULL);
 	(void)sigaction(SIGHUP, &savehup, NULL);
 	(void)sigaction(SIGINT, &saveint, NULL);
 	(void)sigaction(SIGQUIT, &savequit, NULL);
 	(void)sigaction(SIGPIPE, &savepipe, NULL);
 	(void)sigaction(SIGTERM, &saveterm, NULL);
 	(void)sigaction(SIGTSTP, &savetstp, NULL);
 	(void)sigaction(SIGTTIN, &savettin, NULL);
 	(void)sigaction(SIGTTOU, &savettou, NULL);
 	if (input != STDIN_FILENO)
 		(void)close(input);
 
 	/*
 	 * If we were interrupted by a signal, resend it to ourselves
 	 * now that we have restored the signal handlers.
 	 */
 	for (i = 0; i < _NSIG; i++) {
 		if (readpassphrase_signo[i]) {
 			kill(getpid(), i);
 			switch (i) {
 			case SIGTSTP:
 			case SIGTTIN:
 			case SIGTTOU:
 				need_restart = 1;
 			}
 		}
 	}
 	if (need_restart)
 		goto restart;
 
 	if (save_errno)
 		errno = save_errno;
 	return(nr == -1 ? NULL : buf);
 }
 #endif /* !HAVE_READPASSPHRASE */
 #if !HAVE_REALLOCARRAY
 /*
  * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <sys/types.h>
 #include <errno.h>
 #include <stdint.h>
 #include <stdlib.h>
 
 /*
  * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
  * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
  */
 #define MUL_NO_OVERFLOW	((size_t)1 << (sizeof(size_t) * 4))
 
 void *
 reallocarray(void *optr, size_t nmemb, size_t size)
 {
 	if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
 	    nmemb > 0 && SIZE_MAX / nmemb < size) {
 		errno = ENOMEM;
 		return NULL;
 	}
 	return realloc(optr, size * nmemb);
 }
 #endif /* !HAVE_REALLOCARRAY */
 #if !HAVE_RECALLOCARRAY
 /*
  * Copyright (c) 2008, 2017 Otto Moerbeek <otto@drijf.net>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 /* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */
 
 #include <errno.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
 #include <unistd.h>
 
 /*
  * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
  * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
  */
 #define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
 
 void *
 recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
 {
 	size_t oldsize, newsize;
 	void *newptr;
 
 	if (ptr == NULL)
 		return calloc(newnmemb, size);
 
 	if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
 	    newnmemb > 0 && SIZE_MAX / newnmemb < size) {
 		errno = ENOMEM;
 		return NULL;
 	}
 	newsize = newnmemb * size;
 
 	if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
 	    oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
 		errno = EINVAL;
 		return NULL;
 	}
 	oldsize = oldnmemb * size;
 	
 	/*
 	 * Don't bother too much if we're shrinking just a bit,
 	 * we do not shrink for series of small steps, oh well.
 	 */
 	if (newsize <= oldsize) {
 		size_t d = oldsize - newsize;
 
 		if (d < oldsize / 2 && d < (size_t)getpagesize()) {
 			memset((char *)ptr + newsize, 0, d);
 			return ptr;
 		}
 	}
 
 	newptr = malloc(newsize);
 	if (newptr == NULL)
 		return NULL;
 
 	if (newsize > oldsize) {
 		memcpy(newptr, ptr, oldsize);
 		memset((char *)newptr + oldsize, 0, newsize - oldsize);
 	} else
 		memcpy(newptr, ptr, newsize);
 
 	explicit_bzero(ptr, oldsize);
 	free(ptr);
 
 	return newptr;
 }
 #endif /* !HAVE_RECALLOCARRAY */
 #if !HAVE_STRLCAT
 /*
  * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <sys/types.h>
 #include <string.h>
 
 /*
  * Appends src to string dst of size siz (unlike strncat, siz is the
  * full size of dst, not space left).  At most siz-1 characters
  * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
  * Returns strlen(src) + MIN(siz, strlen(initial dst)).
  * If retval >= siz, truncation occurred.
  */
 size_t
 strlcat(char *dst, const char *src, size_t siz)
 {
 	char *d = dst;
 	const char *s = src;
 	size_t n = siz;
 	size_t dlen;
 
 	/* Find the end of dst and adjust bytes left but don't go past end */
 	while (n-- != 0 && *d != '\0')
 		d++;
 	dlen = d - dst;
 	n = siz - dlen;
 
 	if (n == 0)
 		return(dlen + strlen(s));
 	while (*s != '\0') {
 		if (n != 1) {
 			*d++ = *s;
 			n--;
 		}
 		s++;
 	}
 	*d = '\0';
 
 	return(dlen + (s - src));	/* count does not include NUL */
 }
 #endif /* !HAVE_STRLCAT */
 #if !HAVE_STRLCPY
 /*
  * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <sys/types.h>
 #include <string.h>
 
 /*
  * Copy src to string dst of size siz.  At most siz-1 characters
  * will be copied.  Always NUL terminates (unless siz == 0).
  * Returns strlen(src); if retval >= siz, truncation occurred.
  */
 size_t
 strlcpy(char *dst, const char *src, size_t siz)
 {
 	char *d = dst;
 	const char *s = src;
 	size_t n = siz;
 
 	/* Copy as many bytes as will fit */
 	if (n != 0) {
 		while (--n != 0) {
 			if ((*d++ = *s++) == '\0')
 				break;
 		}
 	}
 
 	/* Not enough room in dst, add NUL and traverse rest of src */
 	if (n == 0) {
 		if (siz != 0)
 			*d = '\0';		/* NUL-terminate dst */
 		while (*s++)
 			;
 	}
 
 	return(s - src - 1);	/* count does not include NUL */
 }
 #endif /* !HAVE_STRLCPY */
 #if !HAVE_STRNDUP
 /*	$OpenBSD$	*/
 /*
  * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <sys/types.h>
 
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
 
 char *
 strndup(const char *str, size_t maxlen)
 {
 	char *copy;
 	size_t len;
 
 	len = strnlen(str, maxlen);
 	copy = malloc(len + 1);
 	if (copy != NULL) {
 		(void)memcpy(copy, str, len);
 		copy[len] = '\0';
 	}
 
 	return copy;
 }
 #endif /* !HAVE_STRNDUP */
 #if !HAVE_STRNLEN
 /*	$OpenBSD$	*/
 
 /*
  * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <sys/types.h>
 #include <string.h>
 
 size_t
 strnlen(const char *str, size_t maxlen)
 {
 	const char *cp;
 
 	for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
 		;
 
 	return (size_t)(cp - str);
 }
 #endif /* !HAVE_STRNLEN */
 #if !HAVE_STRTONUM
 /*
  * Copyright (c) 2004 Ted Unangst and Todd Miller
  * All rights reserved.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <errno.h>
 #include <limits.h>
 #include <stdlib.h>
 
 #define	INVALID		1
 #define	TOOSMALL	2
 #define	TOOLARGE	3
 
 long long
 strtonum(const char *numstr, long long minval, long long maxval,
     const char **errstrp)
 {
 	long long ll = 0;
 	int error = 0;
 	char *ep;
 	struct errval {
 		const char *errstr;
 		int err;
 	} ev[4] = {
 		{ NULL,		0 },
 		{ "invalid",	EINVAL },
 		{ "too small",	ERANGE },
 		{ "too large",	ERANGE },
 	};
 
 	ev[0].err = errno;
 	errno = 0;
 	if (minval > maxval) {
 		error = INVALID;
 	} else {
 		ll = strtoll(numstr, &ep, 10);
 		if (numstr == ep || *ep != '\0')
 			error = INVALID;
 		else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
 			error = TOOSMALL;
 		else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
 			error = TOOLARGE;
 	}
 	if (errstrp != NULL)
 		*errstrp = ev[error].errstr;
 	errno = ev[error].err;
 	if (error)
 		ll = 0;
 
 	return (ll);
 }
 #endif /* !HAVE_STRTONUM */