diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd
index e0d9cf813..8e4d7b528 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.4 2015/02/05 01:26:54 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.7 2017/04/17 19:50:28 agc Exp $
 
 PROG=netpgpverify
 
@@ -8,7 +8,7 @@ SRCS+= pgpsum.c rsa.c
 
 SRCS+= bzlib.c zlib.c
 
-SRCS+= md5c.c rmd160.c sha1.c sha2.c tiger.c
+SRCS+= md5c.c rmd160.c sha1.c sha2.c
 
 CPPFLAGS+=-I.
 
@@ -43,3 +43,9 @@ tst:
 	rm -f 1keytest.gpg
 	@echo "testing signing with a subkey"
 	./chk.sh -k joyent-pubring.gpg digest-20121220.tgz
+	@echo "testing signatures with version"
+	./${PROG} -k pubring.gpg version.asc
+	@echo "testing signatures with no version"
+	./${PROG} -k pubring.gpg noversion.asc
+	@echo "testing dash-escaped text"
+	./${PROG} -k pubring.gpg dash-escaped-text.asc
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in
index 5e6f2f2e4..d463af957 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.in
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.8 2014/03/09 00:15:45 agc Exp $
+# $NetBSD: Makefile.in,v 1.11 2017/04/17 19:50:28 agc Exp $
 
 PROG=netpgpverify
 
@@ -8,7 +8,7 @@ OBJS+= pgpsum.o rsa.o
 
 OBJS+= bzlib.o zlib.o
 
-OBJS+= sha1.o sha2.o md5c.o rmd160.o tiger.o
+OBJS+= sha1.o sha2.o md5c.o rmd160.o
 
 PREFIX=@PREFIX@
 MANDIR=@MANDIR@
@@ -26,8 +26,29 @@ tst:
 	./${PROG} -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
 	./${PROG} -k pubring.gpg NetBSD-6.0_RC1_hashes.gpg
 	./${PROG} -v
-	./${PROG} -S testkey.pub data.gpg
-	./${PROG} -S testkey.pub data.sig
+	./${PROG} -S sshtest-20140202.pub data.gpg
+	./${PROG} -S sshtest-20140202.pub data.sig
+	@echo "expected failure, to check bad signatures fail to verify"
+	-sed -e 's|A|B|' data.gpg | ./${PROG} -S sshtest-20140202.pub
+	@echo ""
+	@echo "expected failure, no valid key for verification"
+	-./${PROG} -k /dev/null NetBSD-6.0_RC1_hashes.gpg
+	@echo "dumping now"
+	./${PROG} -c dump -k pubring.gpg NetBSD-6.0_RC1_hashes.asc > /dev/null
+	@echo "dumping ssh now"
+	./${PROG} -c dump -S sshtest-20140202.pub data.gpg
+	@echo "testing pubring with one key"
+	uudecode 1keytest.gpg.uu
+	./${PROG} -k 1keypubring.gpg 1keytest.gpg
+	rm -f 1keytest.gpg
+	@echo "testing signing with a subkey"
+	./chk.sh -k joyent-pubring.gpg digest-20121220.tgz
+	@echo "testing signatures with version"
+	./${PROG} -k pubring.gpg version.asc
+	@echo "testing signatures with no version"
+	./${PROG} -k pubring.gpg noversion.asc
+	@echo "testing dash-escaped text"
+	./${PROG} -k pubring.gpg dash-escaped-text.asc
 
 clean:
 	rm -rf *.core ${OBJS} ${PROG}
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in
index 6e08a3e2a..454e1a4fa 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.lib.in
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.lib.in,v 1.1 2014/03/09 00:15:45 agc Exp $
+# $NetBSD: Makefile.lib.in,v 1.2 2017/04/17 19:50:28 agc Exp $
 
 LIB=	libnetpgpverify.a
 
@@ -8,7 +8,7 @@ OBJS+= pgpsum.o rsa.o
 
 OBJS+= bzlib.o zlib.o
 
-OBJS+= sha1.o sha2.o md5c.o rmd160.o tiger.o
+OBJS+= sha1.o sha2.o md5c.o rmd160.o
 
 PREFIX=@PREFIX@
 MANDIR=@MANDIR@
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in
index bd48dbab0..2b1121fb0 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.libtool.in
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.libtool.in,v 1.1 2014/03/09 00:15:45 agc Exp $
+# $NetBSD: Makefile.libtool.in,v 1.2 2017/04/17 19:50:28 agc Exp $
 
 LIB=	libnetpgpverify.a
 
@@ -8,7 +8,7 @@ OBJS+= pgpsum.o rsa.o
 
 OBJS+= bzlib.o zlib.o
 
-OBJS+= sha1.o sha2.o md5c.o rmd160.o tiger.o
+OBJS+= sha1.o sha2.o md5c.o rmd160.o
 
 PREFIX=@PREFIX@
 MANDIR=@MANDIR@
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h
index d5c19a98d..ce249dcec 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/array.h
@@ -25,10 +25,10 @@
 #ifndef ARRAY_H_
 #define ARRAY_H_	20120921
 
-#ifndef PGPV_ARRAY
+#ifndef ARRAY
 /* creates 2 unsigned vars called "name"c and "name"size in current scope */
 /* also creates an array called "name"s in current scope */
-#define PGPV_ARRAY(type, name)						\
+#define ARRAY(type, name)						\
 	unsigned name##c; unsigned name##vsize; type *name##s
 #endif
 
@@ -67,6 +67,8 @@
 #define ARRAY_SIZE(name)		name##vsize
 #define ARRAY_ARRAY(name)		name##s
 
+#define ARRAY_FREE(name)		free(name##s)
+
 #define ARRAY_APPEND(name, newel) do {					\
 	ARRAY_EXPAND(name);						\
 	ARRAY_COUNT(name) += 1;						\
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c
index 09148f483..8ee8614b6 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bignum.c
@@ -45,6 +45,7 @@
 # include <sys/kmem.h>
 #else
 # include <arpa/inet.h>
+# include <limits.h>
 # include <stdarg.h>
 # include <stdio.h>
 # include <stdlib.h>
@@ -88,6 +89,10 @@
 #define	__arraycount(__x)	(sizeof(__x) / sizeof(__x[0]))
 #endif
 
+#ifndef MIN
+#define MIN(a,b)	(((a)<(b))?(a):(b))
+#endif
+
 #define MP_ISZERO(a) (((a)->used == 0) ? MP_YES : MP_NO)
 
 typedef int           mp_err;
@@ -216,7 +221,7 @@ trim_unused_digits(mp_int * a)
 
 /* copy, b = a */
 static int
-mp_copy(BIGNUM *a, BIGNUM *b)
+mp_copy(PGPV_BIGNUM *a, PGPV_BIGNUM *b)
 {
 	int	res;
 
@@ -1333,13 +1338,13 @@ fast_modular_inverse(mp_int * a, mp_int * b, mp_int * c)
 
 top:
 	/* 4.  while u is even do */
-	while (BN_is_even(&u) == 1) {
+	while (PGPV_BN_is_even(&u) == 1) {
 		/* 4.1 u = u/2 */
 		if ((res = half(&u, &u)) != MP_OKAY) {
 			goto LBL_ERR;
 		}
 		/* 4.2 if B is odd then */
-		if (BN_is_odd(&B) == 1) {
+		if (PGPV_BN_is_odd(&B) == 1) {
 			if ((res = signed_subtract(&B, &x, &B)) != MP_OKAY) {
 				goto LBL_ERR;
 			}
@@ -1351,13 +1356,13 @@ top:
 	}
 
 	/* 5.  while v is even do */
-	while (BN_is_even(&v) == 1) {
+	while (PGPV_BN_is_even(&v) == 1) {
 		/* 5.1 v = v/2 */
 		if ((res = half(&v, &v)) != MP_OKAY) {
 			goto LBL_ERR;
 		}
 		/* 5.2 if D is odd then */
-		if (BN_is_odd(&D) == 1) {
+		if (PGPV_BN_is_odd(&D) == 1) {
 			/* D = (D-x)/2 */
 			if ((res = signed_subtract(&D, &x, &D)) != MP_OKAY) {
 				goto LBL_ERR;
@@ -1446,7 +1451,7 @@ slow_modular_inverse(mp_int * a, mp_int * b, mp_int * c)
 	}
 
 	/* 2. [modified] if x,y are both even then return an error! */
-	if (BN_is_even(&x) == 1 && BN_is_even(&y) == 1) {
+	if (PGPV_BN_is_even(&x) == 1 && PGPV_BN_is_even(&y) == 1) {
 		res = MP_VAL;
 		goto LBL_ERR;
 	}
@@ -1463,13 +1468,13 @@ slow_modular_inverse(mp_int * a, mp_int * b, mp_int * c)
 
 top:
 	/* 4.  while u is even do */
-	while (BN_is_even(&u) == 1) {
+	while (PGPV_BN_is_even(&u) == 1) {
 		/* 4.1 u = u/2 */
 		if ((res = half(&u, &u)) != MP_OKAY) {
 			goto LBL_ERR;
 		}
 		/* 4.2 if A or B is odd then */
-		if (BN_is_odd(&A) == 1 || BN_is_odd(&B) == 1) {
+		if (PGPV_BN_is_odd(&A) == 1 || PGPV_BN_is_odd(&B) == 1) {
 			/* A = (A+y)/2, B = (B-x)/2 */
 			if ((res = signed_add(&A, &y, &A)) != MP_OKAY) {
 				 goto LBL_ERR;
@@ -1488,13 +1493,13 @@ top:
 	}
 
 	/* 5.  while v is even do */
-	while (BN_is_even(&v) == 1) {
+	while (PGPV_BN_is_even(&v) == 1) {
 		/* 5.1 v = v/2 */
 		if ((res = half(&v, &v)) != MP_OKAY) {
 			goto LBL_ERR;
 		}
 		/* 5.2 if C or D is odd then */
-		if (BN_is_odd(&C) == 1 || BN_is_odd(&D) == 1) {
+		if (PGPV_BN_is_odd(&C) == 1 || PGPV_BN_is_odd(&D) == 1) {
 			/* C = (C+y)/2, D = (D-x)/2 */
 			if ((res = signed_add(&C, &y, &C)) != MP_OKAY) {
 				 goto LBL_ERR;
@@ -1542,7 +1547,7 @@ top:
 	}
 
 	/* if not zero goto step 4 */
-	if (BN_is_zero(&u) == 0) {
+	if (PGPV_BN_is_zero(&u) == 0) {
 		goto top;
 	}
 	/* now a = C, b = D, gcd == g*v */
@@ -1584,7 +1589,7 @@ modular_inverse(mp_int *c, mp_int *a, mp_int *b)
 	}
 
 	/* if the modulus is odd we can use a faster routine instead */
-	if (BN_is_odd(b) == 1) {
+	if (PGPV_BN_is_odd(b) == 1) {
 		return fast_modular_inverse(a, b, c);
 	}
 	return slow_modular_inverse(a, b, c);
@@ -4065,9 +4070,6 @@ fast_exponent_modulo(mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode
 	*/
 	int     (*redux)(mp_int*,mp_int*,mp_digit);
 
-#if defined(__minix)
-	mp = 0; /* LSC: Fix -Os compilation: -Werror=maybe-uninitialized */
-#endif /* defined(__minix) */
 	winsize = find_window_size(X);
 
 	/* init M array */
@@ -4354,7 +4356,7 @@ exponent_modulo(mp_int * G, mp_int * X, mp_int * P, mp_int *Y)
 	}
 
 	/* if the modulus is odd or diminished_radix, use the montgomery method */
-	if (BN_is_odd(P) == 1 || diminished_radix) {
+	if (PGPV_BN_is_odd(P) == 1 || diminished_radix) {
 		return fast_exponent_modulo(G, X, P, Y, diminished_radix);
 	}
 	/* otherwise use the generic Barrett reduction technique */
@@ -5022,7 +5024,7 @@ mp_toradix_n(mp_int * a, char *str, int radix, int maxlen)
 }
 
 static char *
-formatbn(const BIGNUM *a, const int radix)
+formatbn(const PGPV_BIGNUM *a, const int radix)
 {
 	char	*s;
 	int	 len;
@@ -5084,11 +5086,11 @@ mp_getradix_num(mp_int *a, int radix, char *s)
 }
 
 static int
-getbn(BIGNUM **a, const char *str, int radix)
+getbn(PGPV_BIGNUM **a, const char *str, int radix)
 {
 	int	len;
 
-	if (a == NULL || str == NULL || (*a = BN_new()) == NULL) {
+	if (a == NULL || str == NULL || (*a = PGPV_BN_new()) == NULL) {
 		return 0;
 	}
 	if (mp_getradix_num(*a, radix, __UNCONST(str)) != MP_OKAY) {
@@ -5119,32 +5121,120 @@ subtract_modulo(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
 	return res;
 }
 
+/* bn_mp_gcd.c */
+/* Greatest Common Divisor using the binary method */
+static int
+mp_gcd(mp_int *a, mp_int *b, mp_int *c)
+{
+	mp_int  u, v;
+	int     k, u_lsb, v_lsb, res;
+
+	/* either zero than gcd is the largest */
+	if (PGPV_BN_is_zero(a) == MP_YES) {
+		return absolute(b, c);
+	}
+	if (PGPV_BN_is_zero(b) == MP_YES) {
+		return absolute(a, c);
+	}
+
+	/* get copies of a and b we can modify */
+	if ((res = mp_init_copy(&u, a)) != MP_OKAY) {
+		return res;
+	}
+
+	if ((res = mp_init_copy(&v, b)) != MP_OKAY) {
+		goto LBL_U;
+	}
+
+	/* must be positive for the remainder of the algorithm */
+	u.sign = v.sign = MP_ZPOS;
+
+	/* B1.  Find the common power of two for u and v */
+	u_lsb = mp_cnt_lsb(&u);
+	v_lsb = mp_cnt_lsb(&v);
+	k = MIN(u_lsb, v_lsb);
+
+	if (k > 0) {
+		/* divide the power of two out */
+		if ((res = rshift_bits(&u, k, &u, NULL)) != MP_OKAY) {
+			goto LBL_V;
+		}
+
+		if ((res = rshift_bits(&v, k, &v, NULL)) != MP_OKAY) {
+			goto LBL_V;
+		}
+	}
+
+	/* divide any remaining factors of two out */
+	if (u_lsb != k) {
+		if ((res = rshift_bits(&u, u_lsb - k, &u, NULL)) != MP_OKAY) {
+			goto LBL_V;
+		}
+	}
+
+	if (v_lsb != k) {
+		if ((res = rshift_bits(&v, v_lsb - k, &v, NULL)) != MP_OKAY) {
+			goto LBL_V;
+		}
+	}
+
+	while (PGPV_BN_is_zero(&v) == 0) {
+		/* make sure v is the largest */
+		if (compare_magnitude(&u, &v) == MP_GT) {
+			/* swap u and v to make sure v is >= u */
+			mp_exch(&u, &v);
+		}
+
+		/* subtract smallest from largest */
+		if ((res = signed_subtract(&v, &u, &v)) != MP_OKAY) {
+			goto LBL_V;
+		}
+
+		/* Divide out all factors of two */
+		if ((res = rshift_bits(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
+			goto LBL_V;
+		} 
+	} 
+
+	/* multiply by 2**k which we divided out at the beginning */
+	if ((res = lshift_bits(&u, k, c)) != MP_OKAY) {
+		goto LBL_V;
+	}
+	c->sign = MP_ZPOS;
+	res = MP_OKAY;
+LBL_V:
+	mp_clear (&u);
+LBL_U:
+	mp_clear (&v);
+	return res;
+}
+
 /**************************************************************************/
 
-/* BIGNUM emulation layer */
+/* PGPV_BIGNUM emulation layer */
 
 /* essentiually, these are just wrappers around the libtommath functions */
 /* usually the order of args changes */
-/* the BIGNUM API tends to have more const poisoning */
+/* the PGPV_BIGNUM API tends to have more const poisoning */
 /* these wrappers also check the arguments passed for sanity */
 
-BIGNUM *
-BN_bin2bn(const uint8_t *data, int len, BIGNUM *ret)
+PGPV_BIGNUM *
+PGPV_BN_bin2bn(const uint8_t *data, int len, PGPV_BIGNUM *ret)
 {
 	if (data == NULL) {
-		return BN_new();
+		return PGPV_BN_new();
 	}
 	if (ret == NULL) {
-		ret = BN_new();
+		ret = PGPV_BN_new();
 	}
 	return (mp_read_unsigned_bin(ret, data, len) == MP_OKAY) ? ret : NULL;
 }
 
 /* store in unsigned [big endian] format */
 int
-BN_bn2bin(const BIGNUM *a, unsigned char *b)
+PGPV_BN_bn2bin(const PGPV_BIGNUM *a, unsigned char *b)
 {
-	BIGNUM	t;
+	PGPV_BIGNUM	t;
 	int    	x;
 
 	if (a == NULL || b == NULL) {
@@ -5153,7 +5243,7 @@ BN_bn2bin(const BIGNUM *a, unsigned char *b)
 	if (mp_init_copy (&t, __UNCONST(a)) != MP_OKAY) {
 		return -1;
 	}
-	for (x = 0; !BN_is_zero(&t) ; ) {
+	for (x = 0; !PGPV_BN_is_zero(&t) ; ) {
 		b[x++] = (unsigned char) (t.dp[0] & 0xff);
 		if (rshift_bits(&t, 8, &t, NULL) != MP_OKAY) {
 			mp_clear(&t);
@@ -5166,17 +5256,17 @@ BN_bn2bin(const BIGNUM *a, unsigned char *b)
 }
 
 void
-BN_init(BIGNUM *a)
+PGPV_BN_init(PGPV_BIGNUM *a)
 {
 	if (a != NULL) {
 		mp_init(a);
 	}
 }
 
-BIGNUM *
-BN_new(void)
+PGPV_BIGNUM *
+PGPV_BN_new(void)
 {
-	BIGNUM	*a;
+	PGPV_BIGNUM	*a;
 
 	if ((a = allocate(1, sizeof(*a))) != NULL) {
 		mp_init(a);
@@ -5186,7 +5276,7 @@ BN_new(void)
 
 /* copy, b = a */
 int
-BN_copy(BIGNUM *b, const BIGNUM *a)
+PGPV_BN_copy(PGPV_BIGNUM *b, const PGPV_BIGNUM *a)
 {
 	if (a == NULL || b == NULL) {
 		return MP_VAL;
@@ -5194,22 +5284,22 @@ BN_copy(BIGNUM *b, const BIGNUM *a)
 	return mp_copy(__UNCONST(a), b);
 }
 
-BIGNUM *
-BN_dup(const BIGNUM *a)
+PGPV_BIGNUM *
+PGPV_BN_dup(const PGPV_BIGNUM *a)
 {
-	BIGNUM	*ret;
+	PGPV_BIGNUM	*ret;
 
 	if (a == NULL) {
 		return NULL;
 	}
-	if ((ret = BN_new()) != NULL) {
-		BN_copy(ret, a);
+	if ((ret = PGPV_BN_new()) != NULL) {
+		PGPV_BN_copy(ret, a);
 	}
 	return ret;
 }
 
 void
-BN_swap(BIGNUM *a, BIGNUM *b)
+PGPV_BN_swap(PGPV_BIGNUM *a, PGPV_BIGNUM *b)
 {
 	if (a && b) {
 		mp_exch(a, b);
@@ -5217,47 +5307,47 @@ BN_swap(BIGNUM *a, BIGNUM *b)
 }
 
 int
-BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+PGPV_BN_lshift(PGPV_BIGNUM *r, const PGPV_BIGNUM *a, int n)
 {
 	if (r == NULL || a == NULL || n < 0) {
 		return 0;
 	}
-	BN_copy(r, a);
+	PGPV_BN_copy(r, a);
 	return lshift_digits(r, n) == MP_OKAY;
 }
 
 int
-BN_lshift1(BIGNUM *r, BIGNUM *a)
+PGPV_BN_lshift1(PGPV_BIGNUM *r, PGPV_BIGNUM *a)
 {
 	if (r == NULL || a == NULL) {
 		return 0;
 	}
-	BN_copy(r, a);
+	PGPV_BN_copy(r, a);
 	return lshift_digits(r, 1) == MP_OKAY;
 }
 
 int
-BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+PGPV_BN_rshift(PGPV_BIGNUM *r, const PGPV_BIGNUM *a, int n)
 {
 	if (r == NULL || a == NULL || n < 0) {
 		return MP_VAL;
 	}
-	BN_copy(r, a);
+	PGPV_BN_copy(r, a);
 	return rshift_digits(r, n) == MP_OKAY;
 }
 
 int
-BN_rshift1(BIGNUM *r, BIGNUM *a)
+PGPV_BN_rshift1(PGPV_BIGNUM *r, PGPV_BIGNUM *a)
 {
 	if (r == NULL || a == NULL) {
 		return 0;
 	}
-	BN_copy(r, a);
+	PGPV_BN_copy(r, a);
 	return rshift_digits(r, 1) == MP_OKAY;
 }
 
 int
-BN_set_word(BIGNUM *a, BN_ULONG w)
+PGPV_BN_set_word(PGPV_BIGNUM *a, PGPV_BN_ULONG w)
 {
 	if (a == NULL) {
 		return 0;
@@ -5267,7 +5357,7 @@ BN_set_word(BIGNUM *a, BN_ULONG w)
 }
 
 int
-BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+PGPV_BN_add(PGPV_BIGNUM *r, const PGPV_BIGNUM *a, const PGPV_BIGNUM *b)
 {
 	if (a == NULL || b == NULL || r == NULL) {
 		return 0;
@@ -5276,7 +5366,7 @@ BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 }
 
 int
-BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+PGPV_BN_sub(PGPV_BIGNUM *r, const PGPV_BIGNUM *a, const PGPV_BIGNUM *b)
 {
 	if (a == NULL || b == NULL || r == NULL) {
 		return 0;
@@ -5285,7 +5375,7 @@ BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 }
 
 int
-BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+PGPV_BN_mul(PGPV_BIGNUM *r, const PGPV_BIGNUM *a, const PGPV_BIGNUM *b, PGPV_BN_CTX *ctx)
 {
 	if (a == NULL || b == NULL || r == NULL) {
 		return 0;
@@ -5295,7 +5385,7 @@ BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 }
 
 int
-BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx)
+PGPV_BN_div(PGPV_BIGNUM *dv, PGPV_BIGNUM *rem, const PGPV_BIGNUM *a, const PGPV_BIGNUM *d, PGPV_BN_CTX *ctx)
 {
 	if ((dv == NULL && rem == NULL) || a == NULL || d == NULL) {
 		return 0;
@@ -5306,7 +5396,7 @@ BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, BN_CTX *ctx)
 
 /* perform a bit operation on the 2 bignums */
 int
-BN_bitop(BIGNUM *r, const BIGNUM *a, char op, const BIGNUM *b)
+PGPV_BN_bitop(PGPV_BIGNUM *r, const PGPV_BIGNUM *a, char op, const PGPV_BIGNUM *b)
 {
 	unsigned	ndigits;
 	mp_digit	ad;
@@ -5316,11 +5406,11 @@ BN_bitop(BIGNUM *r, const BIGNUM *a, char op, const BIGNUM *b)
 	if (a == NULL || b == NULL || r == NULL) {
 		return 0;
 	}
-	if (BN_cmp(__UNCONST(a), __UNCONST(b)) >= 0) {
-		BN_copy(r, a);
+	if (PGPV_BN_cmp(__UNCONST(a), __UNCONST(b)) >= 0) {
+		PGPV_BN_copy(r, a);
 		ndigits = a->used;
 	} else {
-		BN_copy(r, b);
+		PGPV_BN_copy(r, b);
 		ndigits = b->used;
 	}
 	for (i = 0 ; i < (int)ndigits ; i++) {
@@ -5344,7 +5434,16 @@ BN_bitop(BIGNUM *r, const BIGNUM *a, char op, const BIGNUM *b)
 }
 
 void
-BN_free(BIGNUM *a)
+PGPV_BN_free(PGPV_BIGNUM *a)
+{
+	if (a) {
+		mp_clear(a);
+		free(a);
+	}
+}
+
+void
+PGPV_BN_clear(PGPV_BIGNUM *a)
 {
 	if (a) {
 		mp_clear(a);
@@ -5352,23 +5451,14 @@ BN_free(BIGNUM *a)
 }
 
 void
-BN_clear(BIGNUM *a)
+PGPV_BN_clear_free(PGPV_BIGNUM *a)
 {
-	if (a) {
-		mp_clear(a);
-	}
-}
-
-void
-BN_clear_free(BIGNUM *a)
-{
-	if (a) {
-		mp_clear(a);
-	}
+	PGPV_BN_clear(a);
+	free(a);
 }
 
 int
-BN_num_bytes(const BIGNUM *a)
+PGPV_BN_num_bytes(const PGPV_BIGNUM *a)
 {
 	if (a == NULL) {
 		return MP_VAL;
@@ -5377,7 +5467,7 @@ BN_num_bytes(const BIGNUM *a)
 }
 
 int
-BN_num_bits(const BIGNUM *a)
+PGPV_BN_num_bits(const PGPV_BIGNUM *a)
 {
 	if (a == NULL) {
 		return 0;
@@ -5386,7 +5476,7 @@ BN_num_bits(const BIGNUM *a)
 }
 
 void
-BN_set_negative(BIGNUM *a, int n)
+PGPV_BN_set_negative(PGPV_BIGNUM *a, int n)
 {
 	if (a) {
 		a->sign = (n) ? MP_NEG : 0;
@@ -5394,7 +5484,7 @@ BN_set_negative(BIGNUM *a, int n)
 }
 
 int
-BN_cmp(BIGNUM *a, BIGNUM *b)
+PGPV_BN_cmp(PGPV_BIGNUM *a, PGPV_BIGNUM *b)
 {
 	if (a == NULL || b == NULL) {
 		return MP_VAL;
@@ -5411,7 +5501,7 @@ BN_cmp(BIGNUM *a, BIGNUM *b)
 }
 
 int
-BN_mod_exp(BIGNUM *Y, BIGNUM *G, BIGNUM *X, BIGNUM *P, BN_CTX *ctx)
+PGPV_BN_mod_exp(PGPV_BIGNUM *Y, PGPV_BIGNUM *G, PGPV_BIGNUM *X, PGPV_BIGNUM *P, PGPV_BN_CTX *ctx)
 {
 	if (Y == NULL || G == NULL || X == NULL || P == NULL) {
 		return MP_VAL;
@@ -5420,8 +5510,8 @@ BN_mod_exp(BIGNUM *Y, BIGNUM *G, BIGNUM *X, BIGNUM *P, BN_CTX *ctx)
 	return exponent_modulo(G, X, P, Y) == MP_OKAY;
 }
 
-BIGNUM *
-BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+PGPV_BIGNUM *
+PGPV_BN_mod_inverse(PGPV_BIGNUM *r, PGPV_BIGNUM *a, const PGPV_BIGNUM *n, PGPV_BN_CTX *ctx)
 {
 	USE_ARG(ctx);
 	if (r == NULL || a == NULL || n == NULL) {
@@ -5431,7 +5521,7 @@ BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 }
 
 int
-BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+PGPV_BN_mod_mul(PGPV_BIGNUM *ret, PGPV_BIGNUM *a, PGPV_BIGNUM *b, const PGPV_BIGNUM *m, PGPV_BN_CTX *ctx)
 {
 	USE_ARG(ctx);
 	if (ret == NULL || a == NULL || b == NULL || m == NULL) {
@@ -5440,14 +5530,14 @@ BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
 	return multiply_modulo(ret, a, b, __UNCONST(m)) == MP_OKAY;
 }
 
-BN_CTX *
-BN_CTX_new(void)
+PGPV_BN_CTX *
+PGPV_BN_CTX_new(void)
 {
-	return allocate(1, sizeof(BN_CTX));
+	return allocate(1, sizeof(PGPV_BN_CTX));
 }
 
 void
-BN_CTX_init(BN_CTX *c)
+PGPV_BN_CTX_init(PGPV_BN_CTX *c)
 {
 	if (c != NULL) {
 		c->arraysize = 15;
@@ -5457,61 +5547,61 @@ BN_CTX_init(BN_CTX *c)
 	}
 }
 
-BIGNUM *
-BN_CTX_get(BN_CTX *ctx)
+PGPV_BIGNUM *
+PGPV_BN_CTX_get(PGPV_BN_CTX *ctx)
 {
 	if (ctx == NULL || ctx->v == NULL || ctx->arraysize == 0 || ctx->count == ctx->arraysize - 1) {
 		return NULL;
 	}
-	return ctx->v[ctx->count++] = BN_new();
+	return ctx->v[ctx->count++] = PGPV_BN_new();
 }
 
 void
-BN_CTX_start(BN_CTX *ctx)
+PGPV_BN_CTX_start(PGPV_BN_CTX *ctx)
 {
-	BN_CTX_init(ctx);
+	PGPV_BN_CTX_init(ctx);
 }
 
 void
-BN_CTX_free(BN_CTX *c)
+PGPV_BN_CTX_free(PGPV_BN_CTX *c)
 {
 	unsigned	i;
 
 	if (c != NULL && c->v != NULL) {
 		for (i = 0 ; i < c->count ; i++) {
-			BN_clear_free(c->v[i]);
+			PGPV_BN_clear_free(c->v[i]);
 		}
 		deallocate(c->v, sizeof(*c->v) * c->arraysize);
 	}
 }
 
 void
-BN_CTX_end(BN_CTX *ctx)
+PGPV_BN_CTX_end(PGPV_BN_CTX *ctx)
 {
-	BN_CTX_free(ctx);
+	PGPV_BN_CTX_free(ctx);
 }
 
 char *
-BN_bn2hex(const BIGNUM *a)
+PGPV_BN_bn2hex(const PGPV_BIGNUM *a)
 {
 	return (a == NULL) ? NULL : formatbn(a, 16);
 }
 
 char *
-BN_bn2dec(const BIGNUM *a)
+PGPV_BN_bn2dec(const PGPV_BIGNUM *a)
 {
 	return (a == NULL) ? NULL : formatbn(a, 10);
 }
 
 char *
-BN_bn2radix(const BIGNUM *a, unsigned radix)
+PGPV_BN_bn2radix(const PGPV_BIGNUM *a, unsigned radix)
 {
 	return (a == NULL) ? NULL : formatbn(a, (int)radix);
 }
 
 #ifndef _KERNEL
 int
-BN_print_fp(FILE *fp, const BIGNUM *a)
+PGPV_BN_print_fp(FILE *fp, const PGPV_BIGNUM *a)
 {
 	char	*s;
 	int	 ret;
@@ -5519,16 +5609,16 @@ BN_print_fp(FILE *fp, const BIGNUM *a)
 	if (fp == NULL || a == NULL) {
 		return 0;
 	}
-	s = BN_bn2hex(a);
+	s = PGPV_BN_bn2hex(a);
 	ret = fprintf(fp, "%s", s);
 	deallocate(s, strlen(s) + 1);
 	return ret;
 }
 #endif
 
-#ifdef BN_RAND_NEEDED
+#ifdef PGPV_BN_RAND_NEEDED
 int
-BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+PGPV_BN_rand(PGPV_BIGNUM *rnd, int bits, int top, int bottom)
 {
 	uint64_t	r;
 	int		digits;
@@ -5543,6 +5633,7 @@ BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 		r <<= 32;
 		r |= arc4random();
 		rnd->dp[i] = (r & MP_MASK);
+		rnd->used += 1;
 	}
 	if (top == 0) {
 		rnd->dp[rnd->used - 1] |= (((mp_digit)1)<<((mp_digit)DIGIT_BIT));
@@ -5558,18 +5649,18 @@ BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 }
 
 int
-BN_rand_range(BIGNUM *rnd, BIGNUM *range)
+PGPV_BN_rand_range(PGPV_BIGNUM *rnd, PGPV_BIGNUM *range)
 {
-	if (rnd == NULL || range == NULL || BN_is_zero(range)) {
+	if (rnd == NULL || range == NULL || PGPV_BN_is_zero(range)) {
 		return 0;
 	}
-	BN_rand(rnd, BN_num_bits(range), 1, 0);
+	PGPV_BN_rand(rnd, PGPV_BN_num_bits(range), 1, 0);
 	return modulo(rnd, range, rnd) == MP_OKAY;
 }
 #endif
 
 int
-BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg)
+PGPV_BN_is_prime(const PGPV_BIGNUM *a, int checks, void (*callback)(int, int, void *), PGPV_BN_CTX *ctx, void *cb_arg)
 {
 	int	primality;
 
@@ -5582,35 +5673,35 @@ BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_
 	return (mp_prime_is_prime(__UNCONST(a), checks, &primality) == MP_OKAY) ? primality : 0; 
 }
 
-const BIGNUM *
-BN_value_one(void)
+const PGPV_BIGNUM *
+PGPV_BN_value_one(void)
 {
 	static mp_digit		digit = 1UL;
-	static const BIGNUM	one = { &digit, 1, 1, 0 };
+	static const PGPV_BIGNUM	one = { &digit, 1, 1, 0 };
 
 	return &one;
 }
 
 int
-BN_hex2bn(BIGNUM **a, const char *str)
+PGPV_BN_hex2bn(PGPV_BIGNUM **a, const char *str)
 {
 	return getbn(a, str, 16);
 }
 
 int
-BN_dec2bn(BIGNUM **a, const char *str)
+PGPV_BN_dec2bn(PGPV_BIGNUM **a, const char *str)
 {
 	return getbn(a, str, 10);
 }
 
 int
-BN_radix2bn(BIGNUM **a, const char *str, unsigned radix)
+PGPV_BN_radix2bn(PGPV_BIGNUM **a, const char *str, unsigned radix)
 {
 	return getbn(a, str, (int)radix);
 }
 
 int
-BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+PGPV_BN_mod_sub(PGPV_BIGNUM *r, PGPV_BIGNUM *a, PGPV_BIGNUM *b, const PGPV_BIGNUM *m, PGPV_BN_CTX *ctx)
 {
 	USE_ARG(ctx);
 	if (r == NULL || a == NULL || b == NULL || m == NULL) {
@@ -5620,7 +5711,7 @@ BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
 }
 
 int
-BN_is_bit_set(const BIGNUM *a, int n)
+PGPV_BN_is_bit_set(const PGPV_BIGNUM *a, int n)
 {
 	if (a == NULL || n < 0 || n >= a->used * DIGIT_BIT) {
 		return 0;
@@ -5630,52 +5721,59 @@ BN_is_bit_set(const BIGNUM *a, int n)
 
 /* raise 'a' to power of 'b' */
 int
-BN_raise(BIGNUM *res, BIGNUM *a, BIGNUM *b)
+PGPV_BN_raise(PGPV_BIGNUM *res, PGPV_BIGNUM *a, PGPV_BIGNUM *b)
 {
 	uint64_t	 exponent;
-	BIGNUM		*power;
-	BIGNUM		*temp;
+	PGPV_BIGNUM		*power;
+	PGPV_BIGNUM		*temp;
 	char		*t;
 
-	t = BN_bn2dec(b);
+	t = PGPV_BN_bn2dec(b);
 	exponent = (uint64_t)strtoull(t, NULL, 10);
 	free(t);
 	if (exponent == 0) {
-		BN_copy(res, BN_value_one());
+		PGPV_BN_copy(res, PGPV_BN_value_one());
 	} else {
-		power = BN_dup(a);
+		power = PGPV_BN_dup(a);
 		for ( ; (exponent & 1) == 0 ; exponent >>= 1) {
-			BN_mul(power, power, power, NULL);
+			PGPV_BN_mul(power, power, power, NULL);
 		}
-		temp = BN_dup(power);
+		temp = PGPV_BN_dup(power);
 		for (exponent >>= 1 ; exponent > 0 ; exponent >>= 1) {
-			BN_mul(power, power, power, NULL);
+			PGPV_BN_mul(power, power, power, NULL);
 			if (exponent & 1) {
-				BN_mul(temp, power, temp, NULL);
+				PGPV_BN_mul(temp, power, temp, NULL);
 			}
 		}
-		BN_copy(res, temp);
-		BN_free(power);
-		BN_free(temp);
+		PGPV_BN_copy(res, temp);
+		PGPV_BN_free(power);
+		PGPV_BN_free(temp);
 	}
 	return 1;
 }
 
 /* compute the factorial */
 int
-BN_factorial(BIGNUM *res, BIGNUM *f)
+PGPV_BN_factorial(PGPV_BIGNUM *res, PGPV_BIGNUM *f)
 {
-	BIGNUM	*one;
-	BIGNUM	*i;
+	PGPV_BIGNUM	*one;
+	PGPV_BIGNUM	*i;
 
-	i = BN_dup(f);
-	one = __UNCONST(BN_value_one());
-	BN_sub(i, i, one);
-	BN_copy(res, f);
-	while (BN_cmp(i, one) > 0) {
-		BN_mul(res, res, i, NULL);
-		BN_sub(i, i, one);
+	i = PGPV_BN_dup(f);
+	one = __UNCONST(PGPV_BN_value_one());
+	PGPV_BN_sub(i, i, one);
+	PGPV_BN_copy(res, f);
+	while (PGPV_BN_cmp(i, one) > 0) {
+		PGPV_BN_mul(res, res, i, NULL);
+		PGPV_BN_sub(i, i, one);
 	}
-	BN_free(i);
+	PGPV_BN_free(i);
 	return 1;
 }
+
+/* get greatest common divisor */
+int
+PGPV_BN_gcd(PGPV_BIGNUM *r, PGPV_BIGNUM *a, PGPV_BIGNUM *b, PGPV_BN_CTX *ctx)
+{
+	return mp_gcd(a, b, r);
+}
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bn.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bn.h
index c4e772f58..a9933bdd9 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bn.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bn.h
@@ -44,6 +44,66 @@
 
 __BEGIN_DECLS
 
+#ifdef	USE_BN_INTERFACE
+#define	BIGNUM		PGPV_BIGNUM
+#define	BN_ULONG	PGPV_BN_ULONG
+#define	BN_CTX		PGPV_BN_CTX
+#define BN_is_negative	PGPV_BN_is_negative
+#define BN_is_zero	PGPV_BN_is_zero
+#define BN_is_odd	PGPV_BN_is_odd
+#define BN_is_even	PGPV_BN_is_even
+#define BN_new		PGPV_BN_new
+#define BN_dup		PGPV_BN_dup
+#define BN_copy		PGPV_BN_copy
+#define BN_init		PGPV_BN_init
+#define BN_free		PGPV_BN_free
+#define BN_clear	PGPV_BN_clear
+#define BN_clear_free	PGPV_BN_clear_free
+#define BN_cmp		PGPV_BN_cmp
+#define BN_bn2bin	PGPV_BN_bn2bin
+#define BN_bn2hex	PGPV_BN_bn2hex
+#define BN_bn2dec	PGPV_BN_bn2dec
+#define BN_bn2radix	PGPV_BN_bn2radix
+#define BN_hex2bn	PGPV_BN_hex2bn
+#define BN_dec2bn	PGPV_BN_dec2bn
+#define BN_radix2bn	PGPV_BN_radix2bn
+#ifndef _KERNEL
+#define BN_print_fp	PGPV_BN_print_fp
+#endif
+#define BN_add		PGPV_BN_add
+#define BN_sub		PGPV_BN_sub
+#define BN_mul		PGPV_BN_mul
+#define BN_div		PGPV_BN_div
+#define BN_swap		PGPV_BN_swap
+#define BN_bitop	PGPV_BN_bitop
+#define BN_lshift	PGPV_BN_lshift
+#define BN_lshift1	PGPV_BN_lshift1
+#define BN_rshift	PGPV_BN_rshift
+#define BN_rshift1	PGPV_BN_rshift1
+#define BN_set_word	PGPV_BN_set_word
+#define BN_set_negative	PGPV_BN_set_negative
+#define BN_num_bytes	PGPV_BN_num_bytes
+#define BN_num_bits	PGPV_BN_num_bits
+#define BN_mod_exp	PGPV_BN_mod_exp
+#define BN_mod_inverse	PGPV_BN_mod_inverse
+#define BN_mod_mul	PGPV_BN_mod_mul
+#define BN_mod_sub	PGPV_BN_mod_sub
+#define BN_raise	PGPV_BN_raise
+#define BN_factorial	PGPV_BN_factorial
+#define BN_CTX_new	PGPV_BN_CTX_new
+#define BN_CTX_get	PGPV_BN_CTX_get
+#define BN_CTX_start	PGPV_BN_CTX_start
+#define BN_CTX_end	PGPV_BN_CTX_end
+#define BN_CTX_init	PGPV_BN_CTX_init
+#define BN_CTX_free	PGPV_BN_CTX_free
+#define BN_rand		PGPV_BN_rand
+#define BN_rand_range	PGPV_BN_rand_range
+#define BN_is_prime	PGPV_BN_is_prime
+#define BN_value_one	PGPV_BN_value_one
+#define BN_is_bit_set	PGPV_BN_is_bit_set
+#define BN_gcd		PGPV_BN_gcd
+#endif /* USE_BN_INTERFACE */
+
 /* should be 32bit on ILP32, 64bit on LP64 */
 typedef unsigned long	mp_digit;
 typedef uint64_t	mp_word;
@@ -56,15 +116,15 @@ typedef struct mp_int {
 	int		 sign;	/* non-zero if negative */
 } mp_int;
 
-#define BIGNUM		mp_int
-#define BN_ULONG	mp_digit
+#define PGPV_BIGNUM		mp_int
+#define PGPV_BN_ULONG	mp_digit
 
 /* a "context" of mp integers - never really used */
 typedef struct bn_ctx_t {
 	size_t	  count;
 	size_t	  arraysize;
-	BIGNUM	**v;
-} BN_CTX;
+	PGPV_BIGNUM	**v;
+} PGPV_BN_CTX;
 
 #define MP_LT		-1
 #define MP_EQ		0
@@ -80,72 +140,74 @@ typedef struct bn_ctx_t {
 
 /*********************************/
 
-#define BN_is_negative(x)	((x)->sign == MP_NEG)
-#define BN_is_zero(a) 		(((a)->used == 0) ? 1 : 0)
-#define BN_is_odd(a)  		(((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? 1 : 0)
-#define BN_is_even(a) 		(((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? 1 : 0)
+#define PGPV_BN_is_negative(x)	((x)->sign == MP_NEG)
+#define PGPV_BN_is_zero(a) 		(((a)->used == 0) ? 1 : 0)
+#define PGPV_BN_is_odd(a)  		(((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? 1 : 0)
+#define PGPV_BN_is_even(a) 		(((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? 1 : 0)
 
-BIGNUM *BN_new(void);
-BIGNUM *BN_dup(const BIGNUM */*a*/);
-int BN_copy(BIGNUM */*b*/, const BIGNUM */*a*/);
+PGPV_BIGNUM *PGPV_BN_new(void);
+PGPV_BIGNUM *PGPV_BN_dup(const PGPV_BIGNUM */*a*/);
+int PGPV_BN_copy(PGPV_BIGNUM */*b*/, const PGPV_BIGNUM */*a*/);
 
-void BN_init(BIGNUM */*a*/);
-void BN_free(BIGNUM */*a*/);
-void BN_clear(BIGNUM */*a*/);
-void BN_clear_free(BIGNUM */*a*/);
+void PGPV_BN_init(PGPV_BIGNUM */*a*/);
+void PGPV_BN_free(PGPV_BIGNUM */*a*/);
+void PGPV_BN_clear(PGPV_BIGNUM */*a*/);
+void PGPV_BN_clear_free(PGPV_BIGNUM */*a*/);
 
-int BN_cmp(BIGNUM */*a*/, BIGNUM */*b*/);
+int PGPV_BN_cmp(PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*b*/);
 
-BIGNUM *BN_bin2bn(const uint8_t */*buf*/, int /*size*/, BIGNUM */*bn*/);
-int BN_bn2bin(const BIGNUM */*a*/, unsigned char */*b*/);
-char *BN_bn2hex(const BIGNUM */*a*/);
-char *BN_bn2dec(const BIGNUM */*a*/);
-char *BN_bn2radix(const BIGNUM */*a*/, unsigned /*radix*/);
-int BN_hex2bn(BIGNUM **/*a*/, const char */*str*/);
-int BN_dec2bn(BIGNUM **/*a*/, const char */*str*/);
-int BN_radix2bn(BIGNUM **/*a*/, const char */*str*/, unsigned /*radix*/);
+PGPV_BIGNUM *PGPV_BN_bin2bn(const uint8_t */*buf*/, int /*size*/, PGPV_BIGNUM */*bn*/);
+int PGPV_BN_bn2bin(const PGPV_BIGNUM */*a*/, unsigned char */*b*/);
+char *PGPV_BN_bn2hex(const PGPV_BIGNUM */*a*/);
+char *PGPV_BN_bn2dec(const PGPV_BIGNUM */*a*/);
+char *PGPV_BN_bn2radix(const PGPV_BIGNUM */*a*/, unsigned /*radix*/);
+int PGPV_BN_hex2bn(PGPV_BIGNUM **/*a*/, const char */*str*/);
+int PGPV_BN_dec2bn(PGPV_BIGNUM **/*a*/, const char */*str*/);
+int PGPV_BN_radix2bn(PGPV_BIGNUM **/*a*/, const char */*str*/, unsigned /*radix*/);
 #ifndef _KERNEL
-int BN_print_fp(FILE */*fp*/, const BIGNUM */*a*/);
+int PGPV_BN_print_fp(FILE */*fp*/, const PGPV_BIGNUM */*a*/);
 #endif
 
-int BN_add(BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/);
-int BN_sub(BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/);
-int BN_mul(BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/, BN_CTX */*ctx*/);
-int BN_div(BIGNUM */*q*/, BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/, BN_CTX */*ctx*/);
-void BN_swap(BIGNUM */*a*/, BIGNUM */*b*/);
-int BN_bitop(BIGNUM */*r*/, const BIGNUM */*a*/, char /*op*/, const BIGNUM */*b*/);
-int BN_lshift(BIGNUM */*r*/, const BIGNUM */*a*/, int /*n*/);
-int BN_lshift1(BIGNUM */*r*/, BIGNUM */*a*/);
-int BN_rshift(BIGNUM */*r*/, const BIGNUM */*a*/, int /*n*/);
-int BN_rshift1(BIGNUM */*r*/, BIGNUM */*a*/);
-int BN_set_word(BIGNUM */*a*/, BN_ULONG /*w*/);
-void BN_set_negative(BIGNUM */*a*/, int /*n*/);
+int PGPV_BN_add(PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, const PGPV_BIGNUM */*b*/);
+int PGPV_BN_sub(PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, const PGPV_BIGNUM */*b*/);
+int PGPV_BN_mul(PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, const PGPV_BIGNUM */*b*/, PGPV_BN_CTX */*ctx*/);
+int PGPV_BN_div(PGPV_BIGNUM */*q*/, PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, const PGPV_BIGNUM */*b*/, PGPV_BN_CTX */*ctx*/);
+void PGPV_BN_swap(PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*b*/);
+int PGPV_BN_bitop(PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, char /*op*/, const PGPV_BIGNUM */*b*/);
+int PGPV_BN_lshift(PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, int /*n*/);
+int PGPV_BN_lshift1(PGPV_BIGNUM */*r*/, PGPV_BIGNUM */*a*/);
+int PGPV_BN_rshift(PGPV_BIGNUM */*r*/, const PGPV_BIGNUM */*a*/, int /*n*/);
+int PGPV_BN_rshift1(PGPV_BIGNUM */*r*/, PGPV_BIGNUM */*a*/);
+int PGPV_BN_set_word(PGPV_BIGNUM */*a*/, PGPV_BN_ULONG /*w*/);
+void PGPV_BN_set_negative(PGPV_BIGNUM */*a*/, int /*n*/);
 
-int BN_num_bytes(const BIGNUM */*a*/);
-int BN_num_bits(const BIGNUM */*a*/);
+int PGPV_BN_num_bytes(const PGPV_BIGNUM */*a*/);
+int PGPV_BN_num_bits(const PGPV_BIGNUM */*a*/);
 
-int BN_mod_exp(BIGNUM */*r*/, BIGNUM */*a*/, BIGNUM */*p*/, BIGNUM */*m*/, BN_CTX */*ctx*/);
-BIGNUM *BN_mod_inverse(BIGNUM */*ret*/, BIGNUM */*a*/, const BIGNUM */*n*/, BN_CTX */*ctx*/);
-int BN_mod_mul(BIGNUM */*ret*/, BIGNUM */*a*/, BIGNUM */*b*/, const BIGNUM */*m*/, BN_CTX */*ctx*/);
-int BN_mod_sub(BIGNUM */*r*/, BIGNUM */*a*/, BIGNUM */*b*/, const BIGNUM */*m*/, BN_CTX */*ctx*/);
+int PGPV_BN_mod_exp(PGPV_BIGNUM */*r*/, PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*p*/, PGPV_BIGNUM */*m*/, PGPV_BN_CTX */*ctx*/);
+PGPV_BIGNUM *PGPV_BN_mod_inverse(PGPV_BIGNUM */*ret*/, PGPV_BIGNUM */*a*/, const PGPV_BIGNUM */*n*/, PGPV_BN_CTX */*ctx*/);
+int PGPV_BN_mod_mul(PGPV_BIGNUM */*ret*/, PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*b*/, const PGPV_BIGNUM */*m*/, PGPV_BN_CTX */*ctx*/);
+int PGPV_BN_mod_sub(PGPV_BIGNUM */*r*/, PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*b*/, const PGPV_BIGNUM */*m*/, PGPV_BN_CTX */*ctx*/);
 
-int BN_raise(BIGNUM */*res*/, BIGNUM */*a*/, BIGNUM */*b*/);
-int BN_factorial(BIGNUM */*fact*/, BIGNUM */*f*/);
+int PGPV_BN_raise(PGPV_BIGNUM */*res*/, PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*b*/);
+int PGPV_BN_factorial(PGPV_BIGNUM */*fact*/, PGPV_BIGNUM */*f*/);
 
-BN_CTX *BN_CTX_new(void);
-BIGNUM *BN_CTX_get(BN_CTX */*ctx*/);
-void BN_CTX_start(BN_CTX */*ctx*/);
-void BN_CTX_end(BN_CTX */*ctx*/);
-void BN_CTX_init(BN_CTX */*c*/);
-void BN_CTX_free(BN_CTX */*c*/);
+PGPV_BN_CTX *PGPV_BN_CTX_new(void);
+PGPV_BIGNUM *PGPV_BN_CTX_get(PGPV_BN_CTX */*ctx*/);
+void PGPV_BN_CTX_start(PGPV_BN_CTX */*ctx*/);
+void PGPV_BN_CTX_end(PGPV_BN_CTX */*ctx*/);
+void PGPV_BN_CTX_init(PGPV_BN_CTX */*c*/);
+void PGPV_BN_CTX_free(PGPV_BN_CTX */*c*/);
 
-int BN_rand(BIGNUM */*rnd*/, int /*bits*/, int /*top*/, int /*bottom*/);
-int BN_rand_range(BIGNUM */*rnd*/, BIGNUM */*range*/);
+int PGPV_BN_rand(PGPV_BIGNUM */*rnd*/, int /*bits*/, int /*top*/, int /*bottom*/);
+int PGPV_BN_rand_range(PGPV_BIGNUM */*rnd*/, PGPV_BIGNUM */*range*/);
 
-int BN_is_prime(const BIGNUM */*a*/, int /*checks*/, void (*callback)(int, int, void *), BN_CTX */*ctx*/, void */*cb_arg*/);
+int PGPV_BN_is_prime(const PGPV_BIGNUM */*a*/, int /*checks*/, void (*callback)(int, int, void *), PGPV_BN_CTX */*ctx*/, void */*cb_arg*/);
 
-const BIGNUM *BN_value_one(void);
-int BN_is_bit_set(const BIGNUM */*a*/, int /*n*/);
+const PGPV_BIGNUM *PGPV_BN_value_one(void);
+int PGPV_BN_is_bit_set(const PGPV_BIGNUM */*a*/, int /*n*/);
+
+int PGPV_BN_gcd(PGPV_BIGNUM */*r*/, PGPV_BIGNUM */*a*/, PGPV_BIGNUM */*b*/, PGPV_BN_CTX */*ctx*/);
 
 __END_DECLS
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bzlib.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bzlib.c
index de0917a60..7cccffe35 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/bzlib.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/bzlib.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $	*/
+/*	$NetBSD: bzlib.c,v 1.4 2016/06/14 20:47:08 agc Exp $	*/
 
 
 /*-------------------------------------------------------------*/
@@ -35,7 +35,11 @@
 #include "bzlib_private.h"
 
 
-/*	$NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $	*/
+#ifndef USE_ARG
+#define	USE_ARG(x)	/*LINTED*/(void)&(x)
+#endif
+
+/*	$NetBSD: bzlib.c,v 1.4 2016/06/14 20:47:08 agc Exp $	*/
 
 
 /*-------------------------------------------------------------*/
@@ -1082,7 +1086,7 @@ const char * BZ_API(BZ2_bzerror) (BZFILE *b, int *errnum)
 /*-------------------------------------------------------------*/
 /*--- end                                           bzlib.c ---*/
 /*-------------------------------------------------------------*/
-/*	$NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $	*/
+/*	$NetBSD: bzlib.c,v 1.4 2016/06/14 20:47:08 agc Exp $	*/
 
 
 /*-------------------------------------------------------------*/
@@ -1728,7 +1732,7 @@ Int32 BZ2_decompress ( DState* s )
 /*-------------------------------------------------------------*/
 /*--- end                                      decompress.c ---*/
 /*-------------------------------------------------------------*/
-/*	$NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $	*/
+/*	$NetBSD: bzlib.c,v 1.4 2016/06/14 20:47:08 agc Exp $	*/
 
 
 /*-------------------------------------------------------------*/
@@ -1832,7 +1836,7 @@ UInt32 BZ2_crc32Table[256] = {
 /*-------------------------------------------------------------*/
 /*--- end                                        crctable.c ---*/
 /*-------------------------------------------------------------*/
-/*	$NetBSD: bzlib.c,v 1.3 2015/02/05 01:26:54 agc Exp $	*/
+/*	$NetBSD: bzlib.c,v 1.4 2016/06/14 20:47:08 agc Exp $	*/
 
 
 /*-------------------------------------------------------------*/
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c
index 6f0468bb1..3702bbde6 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.c
@@ -27,7 +27,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/param.h>
-#include <sys/syslog.h>
 
 #include <arpa/inet.h>
 #include <ctype.h>
@@ -46,6 +45,10 @@
 
 #include "digest.h"
 
+#ifndef USE_ARG
+#define	USE_ARG(x)	/*LINTED*/(void)&(x)
+#endif
+
 static uint8_t prefix_md5[] = {
 	0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86,
 	0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
@@ -61,12 +64,6 @@ static uint8_t prefix_sha256[] = {
 	0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
 };
 
-static uint64_t	prefix_tiger[] = {
-	0x0123456789ABCDEFLL,
-	0xFEDCBA9876543210LL,
-	0xF096A5B4C3B2E187LL
-};
-
 static uint8_t prefix_rmd160[] = {
 	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24,
 	0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14
@@ -96,9 +93,6 @@ digest_alg_size(unsigned alg)
 		return 32;
 	case SHA512_HASH_ALG:
 		return 64;
-	case TIGER_HASH_ALG:
-	case TIGER2_HASH_ALG:
-		return TIGER_DIGEST_LENGTH;
 	default:
 		printf("hash_any: bad algorithm\n");
 		return 0;
@@ -114,54 +108,40 @@ digest_init(digest_t *hash, const uint32_t hashalg)
 	}
 	switch(hash->alg = hashalg) {
 	case MD5_HASH_ALG:
-		MD5Init(&hash->u.md5ctx);
+		netpgpv_MD5Init(&hash->u.md5ctx);
 		hash->size = 16;
 		hash->prefix = prefix_md5;
 		hash->len = sizeof(prefix_md5);
 		hash->ctx = &hash->u.md5ctx;
 		return 1;
 	case SHA1_HASH_ALG:
-		SHA1Init(&hash->u.sha1ctx);
+		netpgpv_SHA1Init(&hash->u.sha1ctx);
 		hash->size = 20;
 		hash->prefix = prefix_sha1;
 		hash->len = sizeof(prefix_sha1);
 		hash->ctx = &hash->u.sha1ctx;
 		return 1;
 	case RIPEMD_HASH_ALG:
-		RMD160Init(&hash->u.rmd160ctx);
+		netpgpv_RMD160Init(&hash->u.rmd160ctx);
 		hash->size = 20;
 		hash->prefix = prefix_rmd160;
 		hash->len = sizeof(prefix_rmd160);
 		hash->ctx = &hash->u.rmd160ctx;
 		return 1;
 	case SHA256_HASH_ALG:
-		SHA256_Init(&hash->u.sha256ctx);
+		netpgpv_SHA256_Init(&hash->u.sha256ctx);
 		hash->size = 32;
 		hash->prefix = prefix_sha256;
 		hash->len = sizeof(prefix_sha256);
 		hash->ctx = &hash->u.sha256ctx;
 		return 1;
 	case SHA512_HASH_ALG:
-		SHA512_Init(&hash->u.sha512ctx);
+		netpgpv_SHA512_Init(&hash->u.sha512ctx);
 		hash->size = 64;
 		hash->prefix = prefix_sha512;
 		hash->len = sizeof(prefix_sha512);
 		hash->ctx = &hash->u.sha512ctx;
 		return 1;
-	case TIGER_HASH_ALG:
-		TIGER_Init(&hash->u.tigerctx);
-		hash->size = TIGER_DIGEST_LENGTH;
-		hash->prefix = prefix_tiger;
-		hash->len = sizeof(prefix_tiger);
-		hash->ctx = &hash->u.tigerctx;
-		return 1;
-	case TIGER2_HASH_ALG:
-		TIGER2_Init(&hash->u.tigerctx);
-		hash->size = TIGER_DIGEST_LENGTH;
-		hash->prefix = prefix_tiger;
-		hash->len = sizeof(prefix_tiger);
-		hash->ctx = &hash->u.tigerctx;
-		return 1;
 	default:
 		printf("hash_any: bad algorithm\n");
 		return 0;
@@ -179,8 +159,6 @@ static rec_t	hashalgs[] = {
 	{	"ripemd",	RIPEMD_HASH_ALG	},
 	{	"sha256",	SHA256_HASH_ALG	},
 	{	"sha512",	SHA512_HASH_ALG	},
-	{	"tiger",	TIGER_HASH_ALG	},
-	{	"tiger2",	TIGER2_HASH_ALG	},
 	{	NULL,		0		}
 };
 
@@ -206,23 +184,19 @@ digest_update(digest_t *hash, const uint8_t *data, size_t length)
 	}
 	switch(hash->alg) {
 	case MD5_HASH_ALG:
-		MD5Update(hash->ctx, data, (unsigned)length);
+		netpgpv_MD5Update(hash->ctx, data, (unsigned)length);
 		return 1;
 	case SHA1_HASH_ALG:
-		SHA1Update(hash->ctx, data, (unsigned)length);
+		netpgpv_SHA1Update(hash->ctx, data, (unsigned)length);
 		return 1;
 	case RIPEMD_HASH_ALG:
-		RMD160Update(hash->ctx, data, (unsigned)length);
+		netpgpv_RMD160Update(hash->ctx, data, (unsigned)length);
 		return 1;
 	case SHA256_HASH_ALG:
-		SHA256_Update(hash->ctx, data, length);
+		netpgpv_SHA256_Update(hash->ctx, data, length);
 		return 1;
 	case SHA512_HASH_ALG:
-		SHA512_Update(hash->ctx, data, length);
-		return 1;
-	case TIGER_HASH_ALG:
-	case TIGER2_HASH_ALG:
-		TIGER_Update(hash->ctx, data, length);
+		netpgpv_SHA512_Update(hash->ctx, data, length);
 		return 1;
 	default:
 		printf("hash_any: bad algorithm\n");
@@ -238,22 +212,19 @@ digest_final(uint8_t *out, digest_t *hash)
 	}
 	switch(hash->alg) {
 	case MD5_HASH_ALG:
-		MD5Final(out, hash->ctx);
+		netpgpv_MD5Final(out, hash->ctx);
 		break;
 	case SHA1_HASH_ALG:
-		SHA1Final(out, hash->ctx);
+		netpgpv_SHA1Final(out, hash->ctx);
 		break;
 	case RIPEMD_HASH_ALG:
-		RMD160Final(out, hash->ctx);
+		netpgpv_RMD160Final(out, hash->ctx);
 		break;
 	case SHA256_HASH_ALG:
-		SHA256_Final(out, hash->ctx);
+		netpgpv_SHA256_Final(out, hash->ctx);
 		break;
 	case SHA512_HASH_ALG:
-		SHA512_Final(out, hash->ctx);
-		break;
-	case TIGER_HASH_ALG:
-		TIGER_Final(out, hash->ctx);
+		netpgpv_SHA512_Final(out, hash->ctx);
 		break;
 	default:
 		printf("hash_any: bad algorithm\n");
@@ -298,6 +269,9 @@ digest_get_prefix(unsigned hashalg, uint8_t *prefix, size_t size)
 	case SHA256_HASH_ALG:
 		memcpy(prefix, prefix_sha256, sizeof(prefix_sha256));
 		return sizeof(prefix_sha256);
+	case SHA512_HASH_ALG:
+		memcpy(prefix, prefix_sha512, sizeof(prefix_sha512));
+		return sizeof(prefix_sha512);
 	default:
 		printf("digest_get_prefix: unknown hash algorithm: %d\n", hashalg);
 		return 0;
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h
index 900a3d026..823093e67 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/digest.h
@@ -33,7 +33,6 @@
 #include "sha1.h"
 #include "sha2.h"
 #include "rmd160.h"
-#include "tiger.h"
 
 #ifndef __BEGIN_DECLS
 #  if defined(__cplusplus)
@@ -50,24 +49,21 @@ __BEGIN_DECLS
 #define MD5_HASH_ALG		1
 #define SHA1_HASH_ALG		2
 #define RIPEMD_HASH_ALG		3
-#define TIGER_HASH_ALG		6	/* from rfc2440 */
 #define SHA256_HASH_ALG		8
 #define SHA384_HASH_ALG		9
 #define SHA512_HASH_ALG		10
 #define SHA224_HASH_ALG		11
-#define TIGER2_HASH_ALG		100	/* private/experimental from rfc4880 */
 
 /* structure to describe digest methods */
 typedef struct digest_t {
 	uint32_t		 alg;		/* algorithm */
 	size_t			 size;		/* size */
 	union {
-		MD5_CTX		 md5ctx;	/* MD5 */
-		SHA1_CTX	 sha1ctx;	/* SHA1 */
-		RMD160_CTX	 rmd160ctx;	/* RIPEMD */
-		SHA256_CTX	 sha256ctx;	/* SHA256 */
-		SHA512_CTX	 sha512ctx;	/* SHA512 */
-		TIGER_CTX	 tigerctx;	/* TIGER/TIGER2 */
+		NETPGPV_MD5_CTX		 md5ctx;	/* MD5 */
+		NETPGPV_SHA1_CTX	 sha1ctx;	/* SHA1 */
+		NETPGPV_RMD160_CTX	 rmd160ctx;	/* RIPEMD */
+		NETPGPV_SHA256_CTX	 sha256ctx;	/* SHA256 */
+		NETPGPV_SHA512_CTX	 sha512ctx;	/* SHA512 */
 	} u;
 	void			*prefix;	/* points to specific prefix */
 	uint32_t		 len;		/* prefix length */
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3 b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3
index 132749027..a540ae2e7 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libnetpgpverify.3
@@ -1,6 +1,6 @@
-.\" $NetBSD: libnetpgpverify.3,v 1.3 2015/02/05 01:26:54 agc Exp $
+.\" $NetBSD: libnetpgpverify.3,v 1.4 2017/04/17 19:50:28 agc Exp $
 .\"
-.\" Copyright (c) 2014 Alistair Crooks <agc@NetBSD.org>
+.\" Copyright (c) 2014,2015,2016 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 15, 2015
+.Dd June 26, 2016
 .Dt LIBNETPGPVERIFY 3
 .Os
 .Sh NAME
@@ -34,6 +34,14 @@
 .Sh SYNOPSIS
 .In netpgp/verify.h
 .Ft int
+.Fo pgpv_new
+.Fa "void"
+.Fc
+.Ft int
+.Fo pgpv_new_cursor
+.Fa "void"
+.Fc
+.Ft int
 .Fo pgpv_read_pubring
 .Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size"
 .Fc
@@ -61,6 +69,14 @@
 .Fo pgpv_get_entry
 .Fa "pgpv_t *pgp" "unsigned ent" "char **ret" "const char *modifiers"
 .Fc
+.Ft int64_t
+.Fo pgpv_get_cursor_num
+.Fa "pgpv_t *pgp" "const char *field"
+.Fc
+.Ft char *
+.Fo pgpv_get_cursor_str
+.Fa "pgpv_t *pgp" "const char *field"
+.Fc
 .Ft int
 .Fo pgpv_close
 .Fa "pgpv_t *pgp"
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
index 55bf7882f..cd98aa75e 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012,2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
+ * Copyright (c) 2012,2013,2014,2015,2016 Alistair Crooks <agc@NetBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,6 +32,7 @@
 #include <arpa/inet.h>
 
 #include <inttypes.h>
+#include <limits.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -52,6 +53,243 @@
 #include "rsa.h"
 #include "verify.h"
 
+/* 64bit key ids */
+#define PGPV_KEYID_LEN		8
+#define PGPV_STR_KEYID_LEN	(PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1)
+
+/* bignum structure */
+typedef struct pgpv_bignum_t {
+	void			*bn;	/* hide the implementation details */
+	uint16_t		 bits;	/* cached number of bits */
+} pgpv_bignum_t;
+
+/* right now, our max binary digest length is 20 bytes */
+#define PGPV_MAX_HASH_LEN	64
+
+/* fingerprint */
+typedef struct pgpv_fingerprint_t {
+	uint8_t			hashalg;	/* algorithm for digest */
+	uint8_t			v[PGPV_MAX_HASH_LEN];	/* the digest */
+	uint32_t		len;		/* its length */
+} pgpv_fingerprint_t;
+
+/* specify size for array of bignums */
+#define PGPV_MAX_PUBKEY_BN	4
+
+/* public key */
+typedef struct pgpv_pubkey_t {
+	pgpv_fingerprint_t	 fingerprint;	/* key fingerprint i.e. digest */
+	uint8_t			 keyid[PGPV_KEYID_LEN];	/* last 8 bytes of v4 keys */
+	int64_t		 	 birth;		/* creation time */
+	int64_t			 expiry;	/* expiry time */
+	pgpv_bignum_t		 bn[PGPV_MAX_PUBKEY_BN]; /* bignums */
+	uint8_t			 keyalg;	/* key algorithm */
+	uint8_t			 hashalg;	/* hash algorithm */
+	uint8_t			 version;	/* key version */
+} pgpv_pubkey_t;
+
+#define PGPV_MAX_SESSKEY_BN	2
+
+/* a (size, byte array) string */
+typedef struct pgpv_string_t {
+	size_t			 size;
+	uint8_t			*data;
+	uint8_t			 allocated;
+} pgpv_string_t;
+
+typedef struct pgpv_ref_t {
+	void			*vp;
+	size_t			 offset;
+	unsigned		 mem;
+} pgpv_ref_t;
+
+#define PGPV_MAX_SECKEY_BN	4
+
+typedef struct pgpv_compress_t {
+	pgpv_string_t		 s;
+	uint8_t			 compalg;
+} pgpv_compress_t;
+
+/* a packet dealing with trust */
+typedef struct pgpv_trust_t {
+	uint8_t			level;
+	uint8_t			amount;
+} pgpv_trust_t;
+
+/* a signature sub packet */
+typedef struct pgpv_sigsubpkt_t {
+	pgpv_string_t		 s;
+	uint8_t			 tag;
+	uint8_t			 critical;
+} pgpv_sigsubpkt_t;
+
+#define PGPV_MAX_SIG_BN		2
+
+typedef struct pgpv_signature_t {
+	uint8_t			 signer[PGPV_KEYID_LEN]; /* key id of signer */
+	pgpv_ref_t		 hashstart;
+	uint8_t			*hash2;
+	uint8_t			*mpi;
+	int64_t			 birth;
+	int64_t			 keyexpiry;
+	int64_t			 expiry;
+	uint32_t		 hashlen;
+	uint8_t			 version;
+	uint8_t			 type;
+	uint8_t			 keyalg;
+	uint8_t			 hashalg;
+	uint8_t			 trustlevel;
+	uint8_t			 trustamount;
+	pgpv_bignum_t		 bn[PGPV_MAX_SIG_BN];
+	char			*regexp;
+	char			*pref_key_server;
+	char			*policy;
+	char			*features;
+	char			*why_revoked;
+	uint8_t			*revoke_fingerprint;
+	uint8_t			 revoke_alg;
+	uint8_t			 revoke_sensitive;
+	uint8_t			 trustsig;
+	uint8_t			 revocable;
+	uint8_t			 pref_symm_alg;
+	uint8_t			 pref_hash_alg;
+	uint8_t			 pref_compress_alg;
+	uint8_t			 key_server_modify;
+	uint8_t			 notation;
+	uint8_t			 type_key;
+	uint8_t			 primary_userid;
+	uint8_t			 revoked;	/* subtract 1 to get real reason, 0 == not revoked */
+} pgpv_signature_t;
+
+/* a signature packet */
+typedef struct pgpv_sigpkt_t {
+	pgpv_signature_t	 sig;
+	uint16_t		 subslen;
+	uint16_t		 unhashlen;
+	ARRAY(uint64_t,	 	 subpackets);
+} pgpv_sigpkt_t;
+
+/* a one-pass signature packet */
+typedef struct pgpv_onepass_t {
+	uint8_t			 keyid[PGPV_KEYID_LEN];
+	uint8_t			 version;
+	uint8_t			 type;
+	uint8_t			 hashalg;
+	uint8_t			 keyalg;
+	uint8_t			 nested;
+} pgpv_onepass_t;
+
+/* a literal data packet */
+typedef struct pgpv_litdata_t {
+	pgpv_string_t		 filename;
+	pgpv_string_t		 s;
+	uint32_t		 secs;
+	uint8_t			 namelen;
+	char			 format;
+	unsigned		 mem;
+	size_t			 offset;
+	size_t			 len;
+} pgpv_litdata_t;
+
+/* user attributes - images */
+typedef struct pgpv_userattr_t {
+	size_t 			 len;
+	ARRAY(pgpv_string_t, 	 subattrs);
+} pgpv_userattr_t;
+
+/* a general PGP packet */
+typedef struct pgpv_pkt_t {
+	uint8_t			 tag;
+	uint8_t			 newfmt;
+	uint8_t			 allocated;
+	uint8_t			 mement;
+	size_t			 offset;
+	pgpv_string_t		 s;
+	union {
+		pgpv_sigpkt_t	sigpkt;
+		pgpv_onepass_t	onepass;
+		pgpv_litdata_t	litdata;
+		pgpv_compress_t	compressed;
+		pgpv_trust_t	trust;
+		pgpv_pubkey_t	pubkey;
+		pgpv_string_t	userid;
+		pgpv_userattr_t	userattr;
+	} u;
+} pgpv_pkt_t;
+
+/* a memory structure */
+typedef struct pgpv_mem_t {
+	size_t			 size;
+	size_t			 cc;
+	uint8_t			*mem;
+	FILE			*fp;
+	uint8_t			 dealloc;
+	const char		*allowed;	/* the types of packet that are allowed */
+} pgpv_mem_t;
+
+/* packet parser */
+
+typedef struct pgpv_signed_userid_t {
+	pgpv_string_t	 	 userid;
+	ARRAY(uint64_t, 	 signatures);
+	uint8_t			 primary_userid;
+	uint8_t			 revoked;
+} pgpv_signed_userid_t;
+
+typedef struct pgpv_signed_userattr_t {
+	pgpv_userattr_t	 	 userattr;
+	ARRAY(uint64_t, 	 signatures);
+	uint8_t			 revoked;
+} pgpv_signed_userattr_t;
+
+typedef struct pgpv_signed_subkey_t {
+	pgpv_pubkey_t	 	 subkey;
+	pgpv_signature_t 	 revoc_self_sig;
+	ARRAY(uint64_t, 	 signatures);
+} pgpv_signed_subkey_t;
+
+typedef struct pgpv_primarykey_t {
+	pgpv_pubkey_t 		 primary;
+	pgpv_signature_t 	 revoc_self_sig;
+	ARRAY(uint64_t, 	 signatures);
+	ARRAY(uint64_t, 	 signed_userids);
+	ARRAY(uint64_t, 	 signed_userattrs);
+	ARRAY(uint64_t, 	 signed_subkeys);
+	size_t			 fmtsize;
+	uint8_t			 primary_userid;
+} pgpv_primarykey_t;
+
+/* everything stems from this structure */
+struct pgpv_t {
+	ARRAY(pgpv_pkt_t, 	 pkts);		/* packet array */
+	ARRAY(pgpv_primarykey_t, primaries);	/* array of primary keys */
+	ARRAY(pgpv_mem_t,	 areas);	/* areas we read packets from */
+	ARRAY(size_t,	 	 datastarts);	/* starts of data packets */
+	ARRAY(pgpv_signature_t,	 signatures);	/* all signatures */
+	ARRAY(pgpv_signed_userid_t, signed_userids); /* all signed userids */
+	ARRAY(pgpv_signed_userattr_t, signed_userattrs); /* all signed user attrs */
+	ARRAY(pgpv_signed_subkey_t, signed_subkeys); /* all signed subkeys */
+	ARRAY(pgpv_sigsubpkt_t,	 subpkts);	/* all sub packets */
+	size_t		 	 pkt;		/* when parsing, current pkt number */
+	const char		*op;		/* the operation we're doing */
+	unsigned		 ssh;		/* using ssh keys */
+};
+
+#define PGPV_REASON_LEN		128
+
+/* when searching, we define a cursor, and fill in an array of subscripts */
+struct pgpv_cursor_t {
+	pgpv_t			*pgp;			/* pointer to pgp tree */
+	char			*field;			/* field we're searching on */
+	char			*op;			/* operation we're doing */
+	char			*value;			/* value we're searching for */
+	void			*ptr;			/* for regexps etc */
+	ARRAY(uint32_t,	 	 found);		/* array of matched pimary key subscripts */
+	ARRAY(size_t,	 	 datacookies);		/* cookies to retrieve matched data */
+	int64_t			 sigtime;		/* time of signature */
+	char			 why[PGPV_REASON_LEN];	/* reason for bad signature */
+};
+
 #ifndef USE_ARG
 #define USE_ARG(x)	/*LINTED*/(void)&(x)
 #endif
@@ -64,6 +302,14 @@
 #define __printflike(n, m)		__attribute__((format(printf,n,m)))
 #endif
 
+#ifndef MIN
+#define MIN(a,b)			(((a)<(b))?(a):(b))
+#endif
+
+#ifndef howmany
+#define howmany(x, y)   		(((x)+((y)-1))/(y))
+#endif
+
 #define BITS_TO_BYTES(b)		(((b) + (CHAR_BIT - 1)) / CHAR_BIT)
 
 /* packet types */
@@ -92,7 +338,7 @@
 #define PUBKEY_RSA_SIGN			3
 #define PUBKEY_ELGAMAL_ENCRYPT		16
 #define PUBKEY_DSA			17
-#define PUBKEY_ELLIPTIC_CURVE		18
+#define PUBKEY_ECDH			18
 #define PUBKEY_ECDSA			19
 #define PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN	20
 
@@ -162,6 +408,48 @@ static int read_all_packets(pgpv_t */*pgp*/, pgpv_mem_t */*mem*/, const char */*
 static int read_binary_file(pgpv_t */*pgp*/, const char */*op*/, const char */*fmt*/, ...) __printflike(3, 4);
 static int read_binary_memory(pgpv_t */*pgp*/, const char */*op*/, const void */*memory*/, size_t /*size*/);
 
+/* output buffer structure */
+typedef struct obuf_t {
+	size_t	 alloc;		/* amount of memory allocated */
+	size_t	 c;		/* # of chars used so far */
+	uint8_t	*v;		/* array of bytes */
+	uint32_t endian;	/* byte order of output stream */
+} obuf_t;
+
+/* grow the buffer, if needed */
+static int
+growbuf(obuf_t *obuf, size_t cc)
+{
+	size_t	 newalloc;
+	uint8_t	*newv;
+
+	if (obuf->c + cc > obuf->alloc) {
+		newalloc = howmany(obuf->alloc + cc, 128) * 128;
+		newv = realloc(obuf->v, newalloc);
+		if (newv == NULL) {
+			return 0;
+		}
+		obuf->v = newv;
+		obuf->alloc = newalloc;
+	}
+	return 1;
+}
+
+/* add a fixed-length area of memory */
+static int
+obuf_add_mem(obuf_t *obuf, const void *s, size_t len)
+{
+	if (obuf && s && len > 0) {
+		if (!growbuf(obuf, len)) {
+			return 0;
+		}
+		memcpy(&obuf->v[obuf->c], s, len);
+		obuf->c += len;
+		return 1;
+	}
+	return 0;
+}
+
 /* read a file into the pgpv_mem_t struct */
 static int
 read_file(pgpv_t *pgp, const char *f)
@@ -215,7 +503,7 @@ static uint8_t *
 get_ref(pgpv_ref_t *ref)
 {
 	pgpv_mem_t	*mem;
-	pgpv_t		*pgp = (pgpv_t *)ref->vp;;
+	pgpv_t		*pgp = (pgpv_t *)ref->vp;
 
 	mem = &ARRAY_ELEMENT(pgp->areas, ref->mem);
 	return &mem->mem[ref->offset];
@@ -410,15 +698,18 @@ fmt_16(uint8_t *p, uint16_t a)
 
 /* format a binary string in memory */
 static size_t
-fmt_binary(char *s, size_t size, const uint8_t *bin, unsigned len)
+fmt_binary(obuf_t *obuf, const uint8_t *bin, unsigned len)
 {
 	unsigned	i;
-	size_t		cc;
+	char		newbuf[3];
 
-	for (cc = 0, i = 0 ; i < len && cc < size ; i++) {
-		cc += snprintf(&s[cc], size - cc, "%02x", bin[i]);
+	for (i = 0 ; i < len ; i++) {
+		snprintf(newbuf, sizeof(newbuf), "%02hhx", bin[i]);
+		if (!obuf_add_mem(obuf, newbuf, 2)) {
+			return 0;
+		}
 	}
-	return cc;
+	return 1;
 }
 
 /* format an mpi into memory */
@@ -426,20 +717,20 @@ static unsigned
 fmt_binary_mpi(pgpv_bignum_t *mpi, uint8_t *p, size_t size)
 {
 	unsigned	 bytes;
-	BIGNUM		*bn;
+	PGPV_BIGNUM		*bn;
 
 	bytes = BITS_TO_BYTES(mpi->bits);
 	if ((size_t)bytes + 2 + 1 > size) {
 		fprintf(stderr, "truncated mpi");
 		return 0;
 	}
-	bn = (BIGNUM *)mpi->bn;
-	if (bn == NULL || BN_is_zero(bn)) {
+	bn = (PGPV_BIGNUM *)mpi->bn;
+	if (bn == NULL || PGPV_BN_is_zero(bn)) {
 		fmt_32(p, 0);
 		return 2 + 1;
 	}
 	fmt_16(p, mpi->bits);
-	BN_bn2bin(bn, &p[2]);
+	PGPV_BN_bn2bin(bn, &p[2]);
 	return bytes + 2;
 }
 
@@ -454,7 +745,7 @@ fmt_mpi(char *s, size_t size, pgpv_bignum_t *bn, const char *name, int pbits)
 	if (pbits) {
 		cc += snprintf(&s[cc], size - cc, "[%u bits] ", bn->bits);
 	}
-	buf = BN_bn2hex(bn->bn);
+	buf = PGPV_BN_bn2hex(bn->bn);
 	cc += snprintf(&s[cc], size - cc, "%s\n", buf);
 	free(buf);
 	return cc;
@@ -547,19 +838,28 @@ pgpv_calc_fingerprint(pgpv_fingerprint_t *fingerprint, pgpv_pubkey_t *pubkey, co
 }
 
 /* format a fingerprint into memory */
-static size_t
-fmt_fingerprint(char *s, size_t size, pgpv_fingerprint_t *fingerprint, const char *name)
+static int
+fmt_fingerprint(obuf_t *obuf, pgpv_fingerprint_t *fingerprint, const char *name)
 {
 	unsigned	i;
-	size_t		cc;
+	char		newbuf[3];
+	int		cc;
 
-	cc = snprintf(s, size, "%s ", name);
-	for (i = 0 ; i < fingerprint->len ; i++) {
-		cc += snprintf(&s[cc], size - cc, "%02hhx%s",
-			fingerprint->v[i], (i % 2 == 1) ? " " : "");
+	if (!obuf_add_mem(obuf, name, strlen(name)) ||
+	    !obuf_add_mem(obuf, " ", 1)) {
+		return 0;
 	}
-	cc += snprintf(&s[cc], size - cc, "\n");
-	return cc;
+	for (i = 0 ; i < fingerprint->len ; i++) {
+		cc = snprintf(newbuf, sizeof(newbuf), "%02hhx",
+			fingerprint->v[i]);
+		if (!obuf_add_mem(obuf, newbuf, cc)) {
+			return 0;
+		}
+		if (i % 2 == 1 && !obuf_add_mem(obuf, " ", 1)) {
+			return 0;
+		}
+	}
+	return obuf_add_mem(obuf, "\n", 1);
 }
 
 /* calculate keyid from a pubkey */
@@ -575,18 +875,18 @@ calc_keyid(pgpv_pubkey_t *key, const char *hashtype)
 static void
 str_to_keyid(const char *s, uint8_t *keyid)
 {
-	uint64_t	u64;
+	uint64_t	u;
 
-	u64 = (uint64_t)strtoull(s, NULL, 16);
-	u64 =   ((u64 & 0x00000000000000FFUL) << 56) | 
-		((u64 & 0x000000000000FF00UL) << 40) | 
-		((u64 & 0x0000000000FF0000UL) << 24) | 
-		((u64 & 0x00000000FF000000UL) <<  8) | 
-		((u64 & 0x000000FF00000000UL) >>  8) | 
-		((u64 & 0x0000FF0000000000UL) >> 24) | 
-		((u64 & 0x00FF000000000000UL) >> 40) | 
-		((u64 & 0xFF00000000000000UL) >> 56);
-	memcpy(keyid, &u64, PGPV_KEYID_LEN);
+	u = (uint64_t)strtoull(s, NULL, 16);
+	u =     ((u & 0x00000000000000FFULL) << 56) | 
+		((u & 0x000000000000FF00ULL) << 40) | 
+		((u & 0x0000000000FF0000ULL) << 24) | 
+		((u & 0x00000000FF000000ULL) <<  8) | 
+		((u & 0x000000FF00000000ULL) >>  8) | 
+		((u & 0x0000FF0000000000ULL) >> 24) | 
+		((u & 0x00FF000000000000ULL) >> 40) | 
+		((u & 0xFF00000000000000ULL) >> 56);
+	memcpy(keyid, &u, PGPV_KEYID_LEN);
 }
 
 #define PKT_ALWAYS_ON			0x80
@@ -654,30 +954,38 @@ get_32(uint8_t *p)
 
 /* format (human readable) time into memory */
 static size_t
-fmt_time(char *s, size_t size, const char *header, int64_t n, const char *trailer, int relative)
+fmt_time(obuf_t *obuf, const char *header, int64_t n, const char *trailer, int relative)
 {
 	struct tm	tm;
 	time_t		elapsed;
 	time_t		now;
 	time_t		t;
-	size_t		cc;
+	char		newbuf[128];
+	int		cc;
 
 	t = (time_t)n;
 	now = time(NULL);
 	elapsed = now - t;
 	gmtime_r(&t, &tm);            
-	cc = snprintf(s, size, "%s%04d-%02d-%02d", header,
+	cc = snprintf(newbuf, sizeof(newbuf), "%04d-%02d-%02d",
 		tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday);
+	if (!obuf_add_mem(obuf, header, strlen(header)) ||
+	    !obuf_add_mem(obuf, newbuf, cc)) {
+		return 0;
+	}
 	if (relative) {
-		cc += snprintf(&s[cc], size - cc, " (%lldy %lldm %lldd %lldh %s)",
+		cc = snprintf(newbuf, sizeof(newbuf),
+			" (%lldy %lldm %lldd %lldh %s)",
 			llabs((long long)elapsed / YEARSECS),
 			llabs(((long long)elapsed % YEARSECS) / MONSECS),
 			llabs(((long long)elapsed % MONSECS) / DAYSECS),
 			llabs(((long long)elapsed % DAYSECS) / HOURSECS),
 			(now > t) ? "ago" : "ahead");
+		if (!obuf_add_mem(obuf, newbuf, cc)) {
+			return 0;
+		}
 	}
-	cc += snprintf(&s[cc], size - cc, "%s", trailer);
-	return cc;
+	return (*trailer) ? obuf_add_mem(obuf, trailer, strlen(trailer)) : 1;
 }
 
 /* dump key mpis to stdout */
@@ -728,7 +1036,7 @@ get_mpi(pgpv_bignum_t *mpi, uint8_t *p, size_t pktlen, size_t *off)
 		return 0;
 	}
 	*off += sizeof(mpi->bits);
-	mpi->bn = BN_bin2bn(&p[sizeof(mpi->bits)], (int)bytes, NULL);
+	mpi->bn = PGPV_BN_bin2bn(&p[sizeof(mpi->bits)], (int)bytes, NULL);
 	*off += bytes;
 	return 1;
 }
@@ -767,7 +1075,7 @@ read_signature_mpis(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
 
 /* add the signature sub packet to the signature packet */
 static int
-add_subpacket(pgpv_sigpkt_t *sigpkt, uint8_t tag, uint8_t *p, uint16_t len)
+add_subpacket(pgpv_t *pgp, pgpv_sigpkt_t *sigpkt, uint8_t tag, uint8_t *p, uint16_t len)
 {
 	pgpv_sigsubpkt_t	subpkt;
 
@@ -776,13 +1084,14 @@ add_subpacket(pgpv_sigpkt_t *sigpkt, uint8_t tag, uint8_t *p, uint16_t len)
 	subpkt.critical = 0;
 	subpkt.tag = tag;
 	subpkt.s.data = p;
-	ARRAY_APPEND(sigpkt->subpkts, subpkt);
+	ARRAY_APPEND(sigpkt->subpackets, ARRAY_COUNT(pgp->subpkts));
+	ARRAY_APPEND(pgp->subpkts, subpkt);
 	return 1;
 }
 
 /* read the subpackets in the signature */
 static int
-read_sig_subpackets(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
+read_sig_subpackets(pgpv_t *pgp, pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
 {
 	pgpv_sigsubpkt_t	 subpkt;
 	const int		 is_subpkt = 0;
@@ -814,10 +1123,10 @@ read_sig_subpackets(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
 			sigpkt->sig.keyexpiry = (int64_t)get_32(p);
 			break;
 		case SUBPKT_ISSUER:
-			sigpkt->sig.signer = p;
+			memcpy(sigpkt->sig.signer, p, sizeof(sigpkt->sig.signer));
 			break;
 		case SUBPKT_SIGNER_ID:
-			sigpkt->sig.signer = p;
+			memcpy(sigpkt->sig.signer, p, sizeof(sigpkt->sig.signer));
 			break;
 		case SUBPKT_TRUST_SIG:
 			sigpkt->sig.trustsig = *p;
@@ -873,7 +1182,8 @@ read_sig_subpackets(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen)
 		}
 		subpkt.s.data = p;
 		p += subpkt.s.size - 1;
-		ARRAY_APPEND(sigpkt->subpkts, subpkt);
+		ARRAY_APPEND(sigpkt->subpackets, ARRAY_COUNT(pgp->subpkts));
+		ARRAY_APPEND(pgp->subpkts, subpkt);
 	}
 	return 1;
 }
@@ -897,11 +1207,11 @@ read_sigpkt(pgpv_t *pgp, uint8_t mement, pgpv_sigpkt_t *sigpkt, uint8_t *p, size
 		sigpkt->sig.hashlen = lenlen;
 		/* put birthtime into a subpacket */
 		sigpkt->sig.type = *p++;
-		add_subpacket(sigpkt, SUBPKT_SIG_BIRTH, p, sizeof(uint32_t));
+		add_subpacket(pgp, sigpkt, SUBPKT_SIG_BIRTH, p, sizeof(uint32_t));
 		sigpkt->sig.birth = (int64_t)get_32(p);
 		p += sizeof(uint32_t);
-		sigpkt->sig.signer = p;
-		add_subpacket(sigpkt, SUBPKT_SIGNER_ID, p, PGPV_KEYID_LEN);
+		memcpy(sigpkt->sig.signer, p, sizeof(sigpkt->sig.signer));
+		add_subpacket(pgp, sigpkt, SUBPKT_SIGNER_ID, p, PGPV_KEYID_LEN);
 		p += PGPV_KEYID_LEN;
 		sigpkt->sig.keyalg = *p++;
 		sigpkt->sig.hashalg = *p++;
@@ -917,12 +1227,14 @@ read_sigpkt(pgpv_t *pgp, uint8_t mement, pgpv_sigpkt_t *sigpkt, uint8_t *p, size
 		sigpkt->sig.hashalg = *p++;
 		sigpkt->subslen = get_16(p);
 		p += sizeof(sigpkt->subslen);
-		if (!read_sig_subpackets(sigpkt, p, pktlen)) {
+		if (!read_sig_subpackets(pgp, sigpkt, p, pktlen)) {
 			printf("read_sigpkt: can't read sig subpackets, v4\n");
 			return 0;
 		}
-		if (!sigpkt->sig.signer) {
-			sigpkt->sig.signer = get_ref(&sigpkt->sig.hashstart) + 16;
+		if (sigpkt->sig.signer[0] == 0x0) {
+			memcpy(sigpkt->sig.signer,
+				get_ref(&sigpkt->sig.hashstart) + 16,
+				sizeof(sigpkt->sig.signer));
 		}
 		p += sigpkt->subslen;
 		sigpkt->sig.hashlen = (unsigned)(p - base);
@@ -1146,8 +1458,9 @@ read_litdata(pgpv_t *pgp, pgpv_litdata_t *litdata, uint8_t *p, size_t size)
 		printf("weird litdata format %u\n", litdata->format);
 		break;
 	}
-	litdata->namelen = p[cc++];
-	litdata->filename = &p[cc];
+	litdata->filename.size = litdata->namelen = p[cc++];
+	litdata->filename.data = &p[cc];
+	litdata->filename.allocated = 0;
 	cc += litdata->namelen;
 	litdata->secs = get_32(&p[cc]);
 	cc += 4;
@@ -1219,6 +1532,7 @@ read_pkt(pgpv_t *pgp, pgpv_mem_t *mem)
 	case USERID_PKT:
 		pkt.u.userid.size = pkt.s.size;
 		pkt.u.userid.data = pkt.s.data;
+		pkt.u.userid.allocated = 0;
 		break;
 	case COMPRESSED_DATA_PKT:
 		read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size);
@@ -1302,13 +1616,15 @@ recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid)
 	pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt);
 	userid->userid.size = pkt->s.size;
 	userid->userid.data = pkt->s.data;
+	userid->userid.allocated = 0;
 	pgp->pkt += 1;
 	while (pkt_is(pgp, SIGNATURE_PKT)) {
 		if (!recog_signature(pgp, &signature)) {
 			printf("recog_userid: can't recognise signature/trust\n");
 			return 0;
 		}
-		ARRAY_APPEND(userid->sigs, signature);
+		ARRAY_APPEND(userid->signatures, ARRAY_COUNT(pgp->signatures));
+		ARRAY_APPEND(pgp->signatures, signature);
 		if (signature.primary_userid) {
 			userid->primary_userid = signature.primary_userid;
 		}
@@ -1337,7 +1653,8 @@ recog_userattr(pgpv_t *pgp, pgpv_signed_userattr_t *userattr)
 			printf("recog_userattr: can't recognise signature/trust\n");
 			return 0;
 		}
-		ARRAY_APPEND(userattr->sigs, signature);
+		ARRAY_APPEND(userattr->signatures, ARRAY_COUNT(pgp->signatures));
+		ARRAY_APPEND(pgp->signatures, signature);
 		if (signature.revoked) {
 			userattr->revoked = signature.revoked;
 		}
@@ -1371,7 +1688,8 @@ recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey)
 			printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt);
 			return 0;
 		}
-		ARRAY_APPEND(subkey->sigs, signature);
+		ARRAY_APPEND(subkey->signatures, ARRAY_COUNT(pgp->signatures));
+		ARRAY_APPEND(pgp->signatures, signature);
 		if (signature.keyexpiry) {
 			/* XXX - check it's a good key expiry */
 			subkey->subkey.expiry = signature.keyexpiry;
@@ -1426,82 +1744,116 @@ numkeybits(const pgpv_pubkey_t *pubkey)
 }
 
 /* print a public key */
-static size_t
-fmt_pubkey(char *s, size_t size, pgpv_pubkey_t *pubkey, const char *leader)
+static int
+fmt_pubkey(obuf_t *obuf, pgpv_pubkey_t *pubkey, const char *leader)
 {
-	size_t	cc;
+	char	newbuf[128];
+	int	cc;
 
-	cc = snprintf(s, size, "%s %u/%s ", leader, numkeybits(pubkey), fmtkeyalg(pubkey->keyalg));
-	cc += fmt_binary(&s[cc], size - cc, pubkey->keyid, PGPV_KEYID_LEN);
-	cc += fmt_time(&s[cc], size - cc, " ", pubkey->birth, "", 0);
-	if (pubkey->expiry) {
-		cc += fmt_time(&s[cc], size - cc, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0);
+	cc = snprintf(newbuf, sizeof(newbuf), " %u/%s ",
+		numkeybits(pubkey), fmtkeyalg(pubkey->keyalg));
+	if (!obuf_add_mem(obuf, leader, strlen(leader)) ||
+	    !obuf_add_mem(obuf, newbuf, cc)) {
+		return 0;
 	}
-	cc += snprintf(&s[cc], size - cc, "\n");
-	cc += fmt_fingerprint(&s[cc], size - cc, &pubkey->fingerprint, "fingerprint  ");
-	return cc;
+	if (!fmt_binary(obuf, pubkey->keyid, PGPV_KEYID_LEN)) {
+		return 0;
+	}
+	if (!fmt_time(obuf, " ", pubkey->birth, "", 0)) {
+		return 0;
+	}
+	if (pubkey->expiry) {
+		if (!fmt_time(obuf, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0)) {
+			return 0;
+		}
+	}
+	if (!obuf_add_mem(obuf, "\n", 1)) {
+		return 0;
+	}
+	return fmt_fingerprint(obuf, &pubkey->fingerprint, "fingerprint  ");
 }
 
 /* we add 1 to revocation value to denote compromised */
 #define COMPROMISED	(0x02 + 1)
 
 /* format a userid - used to order the userids when formatting */
-static size_t
-fmt_userid(char *s, size_t size, pgpv_primarykey_t *primary, uint8_t u)
+static int
+fmt_userid(obuf_t *obuf, pgpv_t *pgp, pgpv_primarykey_t *primary, uint8_t u)
 {
 	pgpv_signed_userid_t	*userid;
+	const char		*s;
+	uint64_t		 id;
 
-	userid = &ARRAY_ELEMENT(primary->signed_userids, u);
-	return snprintf(s, size, "uid           %.*s%s\n",
-			(int)userid->userid.size, userid->userid.data,
-			(userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]" :
-			(userid->revoked) ? " [REVOKED]" : "");
+	id = ARRAY_ELEMENT(primary->signed_userids, u);
+	userid = &ARRAY_ELEMENT(pgp->signed_userids, id);
+	s = (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]\n" :
+		(userid->revoked) ? " [REVOKED]\n" : "\n";
+	return obuf_add_mem(obuf, "uid           ", 14) &&
+		obuf_add_mem(obuf, userid->userid.data, userid->userid.size) &&
+		obuf_add_mem(obuf, s, strlen(s));
 }
 
 /* format a trust sig - used to order the userids when formatting */
-static size_t
-fmt_trust(char *s, size_t size, pgpv_signed_userid_t *userid, uint32_t u)
+static int
+fmt_trust(obuf_t *obuf, pgpv_signature_t *sig)
 {
-	pgpv_signature_t	*sig;
-	size_t			 cc;
-
-	sig = &ARRAY_ELEMENT(userid->sigs, u);
-	cc = snprintf(s, size, "trust          ");
-	cc += fmt_binary(&s[cc], size - cc, sig->signer, 8);
-	return cc + snprintf(&s[cc], size - cc, "\n");
+	if (!obuf_add_mem(obuf, "trust          ", 15) ||
+	    !fmt_binary(obuf, sig->signer, PGPV_KEYID_LEN)) {
+		return 0;
+	}
+	return obuf_add_mem(obuf, "\n", 1);
 }
 
 /* print a primary key, per RFC 4880 */
-static size_t
-fmt_primary(char *s, size_t size, pgpv_primarykey_t *primary, unsigned subkey, const char *modifiers)
+static int
+fmt_primary(obuf_t *obuf, pgpv_t *pgp, pgpv_primarykey_t *primary, unsigned subkey, const char *modifiers)
 {
 	pgpv_signed_userid_t	*userid;
+	pgpv_signed_subkey_t	*signed_subkey;
 	pgpv_pubkey_t		*pubkey;
 	unsigned		 i;
 	unsigned		 j;
-	size_t			 cc;
+	uint64_t		 id;
 
-	pubkey = (subkey == 0) ? &primary->primary : &ARRAY_ELEMENT(primary->signed_subkeys, subkey - 1).subkey;
-	cc = fmt_pubkey(s, size, pubkey, "signature    ");
-	cc += fmt_userid(&s[cc], size - cc, primary, primary->primary_userid);
+	if (subkey == 0) {
+		pubkey = &primary->primary;
+	} else {
+		id = ARRAY_ELEMENT(primary->signed_subkeys, subkey);
+		pubkey = &ARRAY_ELEMENT(pgp->signed_subkeys, id).subkey;
+	}
+	if (!fmt_pubkey(obuf, pubkey, "signature    ")) {
+		return 0;
+	}
+	if (!fmt_userid(obuf, pgp, primary, primary->primary_userid)) {
+		return 0;
+	}
 	for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) {
 		if (i != primary->primary_userid) {
-			cc += fmt_userid(&s[cc], size - cc, primary, i);
+			if (!fmt_userid(obuf, pgp, primary, i)) {
+				return 0;
+			}
 			if (strcasecmp(modifiers, "trust") == 0) {
-				userid = &ARRAY_ELEMENT(primary->signed_userids, i);
-				for (j = 0 ; j < ARRAY_COUNT(userid->sigs) ; j++) {
-					cc += fmt_trust(&s[cc], size - cc, userid, j);
+				id = ARRAY_ELEMENT(primary->signed_userids, i);
+				userid = &ARRAY_ELEMENT(pgp->signed_userids, id);
+				for (j = 0 ; j < ARRAY_COUNT(userid->signatures) ; j++) {
+					if (!fmt_trust(obuf, &ARRAY_ELEMENT(pgp->signatures,
+							ARRAY_ELEMENT(userid->signatures, j)))) {
+						return 0;
+					}
 				}
 			}
 		}
 	}
 	if (strcasecmp(modifiers, "subkeys") == 0) {
 		for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) {
-			cc += fmt_pubkey(&s[cc], size - cc, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption");
+			id = ARRAY_ELEMENT(primary->signed_subkeys, i);
+			signed_subkey = &ARRAY_ELEMENT(pgp->signed_subkeys, id);
+			if (!fmt_pubkey(obuf, &signed_subkey->subkey, "encryption")) {
+				return 0;
+			}
 		}
 	}
-	cc += snprintf(&s[cc], size - cc, "\n");
-	return cc;
+	return obuf_add_mem(obuf, "\n", 1);
 }
 
 
@@ -1528,8 +1880,8 @@ static int
 lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa)
 {
 	uint8_t		*decbuf;
-	BIGNUM		*decbn;
-	BIGNUM		*encbn;
+	PGPV_BIGNUM		*decbn;
+	PGPV_BIGNUM		*encbn;
 	int		 decbytes;
 	int		 nbytes;
 	int		 r;
@@ -1538,22 +1890,22 @@ lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const
 	r = -1;
 	decbuf = NULL;
 	decbn = encbn = NULL;
-	if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
+	if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
 		printf("rsa r modulus too large\n");
 		goto err;
 	}
-	if (BN_cmp(rsa->n, rsa->e) <= 0) {
+	if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) {
 		printf("rsa r bad n value\n");
 		goto err;
 	}
-	if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
-	    BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
+	if (PGPV_BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
+	    PGPV_BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
 		printf("rsa r bad exponent limit\n");
 		goto err;
 	}
-	nbytes = BN_num_bytes(rsa->n);
-	if ((encbn = BN_new()) == NULL ||
-	    (decbn = BN_new()) == NULL ||
+	nbytes = PGPV_BN_num_bytes(rsa->n);
+	if ((encbn = PGPV_BN_new()) == NULL ||
+	    (decbn = PGPV_BN_new()) == NULL ||
 	    (decbuf = calloc(1, (size_t)nbytes)) == NULL) {
 		printf("allocation failure\n");
 		goto err;
@@ -1562,26 +1914,26 @@ lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const
 		printf("rsa r > mod len\n");
 		goto err;
 	}
-	if (BN_bin2bn(encbuf, enclen, encbn) == NULL) {
+	if (PGPV_BN_bin2bn(encbuf, enclen, encbn) == NULL) {
 		printf("null encrypted BN\n");
 		goto err;
 	}
-	if (BN_cmp(encbn, rsa->n) >= 0) {
+	if (PGPV_BN_cmp(encbn, rsa->n) >= 0) {
 		printf("rsa r data too large for modulus\n");
 		goto err;
 	}
-	if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
-		printf("BN_mod_exp < 0\n");
+	if (PGPV_BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
+		printf("PGPV_BN_mod_exp < 0\n");
 		goto err;
 	}
-	decbytes = BN_num_bytes(decbn);
-	(void) BN_bn2bin(decbn, decbuf);
+	decbytes = PGPV_BN_num_bytes(decbn);
+	(void) PGPV_BN_bn2bin(decbn, decbuf);
 	if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) {
 		printf("rsa r padding check failed\n");
 	}
 err:
-	BN_free(encbn);
-	BN_free(decbn);
+	PGPV_BN_clear_free(encbn);
+	PGPV_BN_clear_free(decbn);
 	if (decbuf != NULL) {
 		(void) memset(decbuf, 0x0, nbytes);
 		free(decbuf);
@@ -1601,11 +1953,11 @@ rsa_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA
 	}
 	USE_ARG(padding);
 	(void) memset(&pub, 0x0, sizeof(pub));
-	pub.n = BN_dup(rsa->n);
-	pub.e = BN_dup(rsa->e);
+	pub.n = PGPV_BN_dup(rsa->n);
+	pub.e = PGPV_BN_dup(rsa->e);
 	ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub);
-	BN_free(pub.n);
-	BN_free(pub.e);
+	PGPV_BN_clear_free(pub.n);
+	PGPV_BN_clear_free(pub.e);
 	return ret;
 }
 
@@ -1656,7 +2008,7 @@ rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t
 	size_t		 keysize;
 
 	keysize = BITS_TO_BYTES(pubkey->bn[RSA_N].bits);
-	BN_bn2bin(bn[RSA_SIG].bn, sigbn);
+	PGPV_BN_bn2bin(bn[RSA_SIG].bn, sigbn);
 	decryptc = pgpv_rsa_public_decrypt(decrypted, sigbn, BITS_TO_BYTES(bn[RSA_SIG].bits), pubkey);
 	if (decryptc != keysize || (decrypted[0] != 0 || decrypted[1] != 1)) {
 		return 0;
@@ -1682,13 +2034,13 @@ rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t
 
 /* return 1 if bn <= 0 */
 static int
-bignum_is_bad(BIGNUM *bn)
+bignum_is_bad(PGPV_BIGNUM *bn)
 {
-	return BN_is_zero(bn) || BN_is_negative(bn);
+	return PGPV_BN_is_zero(bn) || PGPV_BN_is_negative(bn);
 }
 
 #define BAD_BIGNUM(s, k)	\
-	(bignum_is_bad((s)->bn) || BN_cmp((s)->bn, (k)->bn) >= 0)
+	(bignum_is_bad((s)->bn) || PGPV_BN_cmp((s)->bn, (k)->bn) >= 0)
 
 #ifndef DSA_MAX_MODULUS_BITS
 #define DSA_MAX_MODULUS_BITS      10000
@@ -1698,12 +2050,12 @@ bignum_is_bad(BIGNUM *bn)
 static int
 verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey)
 {
+	PGPV_BIGNUM	 *M;
+	PGPV_BIGNUM	 *W;
+	PGPV_BIGNUM	 *t1;
 	unsigned	  qbits;
 	uint8_t		  calcnum[128];
 	uint8_t		  signum[128];
-	BIGNUM		 *M;
-	BIGNUM		 *W;
-	BIGNUM		 *t1;
 	int		  ret;
 
 	if (pubkey->bn[DSA_P].bn == NULL ||
@@ -1731,37 +2083,37 @@ verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_p
 		return 0;
 	}
 	ret = 0;
-	if ((M = BN_new()) == NULL || (W = BN_new()) == NULL || (t1 = BN_new()) == NULL ||
+	if ((M = PGPV_BN_new()) == NULL || (W = PGPV_BN_new()) == NULL || (t1 = PGPV_BN_new()) == NULL ||
 	    BAD_BIGNUM(&sig[DSA_R], &pubkey->bn[DSA_Q]) ||
 	    BAD_BIGNUM(&sig[DSA_S], &pubkey->bn[DSA_Q]) ||
-	    BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) {
+	    PGPV_BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) {
 		goto done;
 	}
 	if (calclen > qbits / 8) {
 		calclen = qbits / 8;
 	}
-	if (BN_bin2bn(calculated, (int)calclen, M) == NULL ||
-	    !BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) ||
-	    !BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) ||
-	    !BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) ||
-	    !BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) ||
-	    !BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) ||
-	    !BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) {
+	if (PGPV_BN_bin2bn(calculated, (int)calclen, M) == NULL ||
+	    !PGPV_BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) ||
+	    !PGPV_BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) ||
+	    !PGPV_BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) ||
+	    !PGPV_BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) ||
+	    !PGPV_BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) ||
+	    !PGPV_BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) {
 		goto done;
 	}
 	/* only compare the first q bits */
-	BN_bn2bin(t1, calcnum);
-	BN_bn2bin(sig[DSA_R].bn, signum);
+	PGPV_BN_bn2bin(t1, calcnum);
+	PGPV_BN_bn2bin(sig[DSA_R].bn, signum);
 	ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0;
 done:
 	if (M) {
-		BN_free(M);
+		PGPV_BN_clear_free(M);
 	}
 	if (W) {
-		BN_free(W);
+		PGPV_BN_clear_free(W);
 	}
 	if (t1) {
-		BN_free(t1);
+		PGPV_BN_clear_free(t1);
 	}
 	return ret;
 }
@@ -1888,6 +2240,20 @@ find_bin_string(const void *blockarg, size_t blen, const void *pat, size_t plen)
 	return NULL;
 }
 
+/* store string in allocated memory */
+static uint8_t *
+pgpv_strdup(const char *s)
+{
+	uint8_t	*cp;
+	size_t	 len;
+
+	len = strlen(s);
+	if ((cp = calloc(len + 1, 1)) != NULL) {
+		memcpy(cp, s, len);
+	}
+	return cp;
+}
+
 #define SIGSTART	"-----BEGIN PGP SIGNATURE-----\n"
 #define SIGEND		"-----END PGP SIGNATURE-----\n"
 
@@ -1920,21 +2286,29 @@ read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename)
 	litdata.tag = LITDATA_PKT;
 	litdata.s.data = p;
 	litdata.u.litdata.offset = (size_t)(p - mem->mem);
-	litdata.u.litdata.filename = (uint8_t *)strdup(filename);
-	if ((p = find_bin_string(datastart = p, mem->size - litdata.offset, SIGSTART, strlen(SIGSTART))) == NULL) {
+	litdata.u.litdata.filename.data = pgpv_strdup(filename);
+	litdata.u.litdata.filename.allocated = 1;
+	if ((p = find_bin_string(datastart = p, mem->size - litdata.offset, SIGSTART, sizeof(SIGSTART) - 1)) == NULL) {
 		snprintf(cursor->why, sizeof(cursor->why),
 			"malformed armor - no sig - at %zu", (size_t)(p - mem->mem));
 		return 0;
 	}
 	litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart);
-	p += strlen(SIGSTART);
+	/* this puts p at the newline character, so it will find \n\n if no version */
+	p += strlen(SIGSTART) - 1;
 	if ((p = find_bin_string(p, mem->size, "\n\n",  2)) == NULL) {
 		snprintf(cursor->why, sizeof(cursor->why),
 			"malformed armed signature at %zu", (size_t)(p - mem->mem));
 		return 0;
 	}
 	p += 2;
-	sigend = find_bin_string(p, mem->size, SIGEND, strlen(SIGEND));
+	sigend = find_bin_string(p, mem->size, SIGEND, sizeof(SIGEND) - 1);
+	if (sigend == NULL) {
+		snprintf(cursor->why, sizeof(cursor->why),
+			"malformed armor - no end sig - at %zu",
+			(size_t)(p - mem->mem));
+		return 0;
+	}
 	binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig));
 
 	read_binary_memory(cursor->pgp, "signature", cons_onepass, 15);
@@ -2092,7 +2466,8 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 			/* XXX - check it's a good key expiry */
 			primary->primary.expiry = signature.keyexpiry;
 		}
-		ARRAY_APPEND(primary->direct_sigs, signature);
+		ARRAY_APPEND(primary->signatures, ARRAY_COUNT(pgp->signatures));
+		ARRAY_APPEND(pgp->signatures, signature);
 	}
 	/* some keys out there have user ids where they shouldn't */
 	do {
@@ -2100,7 +2475,8 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 			printf("recog_primary_key: not userid\n");
 			return 0;
 		}
-		ARRAY_APPEND(primary->signed_userids, userid);
+		ARRAY_APPEND(primary->signed_userids, ARRAY_COUNT(pgp->signed_userids));
+		ARRAY_APPEND(pgp->signed_userids, userid);
 		if (userid.primary_userid) {
 			primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1;
 		}
@@ -2109,7 +2485,8 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 				printf("recog_primary_key: not signed secondary userid\n");
 				return 0;
 			}
-			ARRAY_APPEND(primary->signed_userids, userid);
+			ARRAY_APPEND(primary->signed_userids, ARRAY_COUNT(pgp->signed_userids));
+			ARRAY_APPEND(pgp->signed_userids, userid);
 			if (userid.primary_userid) {
 				primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1;
 			}
@@ -2119,7 +2496,8 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 				printf("recog_primary_key: not signed user attribute\n");
 				return 0;
 			}
-			ARRAY_APPEND(primary->signed_userattrs, userattr);
+			ARRAY_APPEND(primary->signed_userattrs, ARRAY_COUNT(pgp->signed_userattrs));
+			ARRAY_APPEND(pgp->signed_userattrs, userattr);
 		}
 		while (pkt_is(pgp, PUB_SUBKEY_PKT)) {
 			if (!recog_subkey(pgp, &subkey)) {
@@ -2127,7 +2505,8 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 				return 0;
 			}
 			calc_keyid(&subkey.subkey, "sha1");
-			ARRAY_APPEND(primary->signed_subkeys, subkey);
+			ARRAY_APPEND(primary->signed_subkeys, ARRAY_COUNT(pgp->signed_subkeys));
+			ARRAY_APPEND(pgp->signed_subkeys, subkey);
 		}
 	} while (pgp->pkt < ARRAY_COUNT(pgp->pkts) && pkt_is(pgp, USERID_PKT));
 	primary->fmtsize = estimate_primarykey_size(primary);
@@ -2197,8 +2576,8 @@ getbignum(pgpv_bignum_t *bignum, bufgap_t *bg, char *buf, const char *header)
 	len = pgp_ntoh32(len);
 	(void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte);
 	(void) bufgap_getbin(bg, buf, len);
-	bignum->bn = BN_bin2bn((const uint8_t *)buf, (int)len, NULL);
-	bignum->bits = BN_num_bits(bignum->bn);
+	bignum->bn = PGPV_BN_bin2bn((const uint8_t *)buf, (int)len, NULL);
+	bignum->bits = PGPV_BN_num_bits(bignum->bn);
 	(void) bufgap_seek(bg, len, BGFromHere, BGByte);
 	return 1;
 }
@@ -2247,6 +2626,7 @@ read_ssh_file(pgpv_t *pgp, pgpv_primarykey_t *primary, const char *fmt, ...)
 	char			*space;
 	char		 	*buf;
 	char		 	*bin;
+	char			 newbuf[2048];
 	char			 f[1024];
 	int			 ok;
 	int			 cc;
@@ -2362,13 +2742,18 @@ read_ssh_file(pgpv_t *pgp, pgpv_primarykey_t *primary, const char *fmt, ...)
 				space + 1);
 		}
 		calc_keyid(pubkey, "sha1");
-		userid.userid.size = asprintf((char **)(void *)&userid.userid.data,
-						"%s (%s) %s",
-						hostname,
-						f,
-						owner);
-		ARRAY_APPEND(primary->signed_userids, userid);
-		primary->fmtsize = estimate_primarykey_size(primary) + 1024;
+		cc = snprintf(newbuf, sizeof(newbuf), "%s (%s) %s",
+			hostname, f, owner);
+		userid.userid.size = cc;
+		userid.userid.allocated = 1;
+		if ((userid.userid.data = calloc(1, cc + 1)) == NULL) {
+			ok = 0;
+		} else {
+			memcpy(userid.userid.data, newbuf, cc);
+			ARRAY_APPEND(primary->signed_userids, ARRAY_COUNT(pgp->signed_userids));
+			ARRAY_APPEND(pgp->signed_userids, userid);
+			primary->fmtsize = estimate_primarykey_size(primary) + 1024;
+		}
 	}
 	(void) free(bin);
 	(void) free(buf);
@@ -2429,7 +2814,8 @@ fixup_detached(pgpv_cursor_t *cursor, const char *f)
 	litdata.s.data = mem->mem;
 	litdata.u.litdata.format = LITDATA_BINARY;
 	litdata.u.litdata.offset = 0;
-	litdata.u.litdata.filename = (uint8_t *)strdup(original);
+	litdata.u.litdata.filename.data = pgpv_strdup(original);
+	litdata.u.litdata.filename.allocated = 1;
 	litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1;
 	litdata.u.litdata.len = litdata.s.size = mem->size;
 	ARRAY_APPEND(cursor->pgp->pkts, litdata);
@@ -2488,65 +2874,6 @@ match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pub
 	return 1;
 }
 
-/* check return value from getenv */
-static const char *
-nonnull_getenv(const char *key)
-{
-	char	*value;
-
-	return ((value = getenv(key)) == NULL) ? "" : value;
-}
-
-/************************************************************************/
-/* start of exported functions */
-/************************************************************************/
-
-/* close all stuff */
-int
-pgpv_close(pgpv_t *pgp)
-{
-	unsigned	i;
-
-	if (pgp == NULL) {
-		return 0;
-	}
-	for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) {
-		if (ARRAY_ELEMENT(pgp->areas, i).size > 0) {
-			closemem(&ARRAY_ELEMENT(pgp->areas, i));
-		}
-	}
-	return 1;
-}
-
-#define NO_SUBKEYS	0
-
-/* return the formatted entry for the primary key desired */
-size_t
-pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **s, const char *modifiers)
-{
-	unsigned	subkey;
-	unsigned	prim;
-	size_t		cc;
-
-	prim = ((ent >> 8) & 0xffffff);
-	subkey = (ent & 0xff);
-	if (s == NULL || pgp == NULL || prim >= ARRAY_COUNT(pgp->primaries)) {
-		return 0;
-	}
-	*s = NULL;
-	cc = ARRAY_ELEMENT(pgp->primaries, prim).fmtsize;
-	if (modifiers == NULL || (strcasecmp(modifiers, "trust") != 0 && strcasecmp(modifiers, "subkeys") != 0)) {
-		modifiers = "no-subkeys";
-	}
-	if (strcasecmp(modifiers, "trust") == 0) {
-		cc *= 2048;
-	}
-	if ((*s = calloc(1, cc)) == NULL) {
-		return 0;
-	}
-	return fmt_primary(*s, cc, &ARRAY_ELEMENT(pgp->primaries, prim), subkey, modifiers);
-}
-
 /* fixup key id, with birth, keyalg and hashalg value from signature */
 static int
 fixup_ssh_keyid(pgpv_t *pgp, pgpv_signature_t *signature, const char *hashtype)
@@ -2570,6 +2897,7 @@ find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid, unsigned *sub)
 	pgpv_primarykey_t	*prim;
 	unsigned		 i;
 	unsigned		 j;
+	uint64_t		 n;
 	uint8_t			 binkeyid[PGPV_KEYID_LEN];
 	size_t			 off;
 	size_t			 cmp;
@@ -2592,7 +2920,8 @@ find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid, unsigned *sub)
 			return i;
 		}
 		for (j = 0 ; j < ARRAY_COUNT(prim->signed_subkeys) ; j++) {
-			subkey = &ARRAY_ELEMENT(prim->signed_subkeys, j);
+			n = ARRAY_ELEMENT(prim->signed_subkeys, j);
+			subkey = &ARRAY_ELEMENT(pgp->signed_subkeys, n);
 			if (memcmp(&subkey->subkey.keyid[off], &binkeyid[off], cmp) == 0) {
 				*sub = j + 1;
 				return i;
@@ -2605,10 +2934,11 @@ find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid, unsigned *sub)
 
 /* match the signature with the id indexed by 'primary' */
 static int
-match_sig_id(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_litdata_t *litdata, unsigned primary, unsigned sub)
+match_sig_id(pgpv_cursor_t *cursor, pgpv_t *pgp, pgpv_signature_t *signature, pgpv_litdata_t *litdata, unsigned primary, unsigned sub)
 {
 	pgpv_primarykey_t	*prim;
 	pgpv_pubkey_t		*pubkey;
+	uint64_t		 n;
 	uint8_t			*data;
 	size_t			 insize;
 
@@ -2620,7 +2950,8 @@ match_sig_id(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_litdata_t
 		return match_sig(cursor, signature, pubkey, data, insize);
 	}
 	prim = &ARRAY_ELEMENT(cursor->pgp->primaries, primary);
-	pubkey = &ARRAY_ELEMENT(prim->signed_subkeys, sub - 1).subkey;
+	n = ARRAY_ELEMENT(prim->signed_subkeys, sub - 1);
+	pubkey = &ARRAY_ELEMENT(pgp->signed_subkeys, n).subkey;
 	return match_sig(cursor, signature, pubkey, data, insize);
 }
 
@@ -2654,6 +2985,153 @@ get_packet_type(uint8_t tag)
 	}
 }
 
+/* check return value from getenv */
+static const char *
+nonnull_getenv(const char *key)
+{
+	char	*value;
+
+	return ((value = getenv(key)) == NULL) ? "" : value;
+}
+
+/* free an array of bignums */
+static void
+free_bn_array(pgpv_bignum_t *v, unsigned n)
+{
+	unsigned	i;
+
+	for (i = 0 ; i < n ; i++) {
+		PGPV_BN_clear_free(v[i].bn);
+		v[i].bn = NULL;
+	}
+}
+
+/************************************************************************/
+/* start of exported functions */
+/************************************************************************/
+
+/* close all stuff */
+int
+pgpv_close(pgpv_t *pgp)
+{
+	pgpv_primarykey_t	*primary;
+	pgpv_pkt_t		*pkt;
+	uint64_t		 n;
+	unsigned		 i;
+	unsigned		 j;
+
+	if (pgp == NULL) {
+		return 0;
+	}
+	for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) {
+		if (ARRAY_ELEMENT(pgp->areas, i).size > 0) {
+			closemem(&ARRAY_ELEMENT(pgp->areas, i));
+		}
+	}
+        ARRAY_FREE(pgp->areas);
+        for (i = 0 ; i < ARRAY_COUNT(pgp->pkts) ; i++) {
+                pkt = &ARRAY_ELEMENT(pgp->pkts, i);
+                switch(pkt->tag) {
+                case SIGNATURE_PKT:
+                        ARRAY_FREE(pkt->u.sigpkt.subpackets);
+                        break;
+                case LITDATA_PKT:
+			if (pkt->u.litdata.filename.allocated) {
+				free(pkt->u.litdata.filename.data);
+			}
+                        break;
+		case PUBKEY_PKT:
+			free_bn_array(pkt->u.pubkey.bn, PGPV_MAX_PUBKEY_BN);
+			break;
+                case USERID_PKT:
+			if (pkt->u.userid.allocated) {
+				free(pkt->u.userid.data);
+			}
+                        break;
+                case USER_ATTRIBUTE_PKT:
+                        ARRAY_FREE(pkt->u.userattr.subattrs);
+                        break;
+                }
+        }
+        ARRAY_FREE(pgp->pkts);
+	for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) {
+		primary = &ARRAY_ELEMENT(pgp->primaries, i);
+		free_bn_array(primary->primary.bn, PGPV_MAX_PUBKEY_BN);
+		ARRAY_FREE(primary->signatures);
+		for (j = 0 ; j < ARRAY_COUNT(primary->signed_userids) ; j++) {
+			n = ARRAY_ELEMENT(primary->signed_userids, j);
+			ARRAY_FREE(ARRAY_ELEMENT(pgp->signed_userids, n).signatures);
+		}
+		ARRAY_FREE(primary->signed_userids);
+		ARRAY_FREE(primary->signed_userattrs);
+		ARRAY_FREE(primary->signed_subkeys);
+	}
+	for (i = 0 ; i < ARRAY_COUNT(pgp->signatures) ; i++) {
+		free_bn_array(ARRAY_ELEMENT(pgp->signatures, i).bn, PGPV_MAX_SIG_BN);
+	}
+	for (i = 0 ; i < ARRAY_COUNT(pgp->signed_subkeys) ; i++) {
+		free_bn_array(ARRAY_ELEMENT(pgp->signed_subkeys, i).subkey.bn, PGPV_MAX_SIG_BN);
+	}
+	ARRAY_FREE(pgp->primaries);
+	ARRAY_FREE(pgp->datastarts);
+	ARRAY_FREE(pgp->signatures);
+	ARRAY_FREE(pgp->signed_userids);
+	ARRAY_FREE(pgp->signed_userattrs);
+	ARRAY_FREE(pgp->signed_subkeys);
+	ARRAY_FREE(pgp->subpkts);
+	return 1;
+}
+
+/* free resources attached to cursor */
+int
+pgpv_cursor_close(pgpv_cursor_t *cursor)
+{
+	if (cursor) {
+		ARRAY_FREE(cursor->datacookies);
+		ARRAY_FREE(cursor->found);
+	}
+	return 0;
+}
+
+/* return the formatted entry for the primary key desired */
+size_t
+pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **s, const char *modifiers)
+{
+	unsigned	subkey;
+	unsigned	prim;
+	obuf_t		obuf;
+
+	prim = ((ent >> 8) & 0xffffff);
+	subkey = (ent & 0xff);
+	if (s == NULL || pgp == NULL || prim >= ARRAY_COUNT(pgp->primaries)) {
+		return 0;
+	}
+	*s = NULL;
+	if (modifiers == NULL || (strcasecmp(modifiers, "trust") != 0 && strcasecmp(modifiers, "subkeys") != 0)) {
+		modifiers = "no-subkeys";
+	}
+	memset(&obuf, 0x0, sizeof(obuf));
+	if (!fmt_primary(&obuf, pgp, &ARRAY_ELEMENT(pgp->primaries, prim), subkey, modifiers)) {
+		return 0;
+	}
+	*s = (char *)obuf.v;
+	return obuf.c;
+}
+
+/* make a new pgpv struct */
+pgpv_t *
+pgpv_new(void)
+{
+	return calloc(1, sizeof(pgpv_t));
+}
+
+/* make a new pgpv_cursor struct */
+pgpv_cursor_t *
+pgpv_new_cursor(void)
+{
+	return calloc(1, sizeof(pgpv_cursor_t));
+}
+
 /* get an element from the found array */
 int
 pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element)
@@ -2673,7 +3151,7 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 	pgpv_litdata_t		*litdata;
 	unsigned		 sub;
 	size_t			 pkt;
-	char			 strkeyid[PGPV_STR_KEYID_LEN];
+	obuf_t			 obuf;
 	int			 j;
 
 	if (cursor == NULL || pgp == NULL || p == NULL) {
@@ -2700,23 +3178,32 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 	signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig;
 	/* sanity check values in signature and onepass agree */
 	if (signature->birth == 0) {
-		fmt_time(cursor->why, sizeof(cursor->why), "Signature creation time [",
-			signature->birth, "] out of range", 0);
+		if (!fmt_time(&obuf, "Signature creation time [",
+				signature->birth, "] out of range", 0)) {
+		}
+		snprintf(cursor->why, sizeof(cursor->why), "%.*s", (int)obuf.c, (char *)obuf.v);
 		return 0;
 	}
+	memset(&obuf, 0x0, sizeof(obuf));
 	if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) {
-		fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid));
-		snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s does not match onepass keyid",
-			strkeyid);
+		if (!fmt_binary(&obuf, onepass->keyid, (unsigned)sizeof(onepass->keyid))) {
+			snprintf(cursor->why, sizeof(cursor->why), "Memory allocation failure");
+			return 0;
+		}
+		snprintf(cursor->why, sizeof(cursor->why),
+			"Signature key id %.*s does not match onepass keyid",
+			(int)obuf.c, (char *)obuf.v);
 		return 0;
 	}
 	if (onepass->hashalg != signature->hashalg) {
-		snprintf(cursor->why, sizeof(cursor->why), "Signature hashalg %u does not match onepass hashalg %u",
+		snprintf(cursor->why, sizeof(cursor->why),
+			"Signature hashalg %u does not match onepass hashalg %u",
 			signature->hashalg, onepass->hashalg);
 		return 0;
 	}
 	if (onepass->keyalg != signature->keyalg) {
-		snprintf(cursor->why, sizeof(cursor->why), "Signature keyalg %u does not match onepass keyalg %u",
+		snprintf(cursor->why, sizeof(cursor->why),
+			"Signature keyalg %u does not match onepass keyalg %u",
 			signature->keyalg, onepass->keyalg);
 		return 0;
 	}
@@ -2725,11 +3212,19 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 	}
 	sub = 0;
 	if ((j = find_keyid(cursor->pgp, NULL, onepass->keyid, &sub)) < 0) {
-		fmt_binary(strkeyid, sizeof(strkeyid), onepass->keyid, (unsigned)sizeof(onepass->keyid));
-		snprintf(cursor->why, sizeof(cursor->why), "Signature key id %s not found ", strkeyid);
+		if (!fmt_binary(&obuf, onepass->keyid, (unsigned)sizeof(onepass->keyid))) {
+			snprintf(cursor->why, sizeof(cursor->why), "Memory allocation failure");
+			return 0;
+		}
+		snprintf(cursor->why, sizeof(cursor->why),
+			"Signature key id %.*s not found ",
+			(int)obuf.c, (char *)obuf.v);
 		return 0;
 	}
-	if (!match_sig_id(cursor, signature, litdata, (unsigned)j, sub)) {
+	if (!match_sig_id(cursor, pgp, signature, litdata, (unsigned)j, sub)) {
+		snprintf(cursor->why, sizeof(cursor->why),
+			"Signature does not match %.*s",
+			(int)obuf.c, (char *)obuf.v);
 		return 0;
 	}
 	ARRAY_APPEND(cursor->datacookies, pkt);
@@ -2841,3 +3336,27 @@ pgpv_dump(pgpv_t *pgp, char **data)
 	}
 	return cc;
 }
+
+/* return cursor field as a number */
+int64_t
+pgpv_get_cursor_num(pgpv_cursor_t *cursor, const char *field)
+{
+	if (cursor && field) {
+		if (strcmp(field, "sigtime") == 0) {
+			return cursor->sigtime;
+		}
+	}
+	return 0;
+}
+
+/* return cursor field as a string */
+char *
+pgpv_get_cursor_str(pgpv_cursor_t *cursor, const char *field)
+{
+	if (cursor && field) {
+		if (strcmp(field, "why") == 0) {
+			return cursor->why;
+		}
+	}
+	return 0;
+}
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
index a632bd9ba..939ceaab0 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
@@ -49,10 +49,11 @@ ptime(int64_t secs)
 static void
 pentry(pgpv_t *pgp, int n, const char *modifiers)
 {
+	size_t	 cc;
 	char	*s;
 
-	pgpv_get_entry(pgp, (unsigned)n, &s, modifiers);
-	printf("%s", s);
+	cc = pgpv_get_entry(pgp, (unsigned)n, &s, modifiers);
+	fwrite(s, 1, cc, stdout);
 	free(s);
 }
 
@@ -88,41 +89,46 @@ getstdin(ssize_t *cc, size_t *size)
 static int
 verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc)
 {
-	pgpv_cursor_t	 cursor;
+	pgpv_cursor_t	*cursor;
 	const char	*modifiers;
 	size_t		 size;
 	size_t		 cookie;
 	char		*data;
 	int		 el;
+	int		 ok;
 
-	memset(&cursor, 0x0, sizeof(cursor));
+	cursor = pgpv_new_cursor();
+	ok = 0;
 	if (strcasecmp(cmd, "cat") == 0) {
-		if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
-			if ((size = pgpv_get_verified(&cursor, cookie, &data)) > 0) {
+		if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
+			if ((size = pgpv_get_verified(cursor, cookie, &data)) > 0) {
 				write(STDOUT_FILENO, data, size);
 			}
-			return 1;
+			ok = 1;
 		}
 	} else if (strcasecmp(cmd, "dump") == 0) {
-		if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
+		if ((cookie = pgpv_verify(cursor, pgp, in, cc)) != 0) {
 			size = pgpv_dump(pgp, &data);
 			write(STDOUT_FILENO, data, size);
-			return 1;
+			ok = 1;
 		}
 	} else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
 		modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
-		if (pgpv_verify(&cursor, pgp, in, cc)) {
+		if (pgpv_verify(cursor, pgp, in, cc)) {
 			printf("Good signature for %s made ", inname);
-			ptime(cursor.sigtime);
-			el = pgpv_get_cursor_element(&cursor, 0);
+			ptime(pgpv_get_cursor_num(cursor, "sigtime"));
+			el = pgpv_get_cursor_element(cursor, 0);
 			pentry(pgp, el, modifiers);
-			return 1;
+			ok = 1;
+		} else {
+			fprintf(stderr, "Signature did not match contents -- %s\n",
+				pgpv_get_cursor_str(cursor, "why"));
 		}
-		fprintf(stderr, "Signature did not match contents -- %s\n", cursor.why);
 	} else {
 		fprintf(stderr, "unrecognised command \"%s\"\n", cmd);
 	}
-	return 0;
+	pgpv_cursor_close(cursor);
+	return ok;
 }
 
 int
@@ -132,13 +138,13 @@ main(int argc, char **argv)
 	const char	*cmd;
 	ssize_t		 cc;
 	size_t		 size;
-	pgpv_t		 pgp;
+	pgpv_t		*pgp;
 	char		*in;
 	int		 ssh;
 	int		 ok;
 	int		 i;
 
-	memset(&pgp, 0x0, sizeof(pgp));
+	pgp = pgpv_new();
 	keyring = NULL;
 	ssh = 0;
 	ok = 1;
@@ -163,24 +169,24 @@ main(int argc, char **argv)
 		}
 	}
 	if (ssh) {
-		if (!pgpv_read_ssh_pubkeys(&pgp, keyring, -1)) {
+		if (!pgpv_read_ssh_pubkeys(pgp, keyring, -1)) {
 			fprintf(stderr, "can't read ssh keyring\n");
 			exit(EXIT_FAILURE);
 		}
-	} else if (!pgpv_read_pubring(&pgp, keyring, -1)) {
+	} else if (!pgpv_read_pubring(pgp, keyring, -1)) {
 		fprintf(stderr, "can't read keyring\n");
 		exit(EXIT_FAILURE);
 	}
 	if (optind == argc) {
 		in = getstdin(&cc, &size);
-		ok = verify_data(&pgp, cmd, "[stdin]", in, cc);
+		ok = verify_data(pgp, cmd, "[stdin]", in, cc);
 	} else {
 		for (ok = 1, i = optind ; i < argc ; i++) {
-			if (!verify_data(&pgp, cmd, argv[i], argv[i], -1)) {
+			if (!verify_data(pgp, cmd, argv[i], argv[i], -1)) {
 				ok = 0;
 			}
 		}
 	}
-	pgpv_close(&pgp);
+	pgpv_close(pgp);
 	exit((ok) ? EXIT_SUCCESS : EXIT_FAILURE);
 }
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5.h
index d6b7e6fe2..8615af467 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: md5.h,v 1.1 2014/03/09 00:15:45 agc Exp $	*/
+/*	$NetBSD: md5.h,v 1.2 2016/06/14 20:47:08 agc Exp $	*/
 
 /*
  * This file is derived from the RSA Data Security, Inc. MD5 Message-Digest
@@ -39,21 +39,31 @@
 #define MD5_DIGEST_LENGTH		16
 #define	MD5_DIGEST_STRING_LENGTH	33
 
+#ifndef __BEGIN_DECLS
+#  if defined(__cplusplus)
+#  define __BEGIN_DECLS           extern "C" {
+#  define __END_DECLS             }
+#  else
+#  define __BEGIN_DECLS
+#  define __END_DECLS
+#  endif
+#endif
+
 /* MD5 context. */
 typedef struct MD5Context {
 	uint32_t state[4];	/* state (ABCD) */
 	uint32_t count[2];	/* number of bits, modulo 2^64 (lsb first) */
 	unsigned char buffer[64]; /* input buffer */
-} MD5_CTX;
+} NETPGPV_MD5_CTX;
 
 __BEGIN_DECLS
-void	MD5Init(MD5_CTX *);
-void	MD5Update(MD5_CTX *, const unsigned char *, unsigned int);
-void	MD5Final(unsigned char[MD5_DIGEST_LENGTH], MD5_CTX *);
+void	netpgpv_MD5Init(NETPGPV_MD5_CTX *);
+void	netpgpv_MD5Update(NETPGPV_MD5_CTX *, const unsigned char *, unsigned int);
+void	netpgpv_MD5Final(unsigned char[MD5_DIGEST_LENGTH], NETPGPV_MD5_CTX *);
 #ifndef _KERNEL
-char	*MD5End(MD5_CTX *, char *);
-char	*MD5File(const char *, char *);
-char	*MD5Data(const unsigned char *, unsigned int, char *);
+char	*netpgpv_MD5End(NETPGPV_MD5_CTX *, char *);
+char	*netpgpv_MD5File(const char *, char *);
+char	*netpgpv_MD5Data(const unsigned char *, unsigned int, char *);
 #endif /* _KERNEL */
 __END_DECLS
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5c.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5c.c
index 4b2a06b23..9dcbdac7c 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5c.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/md5c.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: md5c.c,v 1.1 2014/03/09 00:15:45 agc Exp $	*/
+/*	$NetBSD: md5c.c,v 1.2 2016/06/14 20:47:08 agc Exp $	*/
 
 /*
  * This file is derived from the RSA Data Security, Inc. MD5 Message-Digest
@@ -29,7 +29,6 @@
  * documentation and/or software.
  */
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 #include <assert.h>
 #include <string.h>
@@ -155,7 +154,7 @@ static const unsigned char PADDING[64] = {
  * MD5 initialization. Begins an MD5 operation, writing a new context.
  */
 void
-MD5Init(MD5_CTX *context)
+netpgpv_MD5Init(NETPGPV_MD5_CTX *context)
 {
 
 	context->count[0] = context->count[1] = 0;
@@ -173,7 +172,7 @@ MD5Init(MD5_CTX *context)
  * context.
  */
 void
-MD5Update(MD5_CTX *context,
+netpgpv_MD5Update(NETPGPV_MD5_CTX *context,
 	const unsigned char *input,	/* input block */
 	unsigned int inputLen)		/* length of input block */
 {
@@ -211,8 +210,8 @@ MD5Update(MD5_CTX *context,
  * message digest and zeroing the context.
  */
 void
-MD5Final(unsigned char digest[16],	/* message digest */
-	MD5_CTX *context)		/* context */
+netpgpv_MD5Final(unsigned char digest[16],	/* message digest */
+	NETPGPV_MD5_CTX *context)		/* context */
 {
 	unsigned char bits[8];
 	unsigned int idx, padLen;
@@ -223,10 +222,10 @@ MD5Final(unsigned char digest[16],	/* message digest */
 	/* Pad out to 56 mod 64. */
 	idx = (unsigned int)((context->count[0] >> 3) & 0x3f);
 	padLen = (idx < 56) ? (56 - idx) : (120 - idx);
-	MD5Update (context, PADDING, padLen);
+	netpgpv_MD5Update (context, PADDING, padLen);
 
 	/* Append length (before padding) */
-	MD5Update(context, bits, 8);
+	netpgpv_MD5Update(context, bits, 8);
 
 	/* Store state in digest */
 	Encode(digest, context->state, 16);
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c
index b2de0f55b..42570f1b3 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c
@@ -24,7 +24,6 @@
  */
 #include <sys/types.h>
 #include <sys/param.h>
-#include <sys/syslog.h>
 
 #ifdef _KERNEL
 # include <sys/kmem.h>
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1 b/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
index 80e945c4a..1a6848c4b 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
@@ -1,4 +1,4 @@
-.\" $NetBSD: netpgpverify.1,v 1.9 2015/01/30 18:58:59 agc Exp $
+.\" $NetBSD: netpgpverify.1,v 1.11.4.1 2018/05/06 09:47:47 martin Exp $
 .\"
 .\" Copyright (c) 2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 15, 2015
+.Dd April 3, 2018
 .Dt NETPGPVERIFY 1
 .Os
 .Sh NAME
@@ -143,9 +143,16 @@ or 2 if any other error occurs.
 .\" .Xr libbz2 3 ,
 .Xr zlib 3
 .Sh STANDARDS
-The
-.Nm
-utility is designed to conform to IETF RFC 4880.
+.Rs
+.%A J. Callas
+.%A L. Donnerhacke
+.%A H. Finney
+.%A D. Shaw
+.%A R. Thayer
+.%D November 2007
+.%R RFC 4880
+.%T OpenPGP Message Format
+.Re
 .Sh HISTORY
 The
 .Nm
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/noversion.asc b/crypto/external/bsd/netpgp/dist/src/netpgpverify/noversion.asc
new file mode 100644
index 000000000..d719aef81
--- /dev/null
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/noversion.asc
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+bar
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAEBAgAGBQJXYEJcAAoJEBto3PzAWWgjk5cH/03A4/a+ywsnzZMncQ7H7rtu
+QiIWwyiJo28Xf5z3fL5WG6VKNJdPpx0TIthcxu0O1YgF6lvqqQbnNpfNbD+1h88+
+JCcqJfyVk38vsFPxdFTIOWjbEtHs9yyjUVk5tJQrxtTaSJbGtQIMHQXXfWAyKCn4
+0Zl+E2iWb6tXxxMaAkrCOipjC9knuTJJbG6oVZpujp7jOt+2bOWY+89+FhoGJ5tv
+XiOvqIUUSW5Iua+wBOmhb/iuNFUVrO8rS/7BpMLQmxbnLxWtwwSWIcyyg6BwiIvm
+8K5NmD3WKN97tPA1HYjk76SlLj254OVLDmTZua7ljqasl5PR9W+aUFIByDgQrGE=
+=90+m
+-----END PGP SIGNATURE-----
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/pgpsum.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/pgpsum.c
index fdf61a73c..524c1fbd3 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/pgpsum.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/pgpsum.c
@@ -41,6 +41,21 @@
 #define USE_ARG(x)	/*LINTED*/(void)&(x)
 #endif
 
+#undef swap16
+#undef swap32
+
+/* ignore any dash-escape at the start of a line */
+static void
+dash_escaped_update(digest_t *hash, uint8_t *in, size_t insize)
+{
+	if (insize >= 2 && memcmp(in, "- ", 2) == 0) {
+		in += 2;
+		insize -= 2;
+	}
+	digest_update(hash, in, insize);
+
+}
+
 /* add the ascii armor line endings (except for last line) */
 static size_t
 don_armor(digest_t *hash, uint8_t *in, size_t insize, int doarmor)
@@ -58,10 +73,10 @@ don_armor(digest_t *hash, uint8_t *in, size_t insize, int doarmor)
 				break;
 			}
 		}
-		digest_update(hash, from, (size_t)(newp - from));
+		dash_escaped_update(hash, from, (size_t)(newp - from));
 		digest_update(hash, dos_line_end, sizeof(dos_line_end));
 	}
-	digest_update(hash, from, insize - (size_t)(from - in));
+	dash_escaped_update(hash, from, insize - (size_t)(from - in));
 	return 1;
 }
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.c
index fae8fbf43..4176ecd38 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.c
@@ -1,4 +1,4 @@
-/* 	$NetBSD: rmd160.c,v 1.1 2014/03/09 00:15:45 agc Exp $ */
+/* 	$NetBSD: rmd160.c,v 1.2 2016/06/14 20:47:08 agc Exp $ */
 /*	$KAME: rmd160.c,v 1.2 2003/07/25 09:37:55 itojun Exp $	*/
 /*	$OpenBSD: rmd160.c,v 1.3 2001/09/26 21:40:13 markus Exp $	*/
 /*
@@ -30,8 +30,6 @@
  * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
  */
 
-#include <sys/cdefs.h>
-
 #include <string.h>
 
 #include <sys/types.h>
@@ -97,7 +95,7 @@ static const u_char PADDING[64] = {
 };
 
 void
-RMD160Init(RMD160_CTX *ctx)
+netpgpv_RMD160Init(NETPGPV_RMD160_CTX *ctx)
 {
 	ctx->count = 0;
 	ctx->state[0] = H0;
@@ -108,7 +106,7 @@ RMD160Init(RMD160_CTX *ctx)
 }
 
 void
-RMD160Update(RMD160_CTX *ctx, const u_char *input, uint32_t len)
+netpgpv_RMD160Update(NETPGPV_RMD160_CTX *ctx, const u_char *input, uint32_t len)
 {
 	uint32_t have, off, need;
 
@@ -120,13 +118,13 @@ RMD160Update(RMD160_CTX *ctx, const u_char *input, uint32_t len)
 	if (len >= need) {
 		if (have) {
 			memcpy(ctx->buffer + have, input, (size_t)need);
-			RMD160Transform(ctx->state, ctx->buffer);
+			netpgpv_RMD160Transform(ctx->state, ctx->buffer);
 			off = need;
 			have = 0;
 		}
 		/* now the buffer is empty */
 		while (off + 64 <= len) {
-			RMD160Transform(ctx->state, input+off);
+			netpgpv_RMD160Transform(ctx->state, input+off);
 			off += 64;
 		}
 	}
@@ -135,7 +133,7 @@ RMD160Update(RMD160_CTX *ctx, const u_char *input, uint32_t len)
 }
 
 void
-RMD160Final(u_char digest[20], RMD160_CTX *ctx)
+netpgpv_RMD160Final(u_char digest[20], NETPGPV_RMD160_CTX *ctx)
 {
 	int i;
 	u_char size[8];
@@ -150,8 +148,8 @@ RMD160Final(u_char digest[20], RMD160_CTX *ctx)
 	padlen = (uint32_t)(64 - ((ctx->count/8) % 64));
 	if (padlen < 1 + 8)
 		padlen += 64;
-	RMD160Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
-	RMD160Update(ctx, size, 8);
+	netpgpv_RMD160Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
+	netpgpv_RMD160Update(ctx, size, 8);
 
 	if (digest != NULL)
 		for (i = 0; i < 5; i++)
@@ -161,7 +159,7 @@ RMD160Final(u_char digest[20], RMD160_CTX *ctx)
 }
 
 void
-RMD160Transform(uint32_t state[5], const u_char block[64])
+netpgpv_RMD160Transform(uint32_t state[5], const u_char block[64])
 {
 	uint32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
 
@@ -170,8 +168,13 @@ RMD160Transform(uint32_t state[5], const u_char block[64])
 #else
 	int i;
 
-	for (i = 0; i < 16; i++)
-		x[i] = le32dec(block+i*4);
+	for (i = 0; i < 16; i++) {
+		x[i] = (uint32_t)(
+		    (uint32_t)(block[i*4 + 0]) |
+		    (uint32_t)(block[i*4 + 1]) <<  8 |
+		    (uint32_t)(block[i*4 + 2]) << 16 |
+		    (uint32_t)(block[i*4 + 3]) << 24);
+	}
 #endif
 
 	a = state[0];
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.h
index 8630045b4..0c5ba234a 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rmd160.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: rmd160.h,v 1.1 2014/03/09 00:15:45 agc Exp $	*/
+/*	$NetBSD: rmd160.h,v 1.2 2016/06/14 20:47:08 agc Exp $	*/
 /*	$KAME: rmd160.h,v 1.2 2003/07/25 09:37:55 itojun Exp $	*/
 /*	$OpenBSD: rmd160.h,v 1.3 2002/03/14 01:26:51 millert Exp $	*/
 /*
@@ -27,7 +27,6 @@
 #ifndef  _RMD160_H
 #define  _RMD160_H
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 
 #include <inttypes.h>
@@ -35,23 +34,33 @@
 #define RMD160_DIGEST_LENGTH		20
 #define RMD160_DIGEST_STRING_LENGTH	41
 
+#ifndef __BEGIN_DECLS
+#  if defined(__cplusplus)
+#  define __BEGIN_DECLS           extern "C" {
+#  define __END_DECLS             }
+#  else
+#  define __BEGIN_DECLS
+#  define __END_DECLS
+#  endif
+#endif
+
 /* RMD160 context. */
 typedef struct RMD160Context {
 	uint32_t state[5];	/* state */
 	uint64_t count;		/* number of bits, modulo 2^64 */
 	u_char buffer[64];	/* input buffer */
-} RMD160_CTX;
+} NETPGPV_RMD160_CTX;
 
 __BEGIN_DECLS
-void	 RMD160Init(RMD160_CTX *);
-void	 RMD160Transform(uint32_t [5], const u_char [64]);
-void	 RMD160Update(RMD160_CTX *, const u_char *, uint32_t);
-void	 RMD160Final(u_char [RMD160_DIGEST_LENGTH], RMD160_CTX *);
+void	 netpgpv_RMD160Init(NETPGPV_RMD160_CTX *);
+void	 netpgpv_RMD160Transform(uint32_t [5], const u_char [64]);
+void	 netpgpv_RMD160Update(NETPGPV_RMD160_CTX *, const u_char *, uint32_t);
+void	 netpgpv_RMD160Final(u_char [RMD160_DIGEST_LENGTH], NETPGPV_RMD160_CTX *);
 #ifndef _KERNEL
-char	*RMD160End(RMD160_CTX *, char *);
-char	*RMD160FileChunk(const char *, char *, off_t, off_t);
-char	*RMD160File(const char *, char *);
-char	*RMD160Data(const u_char *, size_t, char *);
+char	*netpgpv_RMD160End(NETPGPV_RMD160_CTX *, char *);
+char	*netpgpv_RMD160FileChunk(const char *, char *, off_t, off_t);
+char	*netpgpv_RMD160File(const char *, char *);
+char	*netpgpv_RMD160Data(const u_char *, size_t, char *);
 #endif /* _KERNEL */
 __END_DECLS
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c
index 0a8bc90c1..e18ab178a 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.c
@@ -25,7 +25,6 @@
 #include "config.h"
 
 #include <sys/types.h>
-#include <sys/syslog.h>
 
 #ifdef _KERNEL
 # include <sys/kmem.h>
@@ -64,8 +63,8 @@ rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int
 static int
 lowlevel_rsa_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa)
 {
-	BIGNUM	*decbn;
-	BIGNUM	*signedbn;
+	PGPV_BIGNUM	*decbn;
+	PGPV_BIGNUM	*signedbn;
 	uint8_t	*decbuf;
 	int	 nbytes;
 	int	 signc;
@@ -74,37 +73,37 @@ lowlevel_rsa_private_encrypt(int plainc, const unsigned char *plain, unsigned ch
 
 	decbuf = NULL;
 	r = -1;
-	decbn = BN_new();
-	signedbn = BN_new();
-	nbytes = BN_num_bytes(rsa->n);
+	decbn = PGPV_BN_new();
+	signedbn = PGPV_BN_new();
+	nbytes = PGPV_BN_num_bytes(rsa->n);
 	decbuf = netpgp_allocate(1, nbytes);
 	/* add no padding */
 	memcpy(decbuf, plain, plainc);
-	BN_bin2bn(decbuf, nbytes, decbn);
-	if (BN_cmp(decbn, rsa->n) >= 0) {
+	PGPV_BN_bin2bn(decbuf, nbytes, decbn);
+	if (PGPV_BN_cmp(decbn, rsa->n) >= 0) {
 		printf("decbn too big\n");
 		goto err;
 	}
-	if (!BN_mod_exp(signedbn, decbn, rsa->d, rsa->n, NULL)) {
+	if (!PGPV_BN_mod_exp(signedbn, decbn, rsa->d, rsa->n, NULL)) {
 		printf("bad mod_exp\n");
 		goto err;
 	}
-	signedbytes = BN_num_bytes(signedbn);
-	signc = BN_bn2bin(signedbn, &encbuf[nbytes - signedbytes]);
+	signedbytes = PGPV_BN_num_bytes(signedbn);
+	signc = PGPV_BN_bn2bin(signedbn, &encbuf[nbytes - signedbytes]);
 	memset(encbuf, 0x0, nbytes - signc);
 	r = nbytes;
 err:
 	netpgp_deallocate(decbuf, nbytes);
-	BN_clear_free(decbn);
-	BN_clear_free(signedbn);
+	PGPV_BN_clear_free(decbn);
+	PGPV_BN_clear_free(signedbn);
 	return r;
 }
 
 static int
 lowlevel_rsa_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa)
 {
-	BIGNUM	*decbn;
-	BIGNUM	*encbn;
+	PGPV_BIGNUM	*decbn;
+	PGPV_BIGNUM	*encbn;
 	uint8_t	*decbuf;
 	int	 nbytes;
 	int	 encc;
@@ -112,25 +111,25 @@ lowlevel_rsa_public_encrypt(int plainc, const unsigned char *plain, unsigned cha
 	int	 i;
 
 	r = -1;
-	decbn = BN_new();
-	encbn = BN_new();
-	nbytes = BN_num_bytes(rsa->n);
+	decbn = PGPV_BN_new();
+	encbn = PGPV_BN_new();
+	nbytes = PGPV_BN_num_bytes(rsa->n);
 	decbuf = netpgp_allocate(1, nbytes);
 	(void) memcpy(decbuf, plain, plainc);
-	if (BN_bin2bn(decbuf, nbytes, decbn) == NULL) {
+	if (PGPV_BN_bin2bn(decbuf, nbytes, decbn) == NULL) {
 		printf("bin2bn failed\n");
 		goto err;
 	}
-	if (BN_cmp(decbn, rsa->n) >= 0) {
-		printf("BN_cmp failed\n");
+	if (PGPV_BN_cmp(decbn, rsa->n) >= 0) {
+		printf("PGPV_BN_cmp failed\n");
 		goto err;
 	}
-	if (!BN_mod_exp(encbn, decbn, rsa->e, rsa->n, NULL)) {
-		printf("BN_mod_exp failed\n");
+	if (!PGPV_BN_mod_exp(encbn, decbn, rsa->e, rsa->n, NULL)) {
+		printf("PGPV_BN_mod_exp failed\n");
 		goto err;
 	}
-	encc = BN_num_bytes(encbn);
-	i = BN_bn2bin(encbn, &encbuf[nbytes - encc]);
+	encc = PGPV_BN_num_bytes(encbn);
+	i = PGPV_BN_bn2bin(encbn, &encbuf[nbytes - encc]);
 	(void) memset(encbuf, 0x0, nbytes - i);
 	r = nbytes;
 err:
@@ -138,16 +137,16 @@ err:
 		memset(decbuf, 0x0, nbytes);
 		netpgp_deallocate(decbuf, nbytes);
 	}
-	BN_clear_free(decbn);
-	BN_clear_free(encbn);
+	PGPV_BN_clear_free(decbn);
+	PGPV_BN_clear_free(encbn);
 	return r;
 }
 
 static int
 lowlevel_rsa_private_decrypt(int enclen, const unsigned char *encbuf, unsigned char *to, RSA *rsa)
 {
-	BIGNUM	*encbn;
-	BIGNUM	*decbn;
+	PGPV_BIGNUM	*encbn;
+	PGPV_BIGNUM	*decbn;
 	uint8_t	*buf;
 	int	 nbytes;
 	int	 j;
@@ -156,31 +155,31 @@ lowlevel_rsa_private_decrypt(int enclen, const unsigned char *encbuf, unsigned c
 	r = -1;
 	decbn = encbn = NULL;
 	buf = NULL;
-	if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
+	if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
 		return -1;
 	}
-	if (BN_cmp(rsa->n, rsa->e) <= 0) {
+	if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) {
 		return -1;
 	}
-	encbn = BN_new();
-	decbn = BN_new();
-	nbytes = BN_num_bytes(rsa->n);
+	encbn = PGPV_BN_new();
+	decbn = PGPV_BN_new();
+	nbytes = PGPV_BN_num_bytes(rsa->n);
 	buf = netpgp_allocate(1, nbytes);
 	if (enclen > nbytes) {
 		printf("bad enclen\n");
 		goto err;
 	}
-	BN_bin2bn(encbuf, enclen, encbn);
-	if (BN_cmp(encbn, rsa->n) >= 0) {
+	PGPV_BN_bin2bn(encbuf, enclen, encbn);
+	if (PGPV_BN_cmp(encbn, rsa->n) >= 0) {
 		printf("bad encbn\n");
 		goto err;
 	}
-	BN_mod_exp(decbn, encbn, rsa->d, rsa->n, NULL);
-	j = BN_bn2bin(decbn, buf);
+	PGPV_BN_mod_exp(decbn, encbn, rsa->d, rsa->n, NULL);
+	j = PGPV_BN_bn2bin(decbn, buf);
 	r = rsa_padding_check_none(to, nbytes, buf, j, nbytes);
 err:
-	BN_clear_free(encbn);
-	BN_clear_free(decbn);
+	PGPV_BN_clear_free(encbn);
+	PGPV_BN_clear_free(decbn);
 	netpgp_deallocate(buf, nbytes);
 	return r;
 }
@@ -189,8 +188,8 @@ static int
 lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa)
 {
 	uint8_t		*decbuf;
-	BIGNUM		*decbn;
-	BIGNUM		*encbn;
+	PGPV_BIGNUM		*decbn;
+	PGPV_BIGNUM		*encbn;
 	int		 decbytes;
 	int		 nbytes;
 	int		 r;
@@ -199,22 +198,22 @@ lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, con
 	r = -1;
 	decbuf = NULL;
 	decbn = encbn = NULL;
-	if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
+	if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
 		printf("rsa r modulus too large\n");
 		goto err;
 	}
-	if (BN_cmp(rsa->n, rsa->e) <= 0) {
+	if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) {
 		printf("rsa r bad n value\n");
 		goto err;
 	}
-	if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
-	    BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
+	if (PGPV_BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
+	    PGPV_BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
 		printf("rsa r bad exponent limit\n");
 		goto err;
 	}
-	if ((encbn = BN_new()) == NULL ||
-	    (decbn = BN_new()) == NULL ||
-	    (decbuf = netpgp_allocate(1, nbytes = BN_num_bytes(rsa->n))) == NULL) {
+	if ((encbn = PGPV_BN_new()) == NULL ||
+	    (decbn = PGPV_BN_new()) == NULL ||
+	    (decbuf = netpgp_allocate(1, nbytes = PGPV_BN_num_bytes(rsa->n))) == NULL) {
 		printf("allocation failure\n");
 		goto err;
 	}
@@ -222,26 +221,26 @@ lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, con
 		printf("rsa r > mod len\n");
 		goto err;
 	}
-	if (BN_bin2bn(encbuf, enclen, encbn) == NULL) {
+	if (PGPV_BN_bin2bn(encbuf, enclen, encbn) == NULL) {
 		printf("null encrypted BN\n");
 		goto err;
 	}
-	if (BN_cmp(encbn, rsa->n) >= 0) {
+	if (PGPV_BN_cmp(encbn, rsa->n) >= 0) {
 		printf("rsa r data too large for modulus\n");
 		goto err;
 	}
-	if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
-		printf("BN_mod_exp < 0\n");
+	if (PGPV_BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
+		printf("PGPV_BN_mod_exp < 0\n");
 		goto err;
 	}
-	decbytes = BN_num_bytes(decbn);
-	(void) BN_bn2bin(decbn, decbuf);
+	decbytes = PGPV_BN_num_bytes(decbn);
+	(void) PGPV_BN_bn2bin(decbn, decbuf);
 	if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) {
 		printf("rsa r padding check failed\n");
 	}
 err:
-	BN_free(encbn);
-	BN_free(decbn);
+	PGPV_BN_free(encbn);
+	PGPV_BN_free(decbn);
 	if (decbuf != NULL) {
 		(void) memset(decbuf, 0x0, nbytes);
 		netpgp_deallocate(decbuf, nbytes);
@@ -407,9 +406,9 @@ cleanup:
 static int
 dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig, mpi_dsa_t *dsa)
 {
-	BIGNUM		 *M;
-	BIGNUM		 *W;
-	BIGNUM		 *t1;
+	PGPV_BIGNUM		 *M;
+	PGPV_BIGNUM		 *W;
+	PGPV_BIGNUM		 *t1;
 	int		 ret = -1;
 	int		 qbits;
 
@@ -417,7 +416,7 @@ dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig
 		return 0;
 	}
 	M = W = t1 = NULL;
-	qbits = BN_num_bits(dsa->q);
+	qbits = PGPV_BN_num_bits(dsa->q);
 	switch(qbits) {
 	case 160:
 	case 224:
@@ -429,7 +428,7 @@ dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig
 		printf("dsa: bad # of Q bits\n");
 		return 0;
 	}
-	if (BN_num_bits(dsa->p) > DSA_MAX_MODULUS_BITS) {
+	if (PGPV_BN_num_bits(dsa->p) > DSA_MAX_MODULUS_BITS) {
 		printf("dsa: p too large\n");
 		return 0;
 	}
@@ -439,52 +438,52 @@ dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig
 		return 0;
 	}
 	ret = 0;
-	if ((M = BN_new()) == NULL ||
-	    (W = BN_new()) == NULL ||
-	    (t1 = BN_new()) == NULL) {
+	if ((M = PGPV_BN_new()) == NULL ||
+	    (W = PGPV_BN_new()) == NULL ||
+	    (t1 = PGPV_BN_new()) == NULL) {
 		goto err;
 	}
-	if (BN_is_zero(sig->r) ||
-	    BN_is_negative(sig->r) ||
-	    BN_cmp(sig->r, dsa->q) >= 0) {
+	if (PGPV_BN_is_zero(sig->r) ||
+	    PGPV_BN_is_negative(sig->r) ||
+	    PGPV_BN_cmp(sig->r, dsa->q) >= 0) {
 		goto err;
 	}
-	if (BN_is_zero(sig->s) ||
-	    BN_is_negative(sig->s) ||
-	    BN_cmp(sig->s, dsa->q) >= 0) {
+	if (PGPV_BN_is_zero(sig->s) ||
+	    PGPV_BN_is_negative(sig->s) ||
+	    PGPV_BN_cmp(sig->s, dsa->q) >= 0) {
 		goto err;
 	}
-	if (BN_mod_inverse(W, sig->s, dsa->q, NULL) != MP_OKAY) {
+	if (PGPV_BN_mod_inverse(W, sig->s, dsa->q, NULL) != MP_OKAY) {
 		goto err;
 	}
 	if (dgst_len > qbits / 8) {
 		dgst_len = qbits / 8;
 	}
-	if (BN_bin2bn(calculated, dgst_len, M) == NULL) {
+	if (PGPV_BN_bin2bn(calculated, dgst_len, M) == NULL) {
 		goto err;
 	}
-	if (!BN_mod_mul(M, M, W, dsa->q, NULL)) {
+	if (!PGPV_BN_mod_mul(M, M, W, dsa->q, NULL)) {
 		goto err;
 	}
-	if (!BN_mod_mul(W, sig->r, W, dsa->q, NULL)) {
+	if (!PGPV_BN_mod_mul(W, sig->r, W, dsa->q, NULL)) {
 		goto err;
 	}
-	if (!BN_mod_exp(dsa->p, t1, dsa->g, M, NULL)) {
+	if (!PGPV_BN_mod_exp(dsa->p, t1, dsa->g, M, NULL)) {
 		goto err;
 	}
-	if (!BN_div(NULL, M, t1, dsa->q, NULL)) {
+	if (!PGPV_BN_div(NULL, M, t1, dsa->q, NULL)) {
 		goto err;
 	}
-	ret = (BN_cmp(M, sig->r) == 0);
+	ret = (PGPV_BN_cmp(M, sig->r) == 0);
 err:
 	if (M) {
-		BN_free(M);
+		PGPV_BN_free(M);
 	}
 	if (W) {
-		BN_free(W);
+		PGPV_BN_free(W);
 	}
 	if (t1) {
-		BN_free(t1);
+		PGPV_BN_free(t1);
 	}
 	return ret;
 }
@@ -494,13 +493,13 @@ err:
 int
 RSA_size(const RSA *rsa)
 {
-	return (rsa == NULL) ? 0 : BN_num_bits(rsa->n);
+	return (rsa == NULL) ? 0 : PGPV_BN_num_bits(rsa->n);
 }
 
 int
 DSA_size(const DSA *dsa)
 {
-	return (dsa == NULL) ? 0 : BN_num_bits(dsa->p);
+	return (dsa == NULL) ? 0 : PGPV_BN_num_bits(dsa->p);
 }
 
 unsigned 
@@ -516,26 +515,26 @@ dsa_verify(const signature_t *signature, const dsa_pubkey_t *pubdsa, const uint8
 	}
 	(void) memset(&osig, 0x0, sizeof(osig));
 	(void) memset(&odsa, 0x0, sizeof(odsa));
-	BN_copy(osig.r, signature->dsa.r);
-	BN_copy(osig.s, signature->dsa.s);
+	PGPV_BN_copy(osig.r, signature->dsa.r);
+	PGPV_BN_copy(osig.s, signature->dsa.s);
 	odsa.p = pubdsa->p;
 	odsa.q = pubdsa->q;
 	odsa.g = pubdsa->g;
 	odsa.pub_key = pubdsa->y;
-	if ((qlen = BN_num_bytes(odsa.q)) < hash_length) {
+	if ((qlen = PGPV_BN_num_bytes(odsa.q)) < hash_length) {
 		hash_length = qlen;
 	}
 	ret = dsa_do_verify(calculated, (int)hash_length, &signature->dsa, &odsa);
 	if (ret < 0) {
 		return 0;
 	}
-	BN_free(odsa.p);
-	BN_free(odsa.q);
-	BN_free(odsa.g);
-	BN_free(odsa.pub_key);
+	PGPV_BN_free(odsa.p);
+	PGPV_BN_free(odsa.q);
+	PGPV_BN_free(odsa.g);
+	PGPV_BN_free(odsa.pub_key);
 	odsa.p = odsa.q = odsa.g = odsa.pub_key = NULL;
-	BN_free(osig.r);
-	BN_free(osig.s);
+	PGPV_BN_free(osig.r);
+	PGPV_BN_free(osig.s);
 	osig.r = osig.s = NULL;
 	return (unsigned)ret;
 }
@@ -557,7 +556,7 @@ RSA_free(RSA *rsa)
 int
 RSA_check_key(RSA *rsa)
 {
-	BIGNUM	*calcn;
+	PGPV_BIGNUM	*calcn;
 	int	 ret;
 
 	ret = 0;
@@ -565,19 +564,19 @@ RSA_check_key(RSA *rsa)
 		return -1;
 	}
 	/* check that p and q are coprime, and that n = p*q. */
-	if (!BN_is_prime(rsa->p, 1, NULL, NULL, NULL) ||
-	    !BN_is_prime(rsa->q, 1, NULL, NULL, NULL)) {
+	if (!PGPV_BN_is_prime(rsa->p, 1, NULL, NULL, NULL) ||
+	    !PGPV_BN_is_prime(rsa->q, 1, NULL, NULL, NULL)) {
 		return 0;
 	}
-	calcn = BN_new();
-        BN_mul(calcn, rsa->p, rsa->q, NULL);
-	if (BN_cmp(calcn, rsa->n) != 0) {
+	calcn = PGPV_BN_new();
+        PGPV_BN_mul(calcn, rsa->p, rsa->q, NULL);
+	if (PGPV_BN_cmp(calcn, rsa->n) != 0) {
 		goto errout;
 	}
 	/* XXX - check that d*e = 1 mod (p-1*q-1) */
 	ret = 1;
 errout:
-	BN_clear_free(calcn);
+	PGPV_BN_clear_free(calcn);
 	return ret;
 }
 
@@ -638,11 +637,11 @@ RSA_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA
 	}
 	USE_ARG(padding);
 	(void) memset(&pub, 0x0, sizeof(pub));
-	pub.n = BN_dup(rsa->n);
-	pub.e = BN_dup(rsa->e);
+	pub.n = PGPV_BN_dup(rsa->n);
+	pub.e = PGPV_BN_dup(rsa->e);
 	ret = lowlevel_rsa_public_decrypt(enc, enclen, dec, &pub);
-	BN_free(pub.n);
-	BN_free(pub.e);
+	PGPV_BN_free(pub.n);
+	PGPV_BN_free(pub.e);
 	return ret;
 }
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.h
index 739c9756d..1eb72d0fa 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/rsa.h
@@ -40,8 +40,8 @@
 __BEGIN_DECLS
 
 typedef struct rsa_pubkey_t {
-	BIGNUM		*n;	/* RSA public modulus n */
-	BIGNUM		*e;	/* RSA public encryption exponent e */
+	PGPV_BIGNUM		*n;	/* RSA public modulus n */
+	PGPV_BIGNUM		*e;	/* RSA public encryption exponent e */
 } rsa_pubkey_t;
 
 typedef struct mpi_rsa_t {
@@ -49,44 +49,44 @@ typedef struct mpi_rsa_t {
 	long		 f2;	/* openssl version */
 	const void	*f3;	/* openssl method */
 	void		*f4;	/* openssl engine */
-	BIGNUM		*n;
-	BIGNUM		*e;
-	BIGNUM		*d;
-	BIGNUM		*p;
-	BIGNUM		*q;
-	BIGNUM		*dmp1;
-	BIGNUM		*dmq1;
-	BIGNUM		*iqmp;
+	PGPV_BIGNUM		*n;
+	PGPV_BIGNUM		*e;
+	PGPV_BIGNUM		*d;
+	PGPV_BIGNUM		*p;
+	PGPV_BIGNUM		*q;
+	PGPV_BIGNUM		*dmp1;
+	PGPV_BIGNUM		*dmq1;
+	PGPV_BIGNUM		*iqmp;
 } mpi_rsa_t;
 
 #define RSA	mpi_rsa_t
 
 typedef struct dsa_pubkey_t {
-	BIGNUM		*p;	/* DSA public modulus n */
-	BIGNUM		*q;	/* DSA public encryption exponent e */
-	BIGNUM		*g;
-	BIGNUM		*y;
+	PGPV_BIGNUM		*p;	/* DSA public modulus n */
+	PGPV_BIGNUM		*q;	/* DSA public encryption exponent e */
+	PGPV_BIGNUM		*g;
+	PGPV_BIGNUM		*y;
 } dsa_pubkey_t;
 
 typedef struct mpi_dsa_t {
-	BIGNUM		*p;
-	BIGNUM		*q;
-	BIGNUM		*g;
-	BIGNUM		*y;
-	BIGNUM		*x;
-	BIGNUM		*pub_key;
-	BIGNUM		*priv_key;
+	PGPV_BIGNUM		*p;
+	PGPV_BIGNUM		*q;
+	PGPV_BIGNUM		*g;
+	PGPV_BIGNUM		*y;
+	PGPV_BIGNUM		*x;
+	PGPV_BIGNUM		*pub_key;
+	PGPV_BIGNUM		*priv_key;
 } mpi_dsa_t;
 
 #define DSA	mpi_dsa_t
 
 typedef struct rsasig_t {
-	BIGNUM		*sig;			/* mpi which is actual signature */
+	PGPV_BIGNUM		*sig;			/* mpi which is actual signature */
 } rsasig_t;
 
 typedef struct dsasig_t {
-	BIGNUM		*r;			/* mpi which is actual signature */
-	BIGNUM		*s;			/* mpi which is actual signature */
+	PGPV_BIGNUM		*r;			/* mpi which is actual signature */
+	PGPV_BIGNUM		*s;			/* mpi which is actual signature */
 } dsasig_t;
 
 #define DSA_SIG		dsasig_t
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.c
index 66334e722..bcecc9f6f 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: sha1.c,v 1.1 2014/03/09 00:15:45 agc Exp $	*/
+/*	$NetBSD: sha1.c,v 1.2 2016/06/14 20:47:08 agc Exp $	*/
 /*	$OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $	*/
 
 /*
@@ -17,8 +17,6 @@
 
 #define SHA1HANDSOFF		/* Copies data before messing with it. */
 
-#include <sys/cdefs.h>
-
 #include <string.h>
 
 #include <sys/types.h>
@@ -119,7 +117,7 @@ do_R4(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LON
 /*
  * Hash a single 512-bit block. This is the core of the algorithm.
  */
-void SHA1Transform(uint32_t state[5], const uint8_t buffer[64])
+void netpgpv_SHA1Transform(uint32_t state[5], const uint8_t buffer[64])
 {
     uint32_t a, b, c, d, e;
     CHAR64LONG16 *block;
@@ -186,7 +184,7 @@ void SHA1Transform(uint32_t state[5], const uint8_t buffer[64])
 /*
  * SHA1Init - Initialize new context
  */
-void SHA1Init(SHA1_CTX *context)
+void netpgpv_SHA1Init(NETPGPV_SHA1_CTX *context)
 {
 
     /* SHA1 initialization constants */
@@ -202,7 +200,7 @@ void SHA1Init(SHA1_CTX *context)
 /*
  * Run your data through this.
  */
-void SHA1Update(SHA1_CTX *context, const uint8_t *data, unsigned int len)
+void netpgpv_SHA1Update(NETPGPV_SHA1_CTX *context, const uint8_t *data, unsigned int len)
 {
     unsigned int i, j;
 
@@ -212,9 +210,9 @@ void SHA1Update(SHA1_CTX *context, const uint8_t *data, unsigned int len)
     j = (j >> 3) & 63;
     if ((j + len) > 63) {
 	(void)memcpy(&context->buffer[j], data, (i = 64-j));
-	SHA1Transform(context->state, context->buffer);
+	netpgpv_SHA1Transform(context->state, context->buffer);
 	for ( ; i + 63 < len; i += 64)
-	    SHA1Transform(context->state, &data[i]);
+	    netpgpv_SHA1Transform(context->state, &data[i]);
 	j = 0;
     } else {
 	i = 0;
@@ -226,7 +224,7 @@ void SHA1Update(SHA1_CTX *context, const uint8_t *data, unsigned int len)
 /*
  * Add padding and return the message digest.
  */
-void SHA1Final(uint8_t digest[20], SHA1_CTX *context)
+void netpgpv_SHA1Final(uint8_t digest[20], NETPGPV_SHA1_CTX *context)
 {
     unsigned int i;
     uint8_t finalcount[8];
@@ -235,10 +233,10 @@ void SHA1Final(uint8_t digest[20], SHA1_CTX *context)
 	finalcount[i] = (uint8_t)((context->count[(i >= 4 ? 0 : 1)]
 	 >> ((3-(i & 3)) * 8) ) & 255);	 /* Endian independent */
     }
-    SHA1Update(context, (const uint8_t *)"\200", 1);
+    netpgpv_SHA1Update(context, (const uint8_t *)"\200", 1);
     while ((context->count[0] & 504) != 448)
-	SHA1Update(context, (const uint8_t *)"\0", 1);
-    SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
+	netpgpv_SHA1Update(context, (const uint8_t *)"\0", 1);
+    netpgpv_SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
 
     if (digest) {
 	for (i = 0; i < 20; i++)
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.h
index faebb97c8..0a6357359 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha1.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: sha1.h,v 1.1 2014/03/09 00:15:45 agc Exp $	*/
+/*	$NetBSD: sha1.h,v 1.2 2016/06/14 20:47:08 agc Exp $	*/
 
 /*
  * SHA-1 in C
@@ -9,7 +9,6 @@
 #ifndef _SYS_SHA1_H_
 #define	_SYS_SHA1_H_
 
-#include <sys/cdefs.h>
 #include <sys/types.h>
 
 #include <inttypes.h>
@@ -17,22 +16,32 @@
 #define SHA1_DIGEST_LENGTH		20
 #define SHA1_DIGEST_STRING_LENGTH	41
 
+#ifndef __BEGIN_DECLS
+#  if defined(__cplusplus)
+#  define __BEGIN_DECLS           extern "C" {
+#  define __END_DECLS             }
+#  else
+#  define __BEGIN_DECLS
+#  define __END_DECLS
+#  endif
+#endif
+
 typedef struct {
 	uint32_t state[5];
 	uint32_t count[2];
 	uint8_t buffer[64];
-} SHA1_CTX;
+} NETPGPV_SHA1_CTX;
 
 __BEGIN_DECLS
-void	SHA1Transform(uint32_t[5], const uint8_t[64]);
-void	SHA1Init(SHA1_CTX *);
-void	SHA1Update(SHA1_CTX *, const uint8_t *, unsigned int);
-void	SHA1Final(uint8_t[SHA1_DIGEST_LENGTH], SHA1_CTX *);
+void	netpgpv_SHA1Transform(uint32_t[5], const uint8_t[64]);
+void	netpgpv_SHA1Init(NETPGPV_SHA1_CTX *);
+void	netpgpv_SHA1Update(NETPGPV_SHA1_CTX *, const uint8_t *, unsigned int);
+void	netpgpv_SHA1Final(uint8_t[SHA1_DIGEST_LENGTH], NETPGPV_SHA1_CTX *);
 #ifndef _KERNEL
-char	*SHA1End(SHA1_CTX *, char *);
-char	*SHA1FileChunk(const char *, char *, off_t, off_t);
-char	*SHA1File(const char *, char *);
-char	*SHA1Data(const uint8_t *, size_t, char *);
+char	*netpgpv_SHA1End(NETPGPV_SHA1_CTX *, char *);
+char	*netpgpv_SHA1FileChunk(const char *, char *, off_t, off_t);
+char	*netpgpv_SHA1File(const char *, char *);
+char	*netpgpv_SHA1Data(const uint8_t *, size_t, char *);
 #endif /* _KERNEL */
 __END_DECLS
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.c
index f69f8d9ee..998a80986 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.c
@@ -1,4 +1,4 @@
-/* $NetBSD: sha2.c,v 1.1 2014/03/09 00:15:45 agc Exp $ */
+/* $NetBSD: sha2.c,v 1.2 2016/06/14 20:47:08 agc Exp $ */
 /*	$KAME: sha2.c,v 1.9 2003/07/20 00:28:38 itojun Exp $	*/
 
 /*
@@ -36,8 +36,6 @@
  *
  */
 
-#include <sys/cdefs.h>
-
 #include <sys/types.h>
 
 #include <inttypes.h>
@@ -161,11 +159,11 @@ be64toh(uint64_t x)
  * library -- they are intended for private internal visibility/use
  * only.
  */
-static void SHA512_Last(SHA512_CTX *);
-void SHA224_Transform(SHA224_CTX *, const uint32_t*);
-void SHA256_Transform(SHA256_CTX *, const uint32_t*);
-void SHA384_Transform(SHA384_CTX *, const uint64_t*);
-void SHA512_Transform(SHA512_CTX *, const uint64_t*);
+static void netpgpv_SHA512_Last(NETPGPV_SHA512_CTX *);
+void netpgpv_SHA224_Transform(NETPGPV_SHA224_CTX *, const uint32_t*);
+void netpgpv_SHA256_Transform(NETPGPV_SHA256_CTX *, const uint32_t*);
+void netpgpv_SHA384_Transform(NETPGPV_SHA384_CTX *, const uint64_t*);
+void netpgpv_SHA512_Transform(NETPGPV_SHA512_CTX *, const uint64_t*);
 
 
 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
@@ -283,7 +281,7 @@ static const uint64_t sha512_initial_hash_value[8] = {
 
 /*** SHA-256: *********************************************************/
 int
-SHA256_Init(SHA256_CTX *context)
+netpgpv_SHA256_Init(NETPGPV_SHA256_CTX *context)
 {
 	if (context == NULL)
 		return 1;
@@ -321,7 +319,7 @@ SHA256_Init(SHA256_CTX *context)
 	j++
 
 void 
-SHA256_Transform(SHA256_CTX *context, const uint32_t *data)
+netpgpv_SHA256_Transform(NETPGPV_SHA256_CTX *context, const uint32_t *data)
 {
 	uint32_t	a, b, c, d, e, f, g, h, s0, s1;
 	uint32_t	T1, *W256;
@@ -381,7 +379,7 @@ SHA256_Transform(SHA256_CTX *context, const uint32_t *data)
 #else /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA256_Transform(SHA256_CTX *context, const uint32_t *data)
+netpgpv_SHA256_Transform(NETPGPV_SHA256_CTX *context, const uint32_t *data)
 {
 	uint32_t	a, b, c, d, e, f, g, h, s0, s1;
 	uint32_t	T1, T2, *W256;
@@ -458,7 +456,7 @@ SHA256_Transform(SHA256_CTX *context, const uint32_t *data)
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 int
-SHA256_Update(SHA256_CTX *context, const uint8_t *data, size_t len)
+netpgpv_SHA256_Update(NETPGPV_SHA256_CTX *context, const uint8_t *data, size_t len)
 {
 	unsigned int	freespace, usedspace;
 
@@ -480,7 +478,7 @@ SHA256_Update(SHA256_CTX *context, const uint8_t *data, size_t len)
 			context->bitcount += freespace << 3;
 			len -= freespace;
 			data += freespace;
-			SHA256_Transform(context,
+			netpgpv_SHA256_Transform(context,
 			    (uint32_t *)(void *)context->buffer);
 		} else {
 			/* The buffer is not yet full */
@@ -500,7 +498,7 @@ SHA256_Update(SHA256_CTX *context, const uint8_t *data, size_t len)
 	 */
 	if ((uintptr_t)data % 4 == 0) {
 		while (len >= SHA256_BLOCK_LENGTH) {
-			SHA256_Transform(context,
+			netpgpv_SHA256_Transform(context,
 			    (const uint32_t *)(const void *)data);
 			context->bitcount += SHA256_BLOCK_LENGTH << 3;
 			len -= SHA256_BLOCK_LENGTH;
@@ -509,7 +507,7 @@ SHA256_Update(SHA256_CTX *context, const uint8_t *data, size_t len)
 	} else {
 		while (len >= SHA256_BLOCK_LENGTH) {
 			memcpy(context->buffer, data, SHA256_BLOCK_LENGTH);
-			SHA256_Transform(context,
+			netpgpv_SHA256_Transform(context,
 			    (const uint32_t *)(const void *)context->buffer);
 			context->bitcount += SHA256_BLOCK_LENGTH << 3;
 			len -= SHA256_BLOCK_LENGTH;
@@ -528,7 +526,7 @@ SHA256_Update(SHA256_CTX *context, const uint8_t *data, size_t len)
 }
 
 static int
-SHA224_256_Final(uint8_t digest[], SHA256_CTX *context, size_t len)
+netpgpv_SHA224_256_Final(uint8_t digest[], NETPGPV_SHA256_CTX *context, size_t len)
 {
 	unsigned int	usedspace;
 	size_t i;
@@ -554,7 +552,7 @@ SHA224_256_Final(uint8_t digest[], SHA256_CTX *context, size_t len)
 					    usedspace));
 				}
 				/* Do second-to-last transform: */
-				SHA256_Transform(context,
+				netpgpv_SHA256_Transform(context,
 				    (uint32_t *)(void *)context->buffer);
 
 				/* And set-up for the last transform: */
@@ -574,7 +572,7 @@ SHA224_256_Final(uint8_t digest[], SHA256_CTX *context, size_t len)
 		    &context->bitcount, sizeof(context->bitcount));
 
 		/* Final transform: */
-		SHA256_Transform(context, (uint32_t *)(void *)context->buffer);
+		netpgpv_SHA256_Transform(context, (uint32_t *)(void *)context->buffer);
 
 		for (i = 0; i < len / 4; i++)
 			be32encode(digest + 4 * i, context->state[i]);
@@ -588,14 +586,14 @@ SHA224_256_Final(uint8_t digest[], SHA256_CTX *context, size_t len)
 }
 
 int
-SHA256_Final(uint8_t digest[], SHA256_CTX *context)
+netpgpv_SHA256_Final(uint8_t digest[], NETPGPV_SHA256_CTX *context)
 {
-	return SHA224_256_Final(digest, context, SHA256_DIGEST_LENGTH);
+	return netpgpv_SHA224_256_Final(digest, context, SHA256_DIGEST_LENGTH);
 }
 
 /*** SHA-224: *********************************************************/
 int 
-SHA224_Init(SHA224_CTX *context)
+netpgpv_SHA224_Init(NETPGPV_SHA224_CTX *context)
 {
 	if (context == NULL)
 		return 1;
@@ -610,27 +608,27 @@ SHA224_Init(SHA224_CTX *context)
 }
 
 int
-SHA224_Update(SHA224_CTX *context, const uint8_t *data, size_t len)
+netpgpv_SHA224_Update(NETPGPV_SHA224_CTX *context, const uint8_t *data, size_t len)
 {
-	return SHA256_Update((SHA256_CTX *)context, data, len);
+	return netpgpv_SHA256_Update((NETPGPV_SHA256_CTX *)context, data, len);
 }
 
 void
-SHA224_Transform(SHA224_CTX *context, const uint32_t *data)
+netpgpv_SHA224_Transform(NETPGPV_SHA224_CTX *context, const uint32_t *data)
 {
-	SHA256_Transform((SHA256_CTX *)context, data);
+	netpgpv_SHA256_Transform((NETPGPV_SHA256_CTX *)context, data);
 }
 
 int
-SHA224_Final(uint8_t digest[], SHA224_CTX *context)
+netpgpv_SHA224_Final(uint8_t digest[], NETPGPV_SHA224_CTX *context)
 {
-	return SHA224_256_Final(digest, (SHA256_CTX *)context,
+	return netpgpv_SHA224_256_Final(digest, (NETPGPV_SHA256_CTX *)context,
 	    SHA224_DIGEST_LENGTH);
 }
 
 /*** SHA-512: *********************************************************/
 int
-SHA512_Init(SHA512_CTX *context)
+netpgpv_SHA512_Init(NETPGPV_SHA512_CTX *context)
 {
 	if (context == NULL)
 		return 1;
@@ -667,7 +665,7 @@ SHA512_Init(SHA512_CTX *context)
 	j++
 
 void
-SHA512_Transform(SHA512_CTX *context, const uint64_t *data)
+netpgpv_SHA512_Transform(NETPGPV_SHA512_CTX *context, const uint64_t *data)
 {
 	uint64_t	a, b, c, d, e, f, g, h, s0, s1;
 	uint64_t	T1, *W512 = (uint64_t *)context->buffer;
@@ -724,7 +722,7 @@ SHA512_Transform(SHA512_CTX *context, const uint64_t *data)
 #else /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA512_Transform(SHA512_CTX *context, const uint64_t *data)
+netpgpv_SHA512_Transform(NETPGPV_SHA512_CTX *context, const uint64_t *data)
 {
 	uint64_t	a, b, c, d, e, f, g, h, s0, s1;
 	uint64_t	T1, T2, *W512 = (void *)context->buffer;
@@ -799,7 +797,7 @@ SHA512_Transform(SHA512_CTX *context, const uint64_t *data)
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 int
-SHA512_Update(SHA512_CTX *context, const uint8_t *data, size_t len)
+netpgpv_SHA512_Update(NETPGPV_SHA512_CTX *context, const uint8_t *data, size_t len)
 {
 	unsigned int	freespace, usedspace;
 
@@ -821,7 +819,7 @@ SHA512_Update(SHA512_CTX *context, const uint8_t *data, size_t len)
 			ADDINC128(context->bitcount, freespace << 3);
 			len -= freespace;
 			data += freespace;
-			SHA512_Transform(context,
+			netpgpv_SHA512_Transform(context,
 			    (uint64_t *)(void *)context->buffer);
 		} else {
 			/* The buffer is not yet full */
@@ -841,7 +839,7 @@ SHA512_Update(SHA512_CTX *context, const uint8_t *data, size_t len)
 	 */
 	if ((uintptr_t)data % 8 == 0) {
 		while (len >= SHA512_BLOCK_LENGTH) {
-			SHA512_Transform(context,
+			netpgpv_SHA512_Transform(context,
 			    (const uint64_t*)(const void *)data);
 			ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
 			len -= SHA512_BLOCK_LENGTH;
@@ -850,7 +848,7 @@ SHA512_Update(SHA512_CTX *context, const uint8_t *data, size_t len)
 	} else {
 		while (len >= SHA512_BLOCK_LENGTH) {
 			memcpy(context->buffer, data, SHA512_BLOCK_LENGTH);
-			SHA512_Transform(context,
+			netpgpv_SHA512_Transform(context,
 			    (const void *)context->buffer);
 			ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
 			len -= SHA512_BLOCK_LENGTH;
@@ -869,7 +867,7 @@ SHA512_Update(SHA512_CTX *context, const uint8_t *data, size_t len)
 }
 
 static void
-SHA512_Last(SHA512_CTX *context)
+netpgpv_SHA512_Last(NETPGPV_SHA512_CTX *context)
 {
 	unsigned int	usedspace;
 
@@ -890,7 +888,7 @@ SHA512_Last(SHA512_CTX *context)
 				    (size_t)(SHA512_BLOCK_LENGTH - usedspace));
 			}
 			/* Do second-to-last transform: */
-			SHA512_Transform(context,
+			netpgpv_SHA512_Transform(context,
 			    (uint64_t *)(void *)context->buffer);
 
 			/* And set-up for the last transform: */
@@ -911,17 +909,17 @@ SHA512_Last(SHA512_CTX *context)
 	    &context->bitcount[0], sizeof(context->bitcount[0]));
 
 	/* Final transform: */
-	SHA512_Transform(context, (uint64_t *)(void *)context->buffer);
+	netpgpv_SHA512_Transform(context, (uint64_t *)(void *)context->buffer);
 }
 
 int
-SHA512_Final(uint8_t digest[], SHA512_CTX *context)
+netpgpv_SHA512_Final(uint8_t digest[], NETPGPV_SHA512_CTX *context)
 {
 	size_t i;
 
 	/* If no digest buffer is passed, we don't bother doing this: */
 	if (digest != NULL) {
-		SHA512_Last(context);
+		netpgpv_SHA512_Last(context);
 
 		/* Save the hash data for output: */
 		for (i = 0; i < 8; ++i)
@@ -936,7 +934,7 @@ SHA512_Final(uint8_t digest[], SHA512_CTX *context)
 
 /*** SHA-384: *********************************************************/
 int
-SHA384_Init(SHA384_CTX *context)
+netpgpv_SHA384_Init(NETPGPV_SHA384_CTX *context)
 {
 	if (context == NULL)
 		return 1;
@@ -950,25 +948,25 @@ SHA384_Init(SHA384_CTX *context)
 }
 
 int
-SHA384_Update(SHA384_CTX *context, const uint8_t *data, size_t len)
+netpgpv_SHA384_Update(NETPGPV_SHA384_CTX *context, const uint8_t *data, size_t len)
 {
-	return SHA512_Update((SHA512_CTX *)context, data, len);
+	return netpgpv_SHA512_Update((NETPGPV_SHA512_CTX *)context, data, len);
 }
 
 void
-SHA384_Transform(SHA512_CTX *context, const uint64_t *data)
+netpgpv_SHA384_Transform(NETPGPV_SHA512_CTX *context, const uint64_t *data)
 {
-	SHA512_Transform((SHA512_CTX *)context, data);
+	netpgpv_SHA512_Transform((NETPGPV_SHA512_CTX *)context, data);
 }
 
 int
-SHA384_Final(uint8_t digest[], SHA384_CTX *context)
+netpgpv_SHA384_Final(uint8_t digest[], NETPGPV_SHA384_CTX *context)
 {
 	size_t i;
 
 	/* If no digest buffer is passed, we don't bother doing this: */
 	if (digest != NULL) {
-		SHA512_Last((SHA512_CTX *)context);
+		netpgpv_SHA512_Last((NETPGPV_SHA512_CTX *)context);
 
 		/* Save the hash data for output: */
 		for (i = 0; i < 6; ++i)
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.h
index b04d2b720..e9a5c5994 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/sha2.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: sha2.h,v 1.1 2014/03/09 00:15:45 agc Exp $	*/
+/*	$NetBSD: sha2.h,v 1.2 2016/06/14 20:47:08 agc Exp $	*/
 /*	$KAME: sha2.h,v 1.4 2003/07/20 00:28:38 itojun Exp $	*/
 
 /*
@@ -40,7 +40,6 @@
 #define __SHA2_H__
 
 #include <sys/types.h>
-#include <sys/cdefs.h>
 
 /*** SHA-224/256/384/512 Various Length Definitions ***********************/
 #define SHA224_BLOCK_LENGTH		64
@@ -56,64 +55,73 @@
 #define SHA512_DIGEST_LENGTH		64
 #define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
 
+#ifndef __BEGIN_DECLS
+#  if defined(__cplusplus)
+#  define __BEGIN_DECLS           extern "C" {
+#  define __END_DECLS             }
+#  else
+#  define __BEGIN_DECLS
+#  define __END_DECLS
+#  endif
+#endif
 
 /*** SHA-256/384/512 Context Structures *******************************/
-typedef struct _SHA256_CTX {
+typedef struct _NETPGPV_SHA256_CTX {
 	uint32_t	state[8];
 	uint64_t	bitcount;
 	uint8_t	buffer[SHA256_BLOCK_LENGTH];
-} SHA256_CTX;
+} NETPGPV_SHA256_CTX;
 
-typedef struct _SHA512_CTX {
+typedef struct _NETPGPV_SHA512_CTX {
 	uint64_t	state[8];
 	uint64_t	bitcount[2];
 	uint8_t	buffer[SHA512_BLOCK_LENGTH];
-} SHA512_CTX;
+} NETPGPV_SHA512_CTX;
 
-typedef SHA256_CTX SHA224_CTX;
-typedef SHA512_CTX SHA384_CTX;
+typedef NETPGPV_SHA256_CTX NETPGPV_SHA224_CTX;
+typedef NETPGPV_SHA512_CTX NETPGPV_SHA384_CTX;
 
 
 /*** SHA-256/384/512 Function Prototypes ******************************/
 __BEGIN_DECLS
-int SHA224_Init(SHA224_CTX *);
-int SHA224_Update(SHA224_CTX*, const uint8_t*, size_t);
-int SHA224_Final(uint8_t[SHA224_DIGEST_LENGTH], SHA224_CTX*);
+int netpgpv_SHA224_Init(NETPGPV_SHA224_CTX *);
+int netpgpv_SHA224_Update(NETPGPV_SHA224_CTX*, const uint8_t*, size_t);
+int netpgpv_SHA224_Final(uint8_t[SHA224_DIGEST_LENGTH], NETPGPV_SHA224_CTX*);
 #ifndef _KERNEL
-char *SHA224_End(SHA224_CTX *, char[SHA224_DIGEST_STRING_LENGTH]);
-char *SHA224_FileChunk(const char *, char *, off_t, off_t);
-char *SHA224_File(const char *, char *);
-char *SHA224_Data(const uint8_t *, size_t, char[SHA224_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA224_End(NETPGPV_SHA224_CTX *, char[SHA224_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA224_FileChunk(const char *, char *, off_t, off_t);
+char *netpgpv_SHA224_File(const char *, char *);
+char *netpgpv_SHA224_Data(const uint8_t *, size_t, char[SHA224_DIGEST_STRING_LENGTH]);
 #endif /* !_KERNEL */
 
-int SHA256_Init(SHA256_CTX *);
-int SHA256_Update(SHA256_CTX*, const uint8_t*, size_t);
-int SHA256_Final(uint8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+int netpgpv_SHA256_Init(NETPGPV_SHA256_CTX *);
+int netpgpv_SHA256_Update(NETPGPV_SHA256_CTX*, const uint8_t*, size_t);
+int netpgpv_SHA256_Final(uint8_t[SHA256_DIGEST_LENGTH], NETPGPV_SHA256_CTX*);
 #ifndef _KERNEL
-char *SHA256_End(SHA256_CTX *, char[SHA256_DIGEST_STRING_LENGTH]);
-char *SHA256_FileChunk(const char *, char *, off_t, off_t);
-char *SHA256_File(const char *, char *);
-char *SHA256_Data(const uint8_t *, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA256_End(NETPGPV_SHA256_CTX *, char[SHA256_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA256_FileChunk(const char *, char *, off_t, off_t);
+char *netpgpv_SHA256_File(const char *, char *);
+char *netpgpv_SHA256_Data(const uint8_t *, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
 #endif /* !_KERNEL */
 
-int SHA384_Init(SHA384_CTX*);
-int SHA384_Update(SHA384_CTX*, const uint8_t*, size_t);
-int SHA384_Final(uint8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+int netpgpv_SHA384_Init(NETPGPV_SHA384_CTX*);
+int netpgpv_SHA384_Update(NETPGPV_SHA384_CTX*, const uint8_t*, size_t);
+int netpgpv_SHA384_Final(uint8_t[SHA384_DIGEST_LENGTH], NETPGPV_SHA384_CTX*);
 #ifndef _KERNEL
-char *SHA384_End(SHA384_CTX *, char[SHA384_DIGEST_STRING_LENGTH]);
-char *SHA384_FileChunk(const char *, char *, off_t, off_t);
-char *SHA384_File(const char *, char *);
-char *SHA384_Data(const uint8_t *, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA384_End(NETPGPV_SHA384_CTX *, char[SHA384_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA384_FileChunk(const char *, char *, off_t, off_t);
+char *netpgpv_SHA384_File(const char *, char *);
+char *netpgpv_SHA384_Data(const uint8_t *, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
 #endif /* !_KERNEL */
 
-int SHA512_Init(SHA512_CTX*);
-int SHA512_Update(SHA512_CTX*, const uint8_t*, size_t);
-int SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+int netpgpv_SHA512_Init(NETPGPV_SHA512_CTX*);
+int netpgpv_SHA512_Update(NETPGPV_SHA512_CTX*, const uint8_t*, size_t);
+int netpgpv_SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], NETPGPV_SHA512_CTX*);
 #ifndef _KERNEL
-char *SHA512_End(SHA512_CTX *, char[SHA512_DIGEST_STRING_LENGTH]);
-char *SHA512_FileChunk(const char *, char *, off_t, off_t);
-char *SHA512_File(const char *, char *);
-char *SHA512_Data(const uint8_t *, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA512_End(NETPGPV_SHA512_CTX *, char[SHA512_DIGEST_STRING_LENGTH]);
+char *netpgpv_SHA512_FileChunk(const char *, char *, off_t, off_t);
+char *netpgpv_SHA512_File(const char *, char *);
+char *netpgpv_SHA512_Data(const uint8_t *, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
 #endif /* !_KERNEL */
 __END_DECLS
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.c
index 18abd0167..e69de29bb 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.c
@@ -1,906 +0,0 @@
-#include <sys/types.h>
-
-#include <errno.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "tiger.h"
-
-#ifndef IS_LITTLE_ENDIAN
-#define IS_LITTLE_ENDIAN(x)  (*(char *)(void *)&x)
-#define IS_BIG_ENDIAN(x)     !(*(char *)(void *)&x)
-#endif
-
-#define BSWAP64(x)	((((x) & 0xffULL) << 56) |			\
-			 (((x) & 0xff00ULL) << 40) |			\
-			 (((x) & 0xff0000ULL) << 24) |			\
-			 (((x) & 0xff000000ULL) << 8) |			\
-			 (((x) & 0xff00000000ULL) >> 8) |		\
-			 (((x) & 0xff0000000000ULL) >> 24) |		\
-			 (((x) & 0xff000000000000ULL) >> 40) |		\
-			 (((x) & 0xff00000000000000ULL) >> 56))
-
-/* sboxes.c: Tiger S boxes */
-static uint64_t table[4*256] = {
-	0x02AAB17CF7E90C5ELL   /*    0 */,    0xAC424B03E243A8ECLL   /*    1 */,
-	0x72CD5BE30DD5FCD3LL   /*    2 */,    0x6D019B93F6F97F3ALL   /*    3 */,
-	0xCD9978FFD21F9193LL   /*    4 */,    0x7573A1C9708029E2LL   /*    5 */,
-	0xB164326B922A83C3LL   /*    6 */,    0x46883EEE04915870LL   /*    7 */,
-	0xEAACE3057103ECE6LL   /*    8 */,    0xC54169B808A3535CLL   /*    9 */,
-	0x4CE754918DDEC47CLL   /*   10 */,    0x0AA2F4DFDC0DF40CLL   /*   11 */,
-	0x10B76F18A74DBEFALL   /*   12 */,    0xC6CCB6235AD1AB6ALL   /*   13 */,
-	0x13726121572FE2FFLL   /*   14 */,    0x1A488C6F199D921ELL   /*   15 */,
-	0x4BC9F9F4DA0007CALL   /*   16 */,    0x26F5E6F6E85241C7LL   /*   17 */,
-	0x859079DBEA5947B6LL   /*   18 */,    0x4F1885C5C99E8C92LL   /*   19 */,
-	0xD78E761EA96F864BLL   /*   20 */,    0x8E36428C52B5C17DLL   /*   21 */,
-	0x69CF6827373063C1LL   /*   22 */,    0xB607C93D9BB4C56ELL   /*   23 */,
-	0x7D820E760E76B5EALL   /*   24 */,    0x645C9CC6F07FDC42LL   /*   25 */,
-	0xBF38A078243342E0LL   /*   26 */,    0x5F6B343C9D2E7D04LL   /*   27 */,
-	0xF2C28AEB600B0EC6LL   /*   28 */,    0x6C0ED85F7254BCACLL   /*   29 */,
-	0x71592281A4DB4FE5LL   /*   30 */,    0x1967FA69CE0FED9FLL   /*   31 */,
-	0xFD5293F8B96545DBLL   /*   32 */,    0xC879E9D7F2A7600BLL   /*   33 */,
-	0x860248920193194ELL   /*   34 */,    0xA4F9533B2D9CC0B3LL   /*   35 */,
-	0x9053836C15957613LL   /*   36 */,    0xDB6DCF8AFC357BF1LL   /*   37 */,
-	0x18BEEA7A7A370F57LL   /*   38 */,    0x037117CA50B99066LL   /*   39 */,
-	0x6AB30A9774424A35LL   /*   40 */,    0xF4E92F02E325249BLL   /*   41 */,
-	0x7739DB07061CCAE1LL   /*   42 */,    0xD8F3B49CECA42A05LL   /*   43 */,
-	0xBD56BE3F51382F73LL   /*   44 */,    0x45FAED5843B0BB28LL   /*   45 */,
-	0x1C813D5C11BF1F83LL   /*   46 */,    0x8AF0E4B6D75FA169LL   /*   47 */,
-	0x33EE18A487AD9999LL   /*   48 */,    0x3C26E8EAB1C94410LL   /*   49 */,
-	0xB510102BC0A822F9LL   /*   50 */,    0x141EEF310CE6123BLL   /*   51 */,
-	0xFC65B90059DDB154LL   /*   52 */,    0xE0158640C5E0E607LL   /*   53 */,
-	0x884E079826C3A3CFLL   /*   54 */,    0x930D0D9523C535FDLL   /*   55 */,
-	0x35638D754E9A2B00LL   /*   56 */,    0x4085FCCF40469DD5LL   /*   57 */,
-	0xC4B17AD28BE23A4CLL   /*   58 */,    0xCAB2F0FC6A3E6A2ELL   /*   59 */,
-	0x2860971A6B943FCDLL   /*   60 */,    0x3DDE6EE212E30446LL   /*   61 */,
-	0x6222F32AE01765AELL   /*   62 */,    0x5D550BB5478308FELL   /*   63 */,
-	0xA9EFA98DA0EDA22ALL   /*   64 */,    0xC351A71686C40DA7LL   /*   65 */,
-	0x1105586D9C867C84LL   /*   66 */,    0xDCFFEE85FDA22853LL   /*   67 */,
-	0xCCFBD0262C5EEF76LL   /*   68 */,    0xBAF294CB8990D201LL   /*   69 */,
-	0xE69464F52AFAD975LL   /*   70 */,    0x94B013AFDF133E14LL   /*   71 */,
-	0x06A7D1A32823C958LL   /*   72 */,    0x6F95FE5130F61119LL   /*   73 */,
-	0xD92AB34E462C06C0LL   /*   74 */,    0xED7BDE33887C71D2LL   /*   75 */,
-	0x79746D6E6518393ELL   /*   76 */,    0x5BA419385D713329LL   /*   77 */,
-	0x7C1BA6B948A97564LL   /*   78 */,    0x31987C197BFDAC67LL   /*   79 */,
-	0xDE6C23C44B053D02LL   /*   80 */,    0x581C49FED002D64DLL   /*   81 */,
-	0xDD474D6338261571LL   /*   82 */,    0xAA4546C3E473D062LL   /*   83 */,
-	0x928FCE349455F860LL   /*   84 */,    0x48161BBACAAB94D9LL   /*   85 */,
-	0x63912430770E6F68LL   /*   86 */,    0x6EC8A5E602C6641CLL   /*   87 */,
-	0x87282515337DDD2BLL   /*   88 */,    0x2CDA6B42034B701BLL   /*   89 */,
-	0xB03D37C181CB096DLL   /*   90 */,    0xE108438266C71C6FLL   /*   91 */,
-	0x2B3180C7EB51B255LL   /*   92 */,    0xDF92B82F96C08BBCLL   /*   93 */,
-	0x5C68C8C0A632F3BALL   /*   94 */,    0x5504CC861C3D0556LL   /*   95 */,
-	0xABBFA4E55FB26B8FLL   /*   96 */,    0x41848B0AB3BACEB4LL   /*   97 */,
-	0xB334A273AA445D32LL   /*   98 */,    0xBCA696F0A85AD881LL   /*   99 */,
-	0x24F6EC65B528D56CLL   /*  100 */,    0x0CE1512E90F4524ALL   /*  101 */,
-	0x4E9DD79D5506D35ALL   /*  102 */,    0x258905FAC6CE9779LL   /*  103 */,
-	0x2019295B3E109B33LL   /*  104 */,    0xF8A9478B73A054CCLL   /*  105 */,
-	0x2924F2F934417EB0LL   /*  106 */,    0x3993357D536D1BC4LL   /*  107 */,
-	0x38A81AC21DB6FF8BLL   /*  108 */,    0x47C4FBF17D6016BFLL   /*  109 */,
-	0x1E0FAADD7667E3F5LL   /*  110 */,    0x7ABCFF62938BEB96LL   /*  111 */,
-	0xA78DAD948FC179C9LL   /*  112 */,    0x8F1F98B72911E50DLL   /*  113 */,
-	0x61E48EAE27121A91LL   /*  114 */,    0x4D62F7AD31859808LL   /*  115 */,
-	0xECEBA345EF5CEAEBLL   /*  116 */,    0xF5CEB25EBC9684CELL   /*  117 */,
-	0xF633E20CB7F76221LL   /*  118 */,    0xA32CDF06AB8293E4LL   /*  119 */,
-	0x985A202CA5EE2CA4LL   /*  120 */,    0xCF0B8447CC8A8FB1LL   /*  121 */,
-	0x9F765244979859A3LL   /*  122 */,    0xA8D516B1A1240017LL   /*  123 */,
-	0x0BD7BA3EBB5DC726LL   /*  124 */,    0xE54BCA55B86ADB39LL   /*  125 */,
-	0x1D7A3AFD6C478063LL   /*  126 */,    0x519EC608E7669EDDLL   /*  127 */,
-	0x0E5715A2D149AA23LL   /*  128 */,    0x177D4571848FF194LL   /*  129 */,
-	0xEEB55F3241014C22LL   /*  130 */,    0x0F5E5CA13A6E2EC2LL   /*  131 */,
-	0x8029927B75F5C361LL   /*  132 */,    0xAD139FABC3D6E436LL   /*  133 */,
-	0x0D5DF1A94CCF402FLL   /*  134 */,    0x3E8BD948BEA5DFC8LL   /*  135 */,
-	0xA5A0D357BD3FF77ELL   /*  136 */,    0xA2D12E251F74F645LL   /*  137 */,
-	0x66FD9E525E81A082LL   /*  138 */,    0x2E0C90CE7F687A49LL   /*  139 */,
-	0xC2E8BCBEBA973BC5LL   /*  140 */,    0x000001BCE509745FLL   /*  141 */,
-	0x423777BBE6DAB3D6LL   /*  142 */,    0xD1661C7EAEF06EB5LL   /*  143 */,
-	0xA1781F354DAACFD8LL   /*  144 */,    0x2D11284A2B16AFFCLL   /*  145 */,
-	0xF1FC4F67FA891D1FLL   /*  146 */,    0x73ECC25DCB920ADALL   /*  147 */,
-	0xAE610C22C2A12651LL   /*  148 */,    0x96E0A810D356B78ALL   /*  149 */,
-	0x5A9A381F2FE7870FLL   /*  150 */,    0xD5AD62EDE94E5530LL   /*  151 */,
-	0xD225E5E8368D1427LL   /*  152 */,    0x65977B70C7AF4631LL   /*  153 */,
-	0x99F889B2DE39D74FLL   /*  154 */,    0x233F30BF54E1D143LL   /*  155 */,
-	0x9A9675D3D9A63C97LL   /*  156 */,    0x5470554FF334F9A8LL   /*  157 */,
-	0x166ACB744A4F5688LL   /*  158 */,    0x70C74CAAB2E4AEADLL   /*  159 */,
-	0xF0D091646F294D12LL   /*  160 */,    0x57B82A89684031D1LL   /*  161 */,
-	0xEFD95A5A61BE0B6BLL   /*  162 */,    0x2FBD12E969F2F29ALL   /*  163 */,
-	0x9BD37013FEFF9FE8LL   /*  164 */,    0x3F9B0404D6085A06LL   /*  165 */,
-	0x4940C1F3166CFE15LL   /*  166 */,    0x09542C4DCDF3DEFBLL   /*  167 */,
-	0xB4C5218385CD5CE3LL   /*  168 */,    0xC935B7DC4462A641LL   /*  169 */,
-	0x3417F8A68ED3B63FLL   /*  170 */,    0xB80959295B215B40LL   /*  171 */,
-	0xF99CDAEF3B8C8572LL   /*  172 */,    0x018C0614F8FCB95DLL   /*  173 */,
-	0x1B14ACCD1A3ACDF3LL   /*  174 */,    0x84D471F200BB732DLL   /*  175 */,
-	0xC1A3110E95E8DA16LL   /*  176 */,    0x430A7220BF1A82B8LL   /*  177 */,
-	0xB77E090D39DF210ELL   /*  178 */,    0x5EF4BD9F3CD05E9DLL   /*  179 */,
-	0x9D4FF6DA7E57A444LL   /*  180 */,    0xDA1D60E183D4A5F8LL   /*  181 */,
-	0xB287C38417998E47LL   /*  182 */,    0xFE3EDC121BB31886LL   /*  183 */,
-	0xC7FE3CCC980CCBEFLL   /*  184 */,    0xE46FB590189BFD03LL   /*  185 */,
-	0x3732FD469A4C57DCLL   /*  186 */,    0x7EF700A07CF1AD65LL   /*  187 */,
-	0x59C64468A31D8859LL   /*  188 */,    0x762FB0B4D45B61F6LL   /*  189 */,
-	0x155BAED099047718LL   /*  190 */,    0x68755E4C3D50BAA6LL   /*  191 */,
-	0xE9214E7F22D8B4DFLL   /*  192 */,    0x2ADDBF532EAC95F4LL   /*  193 */,
-	0x32AE3909B4BD0109LL   /*  194 */,    0x834DF537B08E3450LL   /*  195 */,
-	0xFA209DA84220728DLL   /*  196 */,    0x9E691D9B9EFE23F7LL   /*  197 */,
-	0x0446D288C4AE8D7FLL   /*  198 */,    0x7B4CC524E169785BLL   /*  199 */,
-	0x21D87F0135CA1385LL   /*  200 */,    0xCEBB400F137B8AA5LL   /*  201 */,
-	0x272E2B66580796BELL   /*  202 */,    0x3612264125C2B0DELL   /*  203 */,
-	0x057702BDAD1EFBB2LL   /*  204 */,    0xD4BABB8EACF84BE9LL   /*  205 */,
-	0x91583139641BC67BLL   /*  206 */,    0x8BDC2DE08036E024LL   /*  207 */,
-	0x603C8156F49F68EDLL   /*  208 */,    0xF7D236F7DBEF5111LL   /*  209 */,
-	0x9727C4598AD21E80LL   /*  210 */,    0xA08A0896670A5FD7LL   /*  211 */,
-	0xCB4A8F4309EBA9CBLL   /*  212 */,    0x81AF564B0F7036A1LL   /*  213 */,
-	0xC0B99AA778199ABDLL   /*  214 */,    0x959F1EC83FC8E952LL   /*  215 */,
-	0x8C505077794A81B9LL   /*  216 */,    0x3ACAAF8F056338F0LL   /*  217 */,
-	0x07B43F50627A6778LL   /*  218 */,    0x4A44AB49F5ECCC77LL   /*  219 */,
-	0x3BC3D6E4B679EE98LL   /*  220 */,    0x9CC0D4D1CF14108CLL   /*  221 */,
-	0x4406C00B206BC8A0LL   /*  222 */,    0x82A18854C8D72D89LL   /*  223 */,
-	0x67E366B35C3C432CLL   /*  224 */,    0xB923DD61102B37F2LL   /*  225 */,
-	0x56AB2779D884271DLL   /*  226 */,    0xBE83E1B0FF1525AFLL   /*  227 */,
-	0xFB7C65D4217E49A9LL   /*  228 */,    0x6BDBE0E76D48E7D4LL   /*  229 */,
-	0x08DF828745D9179ELL   /*  230 */,    0x22EA6A9ADD53BD34LL   /*  231 */,
-	0xE36E141C5622200ALL   /*  232 */,    0x7F805D1B8CB750EELL   /*  233 */,
-	0xAFE5C7A59F58E837LL   /*  234 */,    0xE27F996A4FB1C23CLL   /*  235 */,
-	0xD3867DFB0775F0D0LL   /*  236 */,    0xD0E673DE6E88891ALL   /*  237 */,
-	0x123AEB9EAFB86C25LL   /*  238 */,    0x30F1D5D5C145B895LL   /*  239 */,
-	0xBB434A2DEE7269E7LL   /*  240 */,    0x78CB67ECF931FA38LL   /*  241 */,
-	0xF33B0372323BBF9CLL   /*  242 */,    0x52D66336FB279C74LL   /*  243 */,
-	0x505F33AC0AFB4EAALL   /*  244 */,    0xE8A5CD99A2CCE187LL   /*  245 */,
-	0x534974801E2D30BBLL   /*  246 */,    0x8D2D5711D5876D90LL   /*  247 */,
-	0x1F1A412891BC038ELL   /*  248 */,    0xD6E2E71D82E56648LL   /*  249 */,
-	0x74036C3A497732B7LL   /*  250 */,    0x89B67ED96361F5ABLL   /*  251 */,
-	0xFFED95D8F1EA02A2LL   /*  252 */,    0xE72B3BD61464D43DLL   /*  253 */,
-	0xA6300F170BDC4820LL   /*  254 */,    0xEBC18760ED78A77ALL   /*  255 */,
-	0xE6A6BE5A05A12138LL   /*  256 */,    0xB5A122A5B4F87C98LL   /*  257 */,
-	0x563C6089140B6990LL   /*  258 */,    0x4C46CB2E391F5DD5LL   /*  259 */,
-	0xD932ADDBC9B79434LL   /*  260 */,    0x08EA70E42015AFF5LL   /*  261 */,
-	0xD765A6673E478CF1LL   /*  262 */,    0xC4FB757EAB278D99LL   /*  263 */,
-	0xDF11C6862D6E0692LL   /*  264 */,    0xDDEB84F10D7F3B16LL   /*  265 */,
-	0x6F2EF604A665EA04LL   /*  266 */,    0x4A8E0F0FF0E0DFB3LL   /*  267 */,
-	0xA5EDEEF83DBCBA51LL   /*  268 */,    0xFC4F0A2A0EA4371ELL   /*  269 */,
-	0xE83E1DA85CB38429LL   /*  270 */,    0xDC8FF882BA1B1CE2LL   /*  271 */,
-	0xCD45505E8353E80DLL   /*  272 */,    0x18D19A00D4DB0717LL   /*  273 */,
-	0x34A0CFEDA5F38101LL   /*  274 */,    0x0BE77E518887CAF2LL   /*  275 */,
-	0x1E341438B3C45136LL   /*  276 */,    0xE05797F49089CCF9LL   /*  277 */,
-	0xFFD23F9DF2591D14LL   /*  278 */,    0x543DDA228595C5CDLL   /*  279 */,
-	0x661F81FD99052A33LL   /*  280 */,    0x8736E641DB0F7B76LL   /*  281 */,
-	0x15227725418E5307LL   /*  282 */,    0xE25F7F46162EB2FALL   /*  283 */,
-	0x48A8B2126C13D9FELL   /*  284 */,    0xAFDC541792E76EEALL   /*  285 */,
-	0x03D912BFC6D1898FLL   /*  286 */,    0x31B1AAFA1B83F51BLL   /*  287 */,
-	0xF1AC2796E42AB7D9LL   /*  288 */,    0x40A3A7D7FCD2EBACLL   /*  289 */,
-	0x1056136D0AFBBCC5LL   /*  290 */,    0x7889E1DD9A6D0C85LL   /*  291 */,
-	0xD33525782A7974AALL   /*  292 */,    0xA7E25D09078AC09BLL   /*  293 */,
-	0xBD4138B3EAC6EDD0LL   /*  294 */,    0x920ABFBE71EB9E70LL   /*  295 */,
-	0xA2A5D0F54FC2625CLL   /*  296 */,    0xC054E36B0B1290A3LL   /*  297 */,
-	0xF6DD59FF62FE932BLL   /*  298 */,    0x3537354511A8AC7DLL   /*  299 */,
-	0xCA845E9172FADCD4LL   /*  300 */,    0x84F82B60329D20DCLL   /*  301 */,
-	0x79C62CE1CD672F18LL   /*  302 */,    0x8B09A2ADD124642CLL   /*  303 */,
-	0xD0C1E96A19D9E726LL   /*  304 */,    0x5A786A9B4BA9500CLL   /*  305 */,
-	0x0E020336634C43F3LL   /*  306 */,    0xC17B474AEB66D822LL   /*  307 */,
-	0x6A731AE3EC9BAAC2LL   /*  308 */,    0x8226667AE0840258LL   /*  309 */,
-	0x67D4567691CAECA5LL   /*  310 */,    0x1D94155C4875ADB5LL   /*  311 */,
-	0x6D00FD985B813FDFLL   /*  312 */,    0x51286EFCB774CD06LL   /*  313 */,
-	0x5E8834471FA744AFLL   /*  314 */,    0xF72CA0AEE761AE2ELL   /*  315 */,
-	0xBE40E4CDAEE8E09ALL   /*  316 */,    0xE9970BBB5118F665LL   /*  317 */,
-	0x726E4BEB33DF1964LL   /*  318 */,    0x703B000729199762LL   /*  319 */,
-	0x4631D816F5EF30A7LL   /*  320 */,    0xB880B5B51504A6BELL   /*  321 */,
-	0x641793C37ED84B6CLL   /*  322 */,    0x7B21ED77F6E97D96LL   /*  323 */,
-	0x776306312EF96B73LL   /*  324 */,    0xAE528948E86FF3F4LL   /*  325 */,
-	0x53DBD7F286A3F8F8LL   /*  326 */,    0x16CADCE74CFC1063LL   /*  327 */,
-	0x005C19BDFA52C6DDLL   /*  328 */,    0x68868F5D64D46AD3LL   /*  329 */,
-	0x3A9D512CCF1E186ALL   /*  330 */,    0x367E62C2385660AELL   /*  331 */,
-	0xE359E7EA77DCB1D7LL   /*  332 */,    0x526C0773749ABE6ELL   /*  333 */,
-	0x735AE5F9D09F734BLL   /*  334 */,    0x493FC7CC8A558BA8LL   /*  335 */,
-	0xB0B9C1533041AB45LL   /*  336 */,    0x321958BA470A59BDLL   /*  337 */,
-	0x852DB00B5F46C393LL   /*  338 */,    0x91209B2BD336B0E5LL   /*  339 */,
-	0x6E604F7D659EF19FLL   /*  340 */,    0xB99A8AE2782CCB24LL   /*  341 */,
-	0xCCF52AB6C814C4C7LL   /*  342 */,    0x4727D9AFBE11727BLL   /*  343 */,
-	0x7E950D0C0121B34DLL   /*  344 */,    0x756F435670AD471FLL   /*  345 */,
-	0xF5ADD442615A6849LL   /*  346 */,    0x4E87E09980B9957ALL   /*  347 */,
-	0x2ACFA1DF50AEE355LL   /*  348 */,    0xD898263AFD2FD556LL   /*  349 */,
-	0xC8F4924DD80C8FD6LL   /*  350 */,    0xCF99CA3D754A173ALL   /*  351 */,
-	0xFE477BACAF91BF3CLL   /*  352 */,    0xED5371F6D690C12DLL   /*  353 */,
-	0x831A5C285E687094LL   /*  354 */,    0xC5D3C90A3708A0A4LL   /*  355 */,
-	0x0F7F903717D06580LL   /*  356 */,    0x19F9BB13B8FDF27FLL   /*  357 */,
-	0xB1BD6F1B4D502843LL   /*  358 */,    0x1C761BA38FFF4012LL   /*  359 */,
-	0x0D1530C4E2E21F3BLL   /*  360 */,    0x8943CE69A7372C8ALL   /*  361 */,
-	0xE5184E11FEB5CE66LL   /*  362 */,    0x618BDB80BD736621LL   /*  363 */,
-	0x7D29BAD68B574D0BLL   /*  364 */,    0x81BB613E25E6FE5BLL   /*  365 */,
-	0x071C9C10BC07913FLL   /*  366 */,    0xC7BEEB7909AC2D97LL   /*  367 */,
-	0xC3E58D353BC5D757LL   /*  368 */,    0xEB017892F38F61E8LL   /*  369 */,
-	0xD4EFFB9C9B1CC21ALL   /*  370 */,    0x99727D26F494F7ABLL   /*  371 */,
-	0xA3E063A2956B3E03LL   /*  372 */,    0x9D4A8B9A4AA09C30LL   /*  373 */,
-	0x3F6AB7D500090FB4LL   /*  374 */,    0x9CC0F2A057268AC0LL   /*  375 */,
-	0x3DEE9D2DEDBF42D1LL   /*  376 */,    0x330F49C87960A972LL   /*  377 */,
-	0xC6B2720287421B41LL   /*  378 */,    0x0AC59EC07C00369CLL   /*  379 */,
-	0xEF4EAC49CB353425LL   /*  380 */,    0xF450244EEF0129D8LL   /*  381 */,
-	0x8ACC46E5CAF4DEB6LL   /*  382 */,    0x2FFEAB63989263F7LL   /*  383 */,
-	0x8F7CB9FE5D7A4578LL   /*  384 */,    0x5BD8F7644E634635LL   /*  385 */,
-	0x427A7315BF2DC900LL   /*  386 */,    0x17D0C4AA2125261CLL   /*  387 */,
-	0x3992486C93518E50LL   /*  388 */,    0xB4CBFEE0A2D7D4C3LL   /*  389 */,
-	0x7C75D6202C5DDD8DLL   /*  390 */,    0xDBC295D8E35B6C61LL   /*  391 */,
-	0x60B369D302032B19LL   /*  392 */,    0xCE42685FDCE44132LL   /*  393 */,
-	0x06F3DDB9DDF65610LL   /*  394 */,    0x8EA4D21DB5E148F0LL   /*  395 */,
-	0x20B0FCE62FCD496FLL   /*  396 */,    0x2C1B912358B0EE31LL   /*  397 */,
-	0xB28317B818F5A308LL   /*  398 */,    0xA89C1E189CA6D2CFLL   /*  399 */,
-	0x0C6B18576AAADBC8LL   /*  400 */,    0xB65DEAA91299FAE3LL   /*  401 */,
-	0xFB2B794B7F1027E7LL   /*  402 */,    0x04E4317F443B5BEBLL   /*  403 */,
-	0x4B852D325939D0A6LL   /*  404 */,    0xD5AE6BEEFB207FFCLL   /*  405 */,
-	0x309682B281C7D374LL   /*  406 */,    0xBAE309A194C3B475LL   /*  407 */,
-	0x8CC3F97B13B49F05LL   /*  408 */,    0x98A9422FF8293967LL   /*  409 */,
-	0x244B16B01076FF7CLL   /*  410 */,    0xF8BF571C663D67EELL   /*  411 */,
-	0x1F0D6758EEE30DA1LL   /*  412 */,    0xC9B611D97ADEB9B7LL   /*  413 */,
-	0xB7AFD5887B6C57A2LL   /*  414 */,    0x6290AE846B984FE1LL   /*  415 */,
-	0x94DF4CDEACC1A5FDLL   /*  416 */,    0x058A5BD1C5483AFFLL   /*  417 */,
-	0x63166CC142BA3C37LL   /*  418 */,    0x8DB8526EB2F76F40LL   /*  419 */,
-	0xE10880036F0D6D4ELL   /*  420 */,    0x9E0523C9971D311DLL   /*  421 */,
-	0x45EC2824CC7CD691LL   /*  422 */,    0x575B8359E62382C9LL   /*  423 */,
-	0xFA9E400DC4889995LL   /*  424 */,    0xD1823ECB45721568LL   /*  425 */,
-	0xDAFD983B8206082FLL   /*  426 */,    0xAA7D29082386A8CBLL   /*  427 */,
-	0x269FCD4403B87588LL   /*  428 */,    0x1B91F5F728BDD1E0LL   /*  429 */,
-	0xE4669F39040201F6LL   /*  430 */,    0x7A1D7C218CF04ADELL   /*  431 */,
-	0x65623C29D79CE5CELL   /*  432 */,    0x2368449096C00BB1LL   /*  433 */,
-	0xAB9BF1879DA503BALL   /*  434 */,    0xBC23ECB1A458058ELL   /*  435 */,
-	0x9A58DF01BB401ECCLL   /*  436 */,    0xA070E868A85F143DLL   /*  437 */,
-	0x4FF188307DF2239ELL   /*  438 */,    0x14D565B41A641183LL   /*  439 */,
-	0xEE13337452701602LL   /*  440 */,    0x950E3DCF3F285E09LL   /*  441 */,
-	0x59930254B9C80953LL   /*  442 */,    0x3BF299408930DA6DLL   /*  443 */,
-	0xA955943F53691387LL   /*  444 */,    0xA15EDECAA9CB8784LL   /*  445 */,
-	0x29142127352BE9A0LL   /*  446 */,    0x76F0371FFF4E7AFBLL   /*  447 */,
-	0x0239F450274F2228LL   /*  448 */,    0xBB073AF01D5E868BLL   /*  449 */,
-	0xBFC80571C10E96C1LL   /*  450 */,    0xD267088568222E23LL   /*  451 */,
-	0x9671A3D48E80B5B0LL   /*  452 */,    0x55B5D38AE193BB81LL   /*  453 */,
-	0x693AE2D0A18B04B8LL   /*  454 */,    0x5C48B4ECADD5335FLL   /*  455 */,
-	0xFD743B194916A1CALL   /*  456 */,    0x2577018134BE98C4LL   /*  457 */,
-	0xE77987E83C54A4ADLL   /*  458 */,    0x28E11014DA33E1B9LL   /*  459 */,
-	0x270CC59E226AA213LL   /*  460 */,    0x71495F756D1A5F60LL   /*  461 */,
-	0x9BE853FB60AFEF77LL   /*  462 */,    0xADC786A7F7443DBFLL   /*  463 */,
-	0x0904456173B29A82LL   /*  464 */,    0x58BC7A66C232BD5ELL   /*  465 */,
-	0xF306558C673AC8B2LL   /*  466 */,    0x41F639C6B6C9772ALL   /*  467 */,
-	0x216DEFE99FDA35DALL   /*  468 */,    0x11640CC71C7BE615LL   /*  469 */,
-	0x93C43694565C5527LL   /*  470 */,    0xEA038E6246777839LL   /*  471 */,
-	0xF9ABF3CE5A3E2469LL   /*  472 */,    0x741E768D0FD312D2LL   /*  473 */,
-	0x0144B883CED652C6LL   /*  474 */,    0xC20B5A5BA33F8552LL   /*  475 */,
-	0x1AE69633C3435A9DLL   /*  476 */,    0x97A28CA4088CFDECLL   /*  477 */,
-	0x8824A43C1E96F420LL   /*  478 */,    0x37612FA66EEEA746LL   /*  479 */,
-	0x6B4CB165F9CF0E5ALL   /*  480 */,    0x43AA1C06A0ABFB4ALL   /*  481 */,
-	0x7F4DC26FF162796BLL   /*  482 */,    0x6CBACC8E54ED9B0FLL   /*  483 */,
-	0xA6B7FFEFD2BB253ELL   /*  484 */,    0x2E25BC95B0A29D4FLL   /*  485 */,
-	0x86D6A58BDEF1388CLL   /*  486 */,    0xDED74AC576B6F054LL   /*  487 */,
-	0x8030BDBC2B45805DLL   /*  488 */,    0x3C81AF70E94D9289LL   /*  489 */,
-	0x3EFF6DDA9E3100DBLL   /*  490 */,    0xB38DC39FDFCC8847LL   /*  491 */,
-	0x123885528D17B87ELL   /*  492 */,    0xF2DA0ED240B1B642LL   /*  493 */,
-	0x44CEFADCD54BF9A9LL   /*  494 */,    0x1312200E433C7EE6LL   /*  495 */,
-	0x9FFCC84F3A78C748LL   /*  496 */,    0xF0CD1F72248576BBLL   /*  497 */,
-	0xEC6974053638CFE4LL   /*  498 */,    0x2BA7B67C0CEC4E4CLL   /*  499 */,
-	0xAC2F4DF3E5CE32EDLL   /*  500 */,    0xCB33D14326EA4C11LL   /*  501 */,
-	0xA4E9044CC77E58BCLL   /*  502 */,    0x5F513293D934FCEFLL   /*  503 */,
-	0x5DC9645506E55444LL   /*  504 */,    0x50DE418F317DE40ALL   /*  505 */,
-	0x388CB31A69DDE259LL   /*  506 */,    0x2DB4A83455820A86LL   /*  507 */,
-	0x9010A91E84711AE9LL   /*  508 */,    0x4DF7F0B7B1498371LL   /*  509 */,
-	0xD62A2EABC0977179LL   /*  510 */,    0x22FAC097AA8D5C0ELL   /*  511 */,
-	0xF49FCC2FF1DAF39BLL   /*  512 */,    0x487FD5C66FF29281LL   /*  513 */,
-	0xE8A30667FCDCA83FLL   /*  514 */,    0x2C9B4BE3D2FCCE63LL   /*  515 */,
-	0xDA3FF74B93FBBBC2LL   /*  516 */,    0x2FA165D2FE70BA66LL   /*  517 */,
-	0xA103E279970E93D4LL   /*  518 */,    0xBECDEC77B0E45E71LL   /*  519 */,
-	0xCFB41E723985E497LL   /*  520 */,    0xB70AAA025EF75017LL   /*  521 */,
-	0xD42309F03840B8E0LL   /*  522 */,    0x8EFC1AD035898579LL   /*  523 */,
-	0x96C6920BE2B2ABC5LL   /*  524 */,    0x66AF4163375A9172LL   /*  525 */,
-	0x2174ABDCCA7127FBLL   /*  526 */,    0xB33CCEA64A72FF41LL   /*  527 */,
-	0xF04A4933083066A5LL   /*  528 */,    0x8D970ACDD7289AF5LL   /*  529 */,
-	0x8F96E8E031C8C25ELL   /*  530 */,    0xF3FEC02276875D47LL   /*  531 */,
-	0xEC7BF310056190DDLL   /*  532 */,    0xF5ADB0AEBB0F1491LL   /*  533 */,
-	0x9B50F8850FD58892LL   /*  534 */,    0x4975488358B74DE8LL   /*  535 */,
-	0xA3354FF691531C61LL   /*  536 */,    0x0702BBE481D2C6EELL   /*  537 */,
-	0x89FB24057DEDED98LL   /*  538 */,    0xAC3075138596E902LL   /*  539 */,
-	0x1D2D3580172772EDLL   /*  540 */,    0xEB738FC28E6BC30DLL   /*  541 */,
-	0x5854EF8F63044326LL   /*  542 */,    0x9E5C52325ADD3BBELL   /*  543 */,
-	0x90AA53CF325C4623LL   /*  544 */,    0xC1D24D51349DD067LL   /*  545 */,
-	0x2051CFEEA69EA624LL   /*  546 */,    0x13220F0A862E7E4FLL   /*  547 */,
-	0xCE39399404E04864LL   /*  548 */,    0xD9C42CA47086FCB7LL   /*  549 */,
-	0x685AD2238A03E7CCLL   /*  550 */,    0x066484B2AB2FF1DBLL   /*  551 */,
-	0xFE9D5D70EFBF79ECLL   /*  552 */,    0x5B13B9DD9C481854LL   /*  553 */,
-	0x15F0D475ED1509ADLL   /*  554 */,    0x0BEBCD060EC79851LL   /*  555 */,
-	0xD58C6791183AB7F8LL   /*  556 */,    0xD1187C5052F3EEE4LL   /*  557 */,
-	0xC95D1192E54E82FFLL   /*  558 */,    0x86EEA14CB9AC6CA2LL   /*  559 */,
-	0x3485BEB153677D5DLL   /*  560 */,    0xDD191D781F8C492ALL   /*  561 */,
-	0xF60866BAA784EBF9LL   /*  562 */,    0x518F643BA2D08C74LL   /*  563 */,
-	0x8852E956E1087C22LL   /*  564 */,    0xA768CB8DC410AE8DLL   /*  565 */,
-	0x38047726BFEC8E1ALL   /*  566 */,    0xA67738B4CD3B45AALL   /*  567 */,
-	0xAD16691CEC0DDE19LL   /*  568 */,    0xC6D4319380462E07LL   /*  569 */,
-	0xC5A5876D0BA61938LL   /*  570 */,    0x16B9FA1FA58FD840LL   /*  571 */,
-	0x188AB1173CA74F18LL   /*  572 */,    0xABDA2F98C99C021FLL   /*  573 */,
-	0x3E0580AB134AE816LL   /*  574 */,    0x5F3B05B773645ABBLL   /*  575 */,
-	0x2501A2BE5575F2F6LL   /*  576 */,    0x1B2F74004E7E8BA9LL   /*  577 */,
-	0x1CD7580371E8D953LL   /*  578 */,    0x7F6ED89562764E30LL   /*  579 */,
-	0xB15926FF596F003DLL   /*  580 */,    0x9F65293DA8C5D6B9LL   /*  581 */,
-	0x6ECEF04DD690F84CLL   /*  582 */,    0x4782275FFF33AF88LL   /*  583 */,
-	0xE41433083F820801LL   /*  584 */,    0xFD0DFE409A1AF9B5LL   /*  585 */,
-	0x4325A3342CDB396BLL   /*  586 */,    0x8AE77E62B301B252LL   /*  587 */,
-	0xC36F9E9F6655615ALL   /*  588 */,    0x85455A2D92D32C09LL   /*  589 */,
-	0xF2C7DEA949477485LL   /*  590 */,    0x63CFB4C133A39EBALL   /*  591 */,
-	0x83B040CC6EBC5462LL   /*  592 */,    0x3B9454C8FDB326B0LL   /*  593 */,
-	0x56F56A9E87FFD78CLL   /*  594 */,    0x2DC2940D99F42BC6LL   /*  595 */,
-	0x98F7DF096B096E2DLL   /*  596 */,    0x19A6E01E3AD852BFLL   /*  597 */,
-	0x42A99CCBDBD4B40BLL   /*  598 */,    0xA59998AF45E9C559LL   /*  599 */,
-	0x366295E807D93186LL   /*  600 */,    0x6B48181BFAA1F773LL   /*  601 */,
-	0x1FEC57E2157A0A1DLL   /*  602 */,    0x4667446AF6201AD5LL   /*  603 */,
-	0xE615EBCACFB0F075LL   /*  604 */,    0xB8F31F4F68290778LL   /*  605 */,
-	0x22713ED6CE22D11ELL   /*  606 */,    0x3057C1A72EC3C93BLL   /*  607 */,
-	0xCB46ACC37C3F1F2FLL   /*  608 */,    0xDBB893FD02AAF50ELL   /*  609 */,
-	0x331FD92E600B9FCFLL   /*  610 */,    0xA498F96148EA3AD6LL   /*  611 */,
-	0xA8D8426E8B6A83EALL   /*  612 */,    0xA089B274B7735CDCLL   /*  613 */,
-	0x87F6B3731E524A11LL   /*  614 */,    0x118808E5CBC96749LL   /*  615 */,
-	0x9906E4C7B19BD394LL   /*  616 */,    0xAFED7F7E9B24A20CLL   /*  617 */,
-	0x6509EADEEB3644A7LL   /*  618 */,    0x6C1EF1D3E8EF0EDELL   /*  619 */,
-	0xB9C97D43E9798FB4LL   /*  620 */,    0xA2F2D784740C28A3LL   /*  621 */,
-	0x7B8496476197566FLL   /*  622 */,    0x7A5BE3E6B65F069DLL   /*  623 */,
-	0xF96330ED78BE6F10LL   /*  624 */,    0xEEE60DE77A076A15LL   /*  625 */,
-	0x2B4BEE4AA08B9BD0LL   /*  626 */,    0x6A56A63EC7B8894ELL   /*  627 */,
-	0x02121359BA34FEF4LL   /*  628 */,    0x4CBF99F8283703FCLL   /*  629 */,
-	0x398071350CAF30C8LL   /*  630 */,    0xD0A77A89F017687ALL   /*  631 */,
-	0xF1C1A9EB9E423569LL   /*  632 */,    0x8C7976282DEE8199LL   /*  633 */,
-	0x5D1737A5DD1F7ABDLL   /*  634 */,    0x4F53433C09A9FA80LL   /*  635 */,
-	0xFA8B0C53DF7CA1D9LL   /*  636 */,    0x3FD9DCBC886CCB77LL   /*  637 */,
-	0xC040917CA91B4720LL   /*  638 */,    0x7DD00142F9D1DCDFLL   /*  639 */,
-	0x8476FC1D4F387B58LL   /*  640 */,    0x23F8E7C5F3316503LL   /*  641 */,
-	0x032A2244E7E37339LL   /*  642 */,    0x5C87A5D750F5A74BLL   /*  643 */,
-	0x082B4CC43698992ELL   /*  644 */,    0xDF917BECB858F63CLL   /*  645 */,
-	0x3270B8FC5BF86DDALL   /*  646 */,    0x10AE72BB29B5DD76LL   /*  647 */,
-	0x576AC94E7700362BLL   /*  648 */,    0x1AD112DAC61EFB8FLL   /*  649 */,
-	0x691BC30EC5FAA427LL   /*  650 */,    0xFF246311CC327143LL   /*  651 */,
-	0x3142368E30E53206LL   /*  652 */,    0x71380E31E02CA396LL   /*  653 */,
-	0x958D5C960AAD76F1LL   /*  654 */,    0xF8D6F430C16DA536LL   /*  655 */,
-	0xC8FFD13F1BE7E1D2LL   /*  656 */,    0x7578AE66004DDBE1LL   /*  657 */,
-	0x05833F01067BE646LL   /*  658 */,    0xBB34B5AD3BFE586DLL   /*  659 */,
-	0x095F34C9A12B97F0LL   /*  660 */,    0x247AB64525D60CA8LL   /*  661 */,
-	0xDCDBC6F3017477D1LL   /*  662 */,    0x4A2E14D4DECAD24DLL   /*  663 */,
-	0xBDB5E6D9BE0A1EEBLL   /*  664 */,    0x2A7E70F7794301ABLL   /*  665 */,
-	0xDEF42D8A270540FDLL   /*  666 */,    0x01078EC0A34C22C1LL   /*  667 */,
-	0xE5DE511AF4C16387LL   /*  668 */,    0x7EBB3A52BD9A330ALL   /*  669 */,
-	0x77697857AA7D6435LL   /*  670 */,    0x004E831603AE4C32LL   /*  671 */,
-	0xE7A21020AD78E312LL   /*  672 */,    0x9D41A70C6AB420F2LL   /*  673 */,
-	0x28E06C18EA1141E6LL   /*  674 */,    0xD2B28CBD984F6B28LL   /*  675 */,
-	0x26B75F6C446E9D83LL   /*  676 */,    0xBA47568C4D418D7FLL   /*  677 */,
-	0xD80BADBFE6183D8ELL   /*  678 */,    0x0E206D7F5F166044LL   /*  679 */,
-	0xE258A43911CBCA3ELL   /*  680 */,    0x723A1746B21DC0BCLL   /*  681 */,
-	0xC7CAA854F5D7CDD3LL   /*  682 */,    0x7CAC32883D261D9CLL   /*  683 */,
-	0x7690C26423BA942CLL   /*  684 */,    0x17E55524478042B8LL   /*  685 */,
-	0xE0BE477656A2389FLL   /*  686 */,    0x4D289B5E67AB2DA0LL   /*  687 */,
-	0x44862B9C8FBBFD31LL   /*  688 */,    0xB47CC8049D141365LL   /*  689 */,
-	0x822C1B362B91C793LL   /*  690 */,    0x4EB14655FB13DFD8LL   /*  691 */,
-	0x1ECBBA0714E2A97BLL   /*  692 */,    0x6143459D5CDE5F14LL   /*  693 */,
-	0x53A8FBF1D5F0AC89LL   /*  694 */,    0x97EA04D81C5E5B00LL   /*  695 */,
-	0x622181A8D4FDB3F3LL   /*  696 */,    0xE9BCD341572A1208LL   /*  697 */,
-	0x1411258643CCE58ALL   /*  698 */,    0x9144C5FEA4C6E0A4LL   /*  699 */,
-	0x0D33D06565CF620FLL   /*  700 */,    0x54A48D489F219CA1LL   /*  701 */,
-	0xC43E5EAC6D63C821LL   /*  702 */,    0xA9728B3A72770DAFLL   /*  703 */,
-	0xD7934E7B20DF87EFLL   /*  704 */,    0xE35503B61A3E86E5LL   /*  705 */,
-	0xCAE321FBC819D504LL   /*  706 */,    0x129A50B3AC60BFA6LL   /*  707 */,
-	0xCD5E68EA7E9FB6C3LL   /*  708 */,    0xB01C90199483B1C7LL   /*  709 */,
-	0x3DE93CD5C295376CLL   /*  710 */,    0xAED52EDF2AB9AD13LL   /*  711 */,
-	0x2E60F512C0A07884LL   /*  712 */,    0xBC3D86A3E36210C9LL   /*  713 */,
-	0x35269D9B163951CELL   /*  714 */,    0x0C7D6E2AD0CDB5FALL   /*  715 */,
-	0x59E86297D87F5733LL   /*  716 */,    0x298EF221898DB0E7LL   /*  717 */,
-	0x55000029D1A5AA7ELL   /*  718 */,    0x8BC08AE1B5061B45LL   /*  719 */,
-	0xC2C31C2B6C92703ALL   /*  720 */,    0x94CC596BAF25EF42LL   /*  721 */,
-	0x0A1D73DB22540456LL   /*  722 */,    0x04B6A0F9D9C4179ALL   /*  723 */,
-	0xEFFDAFA2AE3D3C60LL   /*  724 */,    0xF7C8075BB49496C4LL   /*  725 */,
-	0x9CC5C7141D1CD4E3LL   /*  726 */,    0x78BD1638218E5534LL   /*  727 */,
-	0xB2F11568F850246ALL   /*  728 */,    0xEDFABCFA9502BC29LL   /*  729 */,
-	0x796CE5F2DA23051BLL   /*  730 */,    0xAAE128B0DC93537CLL   /*  731 */,
-	0x3A493DA0EE4B29AELL   /*  732 */,    0xB5DF6B2C416895D7LL   /*  733 */,
-	0xFCABBD25122D7F37LL   /*  734 */,    0x70810B58105DC4B1LL   /*  735 */,
-	0xE10FDD37F7882A90LL   /*  736 */,    0x524DCAB5518A3F5CLL   /*  737 */,
-	0x3C9E85878451255BLL   /*  738 */,    0x4029828119BD34E2LL   /*  739 */,
-	0x74A05B6F5D3CECCBLL   /*  740 */,    0xB610021542E13ECALL   /*  741 */,
-	0x0FF979D12F59E2ACLL   /*  742 */,    0x6037DA27E4F9CC50LL   /*  743 */,
-	0x5E92975A0DF1847DLL   /*  744 */,    0xD66DE190D3E623FELL   /*  745 */,
-	0x5032D6B87B568048LL   /*  746 */,    0x9A36B7CE8235216ELL   /*  747 */,
-	0x80272A7A24F64B4ALL   /*  748 */,    0x93EFED8B8C6916F7LL   /*  749 */,
-	0x37DDBFF44CCE1555LL   /*  750 */,    0x4B95DB5D4B99BD25LL   /*  751 */,
-	0x92D3FDA169812FC0LL   /*  752 */,    0xFB1A4A9A90660BB6LL   /*  753 */,
-	0x730C196946A4B9B2LL   /*  754 */,    0x81E289AA7F49DA68LL   /*  755 */,
-	0x64669A0F83B1A05FLL   /*  756 */,    0x27B3FF7D9644F48BLL   /*  757 */,
-	0xCC6B615C8DB675B3LL   /*  758 */,    0x674F20B9BCEBBE95LL   /*  759 */,
-	0x6F31238275655982LL   /*  760 */,    0x5AE488713E45CF05LL   /*  761 */,
-	0xBF619F9954C21157LL   /*  762 */,    0xEABAC46040A8EAE9LL   /*  763 */,
-	0x454C6FE9F2C0C1CDLL   /*  764 */,    0x419CF6496412691CLL   /*  765 */,
-	0xD3DC3BEF265B0F70LL   /*  766 */,    0x6D0E60F5C3578A9ELL   /*  767 */,
-	0x5B0E608526323C55LL   /*  768 */,    0x1A46C1A9FA1B59F5LL   /*  769 */,
-	0xA9E245A17C4C8FFALL   /*  770 */,    0x65CA5159DB2955D7LL   /*  771 */,
-	0x05DB0A76CE35AFC2LL   /*  772 */,    0x81EAC77EA9113D45LL   /*  773 */,
-	0x528EF88AB6AC0A0DLL   /*  774 */,    0xA09EA253597BE3FFLL   /*  775 */,
-	0x430DDFB3AC48CD56LL   /*  776 */,    0xC4B3A67AF45CE46FLL   /*  777 */,
-	0x4ECECFD8FBE2D05ELL   /*  778 */,    0x3EF56F10B39935F0LL   /*  779 */,
-	0x0B22D6829CD619C6LL   /*  780 */,    0x17FD460A74DF2069LL   /*  781 */,
-	0x6CF8CC8E8510ED40LL   /*  782 */,    0xD6C824BF3A6ECAA7LL   /*  783 */,
-	0x61243D581A817049LL   /*  784 */,    0x048BACB6BBC163A2LL   /*  785 */,
-	0xD9A38AC27D44CC32LL   /*  786 */,    0x7FDDFF5BAAF410ABLL   /*  787 */,
-	0xAD6D495AA804824BLL   /*  788 */,    0xE1A6A74F2D8C9F94LL   /*  789 */,
-	0xD4F7851235DEE8E3LL   /*  790 */,    0xFD4B7F886540D893LL   /*  791 */,
-	0x247C20042AA4BFDALL   /*  792 */,    0x096EA1C517D1327CLL   /*  793 */,
-	0xD56966B4361A6685LL   /*  794 */,    0x277DA5C31221057DLL   /*  795 */,
-	0x94D59893A43ACFF7LL   /*  796 */,    0x64F0C51CCDC02281LL   /*  797 */,
-	0x3D33BCC4FF6189DBLL   /*  798 */,    0xE005CB184CE66AF1LL   /*  799 */,
-	0xFF5CCD1D1DB99BEALL   /*  800 */,    0xB0B854A7FE42980FLL   /*  801 */,
-	0x7BD46A6A718D4B9FLL   /*  802 */,    0xD10FA8CC22A5FD8CLL   /*  803 */,
-	0xD31484952BE4BD31LL   /*  804 */,    0xC7FA975FCB243847LL   /*  805 */,
-	0x4886ED1E5846C407LL   /*  806 */,    0x28CDDB791EB70B04LL   /*  807 */,
-	0xC2B00BE2F573417FLL   /*  808 */,    0x5C9590452180F877LL   /*  809 */,
-	0x7A6BDDFFF370EB00LL   /*  810 */,    0xCE509E38D6D9D6A4LL   /*  811 */,
-	0xEBEB0F00647FA702LL   /*  812 */,    0x1DCC06CF76606F06LL   /*  813 */,
-	0xE4D9F28BA286FF0ALL   /*  814 */,    0xD85A305DC918C262LL   /*  815 */,
-	0x475B1D8732225F54LL   /*  816 */,    0x2D4FB51668CCB5FELL   /*  817 */,
-	0xA679B9D9D72BBA20LL   /*  818 */,    0x53841C0D912D43A5LL   /*  819 */,
-	0x3B7EAA48BF12A4E8LL   /*  820 */,    0x781E0E47F22F1DDFLL   /*  821 */,
-	0xEFF20CE60AB50973LL   /*  822 */,    0x20D261D19DFFB742LL   /*  823 */,
-	0x16A12B03062A2E39LL   /*  824 */,    0x1960EB2239650495LL   /*  825 */,
-	0x251C16FED50EB8B8LL   /*  826 */,    0x9AC0C330F826016ELL   /*  827 */,
-	0xED152665953E7671LL   /*  828 */,    0x02D63194A6369570LL   /*  829 */,
-	0x5074F08394B1C987LL   /*  830 */,    0x70BA598C90B25CE1LL   /*  831 */,
-	0x794A15810B9742F6LL   /*  832 */,    0x0D5925E9FCAF8C6CLL   /*  833 */,
-	0x3067716CD868744ELL   /*  834 */,    0x910AB077E8D7731BLL   /*  835 */,
-	0x6A61BBDB5AC42F61LL   /*  836 */,    0x93513EFBF0851567LL   /*  837 */,
-	0xF494724B9E83E9D5LL   /*  838 */,    0xE887E1985C09648DLL   /*  839 */,
-	0x34B1D3C675370CFDLL   /*  840 */,    0xDC35E433BC0D255DLL   /*  841 */,
-	0xD0AAB84234131BE0LL   /*  842 */,    0x08042A50B48B7EAFLL   /*  843 */,
-	0x9997C4EE44A3AB35LL   /*  844 */,    0x829A7B49201799D0LL   /*  845 */,
-	0x263B8307B7C54441LL   /*  846 */,    0x752F95F4FD6A6CA6LL   /*  847 */,
-	0x927217402C08C6E5LL   /*  848 */,    0x2A8AB754A795D9EELL   /*  849 */,
-	0xA442F7552F72943DLL   /*  850 */,    0x2C31334E19781208LL   /*  851 */,
-	0x4FA98D7CEAEE6291LL   /*  852 */,    0x55C3862F665DB309LL   /*  853 */,
-	0xBD0610175D53B1F3LL   /*  854 */,    0x46FE6CB840413F27LL   /*  855 */,
-	0x3FE03792DF0CFA59LL   /*  856 */,    0xCFE700372EB85E8FLL   /*  857 */,
-	0xA7BE29E7ADBCE118LL   /*  858 */,    0xE544EE5CDE8431DDLL   /*  859 */,
-	0x8A781B1B41F1873ELL   /*  860 */,    0xA5C94C78A0D2F0E7LL   /*  861 */,
-	0x39412E2877B60728LL   /*  862 */,    0xA1265EF3AFC9A62CLL   /*  863 */,
-	0xBCC2770C6A2506C5LL   /*  864 */,    0x3AB66DD5DCE1CE12LL   /*  865 */,
-	0xE65499D04A675B37LL   /*  866 */,    0x7D8F523481BFD216LL   /*  867 */,
-	0x0F6F64FCEC15F389LL   /*  868 */,    0x74EFBE618B5B13C8LL   /*  869 */,
-	0xACDC82B714273E1DLL   /*  870 */,    0xDD40BFE003199D17LL   /*  871 */,
-	0x37E99257E7E061F8LL   /*  872 */,    0xFA52626904775AAALL   /*  873 */,
-	0x8BBBF63A463D56F9LL   /*  874 */,    0xF0013F1543A26E64LL   /*  875 */,
-	0xA8307E9F879EC898LL   /*  876 */,    0xCC4C27A4150177CCLL   /*  877 */,
-	0x1B432F2CCA1D3348LL   /*  878 */,    0xDE1D1F8F9F6FA013LL   /*  879 */,
-	0x606602A047A7DDD6LL   /*  880 */,    0xD237AB64CC1CB2C7LL   /*  881 */,
-	0x9B938E7225FCD1D3LL   /*  882 */,    0xEC4E03708E0FF476LL   /*  883 */,
-	0xFEB2FBDA3D03C12DLL   /*  884 */,    0xAE0BCED2EE43889ALL   /*  885 */,
-	0x22CB8923EBFB4F43LL   /*  886 */,    0x69360D013CF7396DLL   /*  887 */,
-	0x855E3602D2D4E022LL   /*  888 */,    0x073805BAD01F784CLL   /*  889 */,
-	0x33E17A133852F546LL   /*  890 */,    0xDF4874058AC7B638LL   /*  891 */,
-	0xBA92B29C678AA14ALL   /*  892 */,    0x0CE89FC76CFAADCDLL   /*  893 */,
-	0x5F9D4E0908339E34LL   /*  894 */,    0xF1AFE9291F5923B9LL   /*  895 */,
-	0x6E3480F60F4A265FLL   /*  896 */,    0xEEBF3A2AB29B841CLL   /*  897 */,
-	0xE21938A88F91B4ADLL   /*  898 */,    0x57DFEFF845C6D3C3LL   /*  899 */,
-	0x2F006B0BF62CAAF2LL   /*  900 */,    0x62F479EF6F75EE78LL   /*  901 */,
-	0x11A55AD41C8916A9LL   /*  902 */,    0xF229D29084FED453LL   /*  903 */,
-	0x42F1C27B16B000E6LL   /*  904 */,    0x2B1F76749823C074LL   /*  905 */,
-	0x4B76ECA3C2745360LL   /*  906 */,    0x8C98F463B91691BDLL   /*  907 */,
-	0x14BCC93CF1ADE66ALL   /*  908 */,    0x8885213E6D458397LL   /*  909 */,
-	0x8E177DF0274D4711LL   /*  910 */,    0xB49B73B5503F2951LL   /*  911 */,
-	0x10168168C3F96B6BLL   /*  912 */,    0x0E3D963B63CAB0AELL   /*  913 */,
-	0x8DFC4B5655A1DB14LL   /*  914 */,    0xF789F1356E14DE5CLL   /*  915 */,
-	0x683E68AF4E51DAC1LL   /*  916 */,    0xC9A84F9D8D4B0FD9LL   /*  917 */,
-	0x3691E03F52A0F9D1LL   /*  918 */,    0x5ED86E46E1878E80LL   /*  919 */,
-	0x3C711A0E99D07150LL   /*  920 */,    0x5A0865B20C4E9310LL   /*  921 */,
-	0x56FBFC1FE4F0682ELL   /*  922 */,    0xEA8D5DE3105EDF9BLL   /*  923 */,
-	0x71ABFDB12379187ALL   /*  924 */,    0x2EB99DE1BEE77B9CLL   /*  925 */,
-	0x21ECC0EA33CF4523LL   /*  926 */,    0x59A4D7521805C7A1LL   /*  927 */,
-	0x3896F5EB56AE7C72LL   /*  928 */,    0xAA638F3DB18F75DCLL   /*  929 */,
-	0x9F39358DABE9808ELL   /*  930 */,    0xB7DEFA91C00B72ACLL   /*  931 */,
-	0x6B5541FD62492D92LL   /*  932 */,    0x6DC6DEE8F92E4D5BLL   /*  933 */,
-	0x353F57ABC4BEEA7ELL   /*  934 */,    0x735769D6DA5690CELL   /*  935 */,
-	0x0A234AA642391484LL   /*  936 */,    0xF6F9508028F80D9DLL   /*  937 */,
-	0xB8E319A27AB3F215LL   /*  938 */,    0x31AD9C1151341A4DLL   /*  939 */,
-	0x773C22A57BEF5805LL   /*  940 */,    0x45C7561A07968633LL   /*  941 */,
-	0xF913DA9E249DBE36LL   /*  942 */,    0xDA652D9B78A64C68LL   /*  943 */,
-	0x4C27A97F3BC334EFLL   /*  944 */,    0x76621220E66B17F4LL   /*  945 */,
-	0x967743899ACD7D0BLL   /*  946 */,    0xF3EE5BCAE0ED6782LL   /*  947 */,
-	0x409F753600C879FCLL   /*  948 */,    0x06D09A39B5926DB6LL   /*  949 */,
-	0x6F83AEB0317AC588LL   /*  950 */,    0x01E6CA4A86381F21LL   /*  951 */,
-	0x66FF3462D19F3025LL   /*  952 */,    0x72207C24DDFD3BFBLL   /*  953 */,
-	0x4AF6B6D3E2ECE2EBLL   /*  954 */,    0x9C994DBEC7EA08DELL   /*  955 */,
-	0x49ACE597B09A8BC4LL   /*  956 */,    0xB38C4766CF0797BALL   /*  957 */,
-	0x131B9373C57C2A75LL   /*  958 */,    0xB1822CCE61931E58LL   /*  959 */,
-	0x9D7555B909BA1C0CLL   /*  960 */,    0x127FAFDD937D11D2LL   /*  961 */,
-	0x29DA3BADC66D92E4LL   /*  962 */,    0xA2C1D57154C2ECBCLL   /*  963 */,
-	0x58C5134D82F6FE24LL   /*  964 */,    0x1C3AE3515B62274FLL   /*  965 */,
-	0xE907C82E01CB8126LL   /*  966 */,    0xF8ED091913E37FCBLL   /*  967 */,
-	0x3249D8F9C80046C9LL   /*  968 */,    0x80CF9BEDE388FB63LL   /*  969 */,
-	0x1881539A116CF19ELL   /*  970 */,    0x5103F3F76BD52457LL   /*  971 */,
-	0x15B7E6F5AE47F7A8LL   /*  972 */,    0xDBD7C6DED47E9CCFLL   /*  973 */,
-	0x44E55C410228BB1ALL   /*  974 */,    0xB647D4255EDB4E99LL   /*  975 */,
-	0x5D11882BB8AAFC30LL   /*  976 */,    0xF5098BBB29D3212ALL   /*  977 */,
-	0x8FB5EA14E90296B3LL   /*  978 */,    0x677B942157DD025ALL   /*  979 */,
-	0xFB58E7C0A390ACB5LL   /*  980 */,    0x89D3674C83BD4A01LL   /*  981 */,
-	0x9E2DA4DF4BF3B93BLL   /*  982 */,    0xFCC41E328CAB4829LL   /*  983 */,
-	0x03F38C96BA582C52LL   /*  984 */,    0xCAD1BDBD7FD85DB2LL   /*  985 */,
-	0xBBB442C16082AE83LL   /*  986 */,    0xB95FE86BA5DA9AB0LL   /*  987 */,
-	0xB22E04673771A93FLL   /*  988 */,    0x845358C9493152D8LL   /*  989 */,
-	0xBE2A488697B4541ELL   /*  990 */,    0x95A2DC2DD38E6966LL   /*  991 */,
-	0xC02C11AC923C852BLL   /*  992 */,    0x2388B1990DF2A87BLL   /*  993 */,
-	0x7C8008FA1B4F37BELL   /*  994 */,    0x1F70D0C84D54E503LL   /*  995 */,
-	0x5490ADEC7ECE57D4LL   /*  996 */,    0x002B3C27D9063A3ALL   /*  997 */,
-	0x7EAEA3848030A2BFLL   /*  998 */,    0xC602326DED2003C0LL   /*  999 */,
-	0x83A7287D69A94086LL   /* 1000 */,    0xC57A5FCB30F57A8ALL   /* 1001 */,
-	0xB56844E479EBE779LL   /* 1002 */,    0xA373B40F05DCBCE9LL   /* 1003 */,
-	0xD71A786E88570EE2LL   /* 1004 */,    0x879CBACDBDE8F6A0LL   /* 1005 */,
-	0x976AD1BCC164A32FLL   /* 1006 */,    0xAB21E25E9666D78BLL   /* 1007 */,
-	0x901063AAE5E5C33CLL   /* 1008 */,    0x9818B34448698D90LL   /* 1009 */,
-	0xE36487AE3E1E8ABBLL   /* 1010 */,    0xAFBDF931893BDCB4LL   /* 1011 */,
-	0x6345A0DC5FBBD519LL   /* 1012 */,    0x8628FE269B9465CALL   /* 1013 */,
-	0x1E5D01603F9C51ECLL   /* 1014 */,    0x4DE44006A15049B7LL   /* 1015 */,
-	0xBF6C70E5F776CBB1LL   /* 1016 */,    0x411218F2EF552BEDLL   /* 1017 */,
-	0xCB0C0708705A36A3LL   /* 1018 */,    0xE74D14754F986044LL   /* 1019 */,
-	0xCD56D9430EA8280ELL   /* 1020 */,    0xC12591D7535F5065LL   /* 1021 */,
-	0xC83223F1720AEF96LL   /* 1022 */,    0xC3A0396F7363A51FLL   /* 1023 */
-};
-
-/* The following macro denotes that an optimization    */
-/* for Alpha is required. It is used only for          */
-/* optimization of time. Otherwise it does nothing.    */
-#ifdef _LP64
-#define OPTIMIZE_FOR_LP64
-#endif
-
-/* NOTE that this code is NOT FULLY OPTIMIZED for any  */
-/* machine. Assembly code might be much faster on some */
-/* machines, especially if the code is compiled with   */
-/* gcc.                                                */
-
-/* The number of passes of the hash function.          */
-/* Three passes are recommended.                       */
-/* Use four passes when you need extra security.       */
-/* Must be at least three.                             */
-#define PASSES 3
-
-#define T1 (table)
-#define T2 (table+256)
-#define T3 (table+(256*2))
-#define T4 (table+(256*3))
-
-#define SAVE_ABC do {							\
-	aa = a;								\
-	bb = b;								\
-	cc = c;								\
-} while (/*CONSTCOND*/0)
-
-#ifdef OPTIMIZE_FOR_LP64
-/* This is the official definition of round */
-#define ROUND(a,b,c,x,mul) do {						\
-	c ^= x;								\
-	a -= T1[((c)>>(0*8))&0xFF] ^ T2[((c)>>(2*8))&0xFF] ^		\
-		T3[((c)>>(4*8))&0xFF] ^ T4[((c)>>(6*8))&0xFF] ;		\
-	b += T4[((c)>>(1*8))&0xFF] ^ T3[((c)>>(3*8))&0xFF] ^		\
-		T2[((c)>>(5*8))&0xFF] ^ T1[((c)>>(7*8))&0xFF] ;		\
-	b *= mul;							\
-} while (/*CONSTCOND*/ 0)
-#else
-/* This code works faster when compiled on 32-bit machines */
-/* (but works slower on Alpha) */
-#define ROUND(a,b,c,x,mul) do {						\
-	c ^= x;								\
-	a -= T1[(uint8_t)(c)] ^						\
-		T2[(const uint8_t)(((uint32_t)(c))>>(2*8))] ^		\
-		T3[(const uint8_t)((c)>>(4*8))] ^			\
-		T4[(const uint8_t)(((uint32_t)((c)>>(4*8)))>>(2*8))] ;	\
-	b += T4[(uint8_t)(((uint32_t)(c))>>(1*8))] ^			\
-		T3[(const uint8_t)(((uint32_t)(c))>>(3*8))] ^		\
-		T2[(const uint8_t)(((uint32_t)((c)>>(4*8)))>>(1*8))] ^	\
-		T1[(const uint8_t)(((uint32_t)((c)>>(4*8)))>>(3*8))];	\
-	b *= mul;							\
-} while (/*CONSTCOND*/0)
-#endif
-
-#define PASS(a,b,c,mul) do {						\
-	ROUND(a,b,c,x0,mul);						\
-	ROUND(b,c,a,x1,mul);						\
-	ROUND(c,a,b,x2,mul);						\
-	ROUND(a,b,c,x3,mul);						\
-	ROUND(b,c,a,x4,mul);						\
-	ROUND(c,a,b,x5,mul);						\
-	ROUND(a,b,c,x6,mul);						\
-	ROUND(b,c,a,x7,mul);						\
-} while (/*CONSTCOND*/ 0)
-
-#define KEY_SCHEDULE do {						\
-	x0 -= x7 ^ (uint64_t)0xA5A5A5A5A5A5A5A5LL;			\
-	x1 ^= x0;							\
-	x2 += x1;							\
-	x3 -= x2 ^ ((~x1)<<19);						\
-	x4 ^= x3;							\
-	x5 += x4;							\
-	x6 -= x5 ^ ((~x4)>>23);						\
-	x7 ^= x6;							\
-	x0 += x7;							\
-	x1 -= x0 ^ ((~x7)<<19);						\
-	x2 ^= x1;							\
-	x3 += x2;							\
-	x4 -= x3 ^ ((~x2)>>23);						\
-	x5 ^= x4;							\
-	x6 += x5;							\
-	x7 -= x6 ^ (uint64_t)0x0123456789ABCDEFLL;			\
-} while (/*CONSTCOND*/ 0)
-
-#define FEEDFORWARD do {						\
-	a ^= aa;							\
-	b -= bb;							\
-	c += cc;							\
-} while (/*CONSTCOND*/ 0)
-
-#ifdef OPTIMIZE_FOR_LP64
-/* The loop is unrolled: works better on Alpha */
-#define COMPRESS do {							\
-	SAVE_ABC;							\
-	PASS(a,b,c,5);							\
-	KEY_SCHEDULE;							\
-	PASS(c,a,b,7);							\
-	KEY_SCHEDULE;							\
-	PASS(b,c,a,9);							\
-	for (pass_no = 3; pass_no < PASSES; pass_no++) {		\
-		KEY_SCHEDULE;						\
-		PASS(a,b,c,9);						\
-		tmpa = a; a = c; c = b; b = tmpa;			\
-	}								\
-	FEEDFORWARD;							\
-} while (/*CONSTCOND*/ 0)
-#else
-/* loop: works better on PC and Sun (smaller cache?) */
-#define COMPRESS do {							\
-	SAVE_ABC;							\
-	for (pass_no = 0; pass_no < PASSES; pass_no++) {		\
-		if (pass_no != 0) {					\
-			KEY_SCHEDULE;					\
-		}							\
-		PASS(a,b,c,(pass_no==0?5:pass_no==1?7:9));		\
-		tmpa = a; a = c; c = b; b = tmpa;			\
-	}								\
-	FEEDFORWARD;							\
-} while (/*CONSTCOND*/0)
-#endif
-
-#define TIGER_COMPRESS_MACRO(str, state) do {				\
-	uint64_t a, b, c, tmpa;						\
-	uint64_t aa, bb, cc;						\
-	uint64_t x0, x1, x2, x3, x4, x5, x6, x7;			\
-	int pass_no;							\
-									\
-	a = state[0];							\
-	b = state[1];							\
-	c = state[2];							\
-									\
-	x0 = str[0]; x1 = str[1]; x2 = str[2]; x3 = str[3];		\
-	x4 = str[4]; x5 = str[5]; x6 = str[6]; x7 = str[7];		\
-									\
-	COMPRESS;							\
-									\
-	state[0] = a;							\
-	state[1] = b;							\
-	state[2] = c;							\
-} while (/*CONSTCOND*/ 0)
-
-#ifdef OPTIMIZE_FOR_LP64
-/* The compress function is inlined: works better on Alpha.        */
-/* Still leaves the function above in the code, in case some other */
-/* module calls it directly.                                       */
-#define tiger_compress(str, state) \
-	TIGER_COMPRESS_MACRO(((const uint64_t*)(const void *)str), ((uint64_t*)(void *)state))
-#else
-/* The compress function is a function. Requires smaller cache?    */
-static void
-tiger_compress(const uint64_t *str, uint64_t state[3])
-{
-	TIGER_COMPRESS_MACRO(((const uint64_t*)str), ((uint64_t*)state));
-}
-#endif
-
-/* weird function to format 8 raw bytes to 16 formatted hex chars */
-static void
-sprint_uint64(char *buf, uint64_t val)
-{
-	static const char	hexdigits[] = "0123456789abcdef";
-	int			indian = 1;
-	int			i;
-
-	for (i = 0; i < 8; ++i) {
-		if (IS_LITTLE_ENDIAN(indian)) {
-			buf[2 * (7 - i)] = hexdigits[(val >> (56 - 8 * i + 4)) & 15];
-			buf[(2 * (7 - i)) + 1] = hexdigits[(val >> (56 - 8 * i)) & 15];
-		} else {
-			buf[2 * i] = hexdigits[(val >> (56 - 8 * i + 4)) & 15];
-			buf[(2 * i) + 1] = hexdigits[(val >> (56 - 8 * i)) & 15];
-		}
-	}
-}
-
-/* common function to initialise context */
-static void
-initcontext(TIGER_CTX *ctx, uint8_t pad)
-{
-	(void) memset(ctx, 0x0, sizeof(*ctx));
-	ctx->ctx[0] = 0x0123456789ABCDEFLL;
-	ctx->ctx[1] = 0xFEDCBA9876543210LL;
-	ctx->ctx[2] = 0xF096A5B4C3B2E187LL;
-	ctx->init = 1;
-	ctx->pad = pad;
-}
-
-/* set the version number (0 is same as 1 for Tiger) */
-static int
-setversion(TIGER_CTX *ctx, int version)
-{
-	switch(version) {
-	case 0:
-	case 1:
-		initcontext(ctx, 0x01);
-		break;
-	case 2:
-		initcontext(ctx, 0x80);
-		break;
-	default:
-		(void) fprintf(stderr, "unknown version %d\n", version);
-		return 0;
-	}
-	return 1;
-}
-
-/*****************************************************************************/
-
-void
-TIGER_Init(TIGER_CTX *ctx)
-{
-	if (ctx) {
-		initcontext(ctx, 0x01);
-	}
-}
-
-void
-TIGER2_Init(TIGER_CTX *ctx)
-{
-	if (ctx) {
-		initcontext(ctx, 0x80);
-	}
-}
-
-void
-TIGER_Update(TIGER_CTX *ctx, const void *data, size_t length)
-{
-	const uint64_t	*str = (const uint64_t *)data;
-	uint64_t	 i;
-	uint64_t	 j;
-	union {
-		uint8_t	 	temp8[64];
-		uint64_t	temp64[8];
-	} u;
-	int              indian = 1;
-
-	if (ctx == NULL || data == NULL) {
-		return;
-	}
-	for(i = length; i >= 64; i -= 64) {
-		if (IS_BIG_ENDIAN(indian)) {
-			for (j = 0; j < 64; j++) {
-				u.temp8[j ^ 7] = ((const uint8_t *)(const void *)str)[j];
-			}
-			tiger_compress(u.temp64, ctx->ctx);
-		} else {
-			tiger_compress(str, ctx->ctx);
-		}
-		str += 8;
-	}
-	if (IS_BIG_ENDIAN(indian)) {
-		for (j = 0; j < i; j++) {
-			u.temp8[j ^ 7] = ((const uint8_t*)(const void *)str)[j];
-		}
-		u.temp8[j ^ 7] = ctx->pad;
-		for (j++; j&7; j++) {
-			u.temp8[j ^ 7] = 0;
-		}
-	} else {
-		for (j = 0; j < i; j++) {
-			u.temp8[j] = ((const uint8_t*)(const void *)str)[j];
-		}
-		u.temp8[j++] = ctx->pad;
-		for (; j&7; j++) {
-			u.temp8[j] = 0;
-		}
-	}
-	if (j > 56) {
-		for (; j < 64; j++) {
-			u.temp8[j] = 0;
-		}
-		tiger_compress(u.temp64, ctx->ctx);
-		j = 0;
-	}
-	for (; j < 56; j++) {
-		u.temp8[j] = 0;
-	}
-	u.temp64[7] = ((uint64_t)length) << 3;
-	tiger_compress(u.temp64, ctx->ctx);
-}
-
-void
-TIGER_Final(uint8_t *digest, TIGER_CTX *ctx)
-{
-	uint64_t	le[3];
-	int		indian = 1;
-	int		i;
-
-	if (digest == NULL || ctx == NULL) {
-		return;
-	}
-	if (!ctx->init) {
-		TIGER_Init(ctx);
-		TIGER_Update(ctx, NULL, 0);
-	}
-	if (IS_LITTLE_ENDIAN(indian)) {
-		for (i = 0; i < 3; ++i) {
-			le[i] = (uint64_t)BSWAP64(ctx->ctx[i]);
-		}
-		(void) memcpy(digest, le, 3 * sizeof(le[0]));
-	} else {
-		(void) memcpy(digest, ctx->ctx, 3 * sizeof(ctx->ctx[0]));
-	}
-}
-
-char *
-TIGER_End(TIGER_CTX *ctx, char *buf)
-{   
-	int	i;
-
-	if (ctx == NULL) {
-		return NULL;
-	}
-	if (buf == NULL && (buf = calloc(1, 49)) == NULL) {
-		return NULL;
-	}
-	if (!ctx->init) {
-		TIGER_Init(ctx);
-		TIGER_Update(ctx, NULL, 0);
-	}
-	for (i = 0; i < 3; ++i) {
-		sprint_uint64(buf + i * 16, ctx->ctx[i]);
-	}
-	buf[16 * i] = 0x0;
-	return buf;
-}
-
-char *
-TIGER_File(char *filename, char *buf, int version)
-{   
-	TIGER_CTX	ctx;
-	uint8_t		buffer[BUFSIZ];
-	ssize_t		num;
-	int		fd;
-	int		oerrno;
-
-	if (filename == NULL || buf == NULL || !setversion(&ctx, version)) {
-		return NULL;
-	}
-	if ((fd = open(filename, O_RDONLY)) < 0) {
-		return NULL;
-	}
-	while ((num = read(fd, buffer, sizeof(buffer))) > 0) {
-		TIGER_Update(&ctx, buffer, (size_t)num);
-	}
-	oerrno = errno;
-	close(fd);
-	errno = oerrno;
-	return (num < 0) ? NULL : TIGER_End(&ctx, buf);
-}
-
-char *
-TIGER_Data(const uint8_t *data, size_t len, char *buf, int version)
-{   
-	TIGER_CTX	ctx;
-
-	if (data == NULL || buf == NULL || !setversion(&ctx, version)) {
-		return NULL;
-	}
-	TIGER_Update(&ctx, data, len);
-	return TIGER_End(&ctx, buf);
-}
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.h
deleted file mode 100644
index ff25cf949..000000000
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/tiger.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*-
- * Copyright (c) 2005-2011 Alistair Crooks <agc@NetBSD.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef TIGER_H_
-#define TIGER_H_
-
-#include <sys/types.h>
-
-#include <inttypes.h>
-
-#ifndef __BEGIN_DECLS
-#  if defined(__cplusplus)
-#  define __BEGIN_DECLS           extern "C" {
-#  define __END_DECLS             }
-#  else
-#  define __BEGIN_DECLS
-#  define __END_DECLS
-#  endif
-#endif
-
-__BEGIN_DECLS
-
-#define TIGER_DIGEST_LENGTH            24
-#define TIGER_DIGEST_STRING_LENGTH     ((TIGER_DIGEST_LENGTH * 2) + 1)
-
-typedef struct TIGER_CTX {
-	uint64_t	ctx[3];
-	int		init;
-	uint8_t		pad;
-} TIGER_CTX;
-
-void TIGER_Init(TIGER_CTX *);
-void TIGER2_Init(TIGER_CTX *);
-void TIGER_Update(TIGER_CTX *, const void *, size_t);
-void TIGER_Final(uint8_t *, TIGER_CTX *);
-
-char *TIGER_End(TIGER_CTX *, char *);
-
-char *TIGER_File(char *, char *, int);
-char *TIGER_Data(const uint8_t *, size_t, char *, int);
-
-__END_DECLS
-
-#endif
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h b/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h
index c9d9871f0..58e5b1a5b 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012,2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
+ * Copyright (c) 2012,2013,2014,2015,2016 Alistair Crooks <agc@NetBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -23,251 +23,19 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_	20150205
+#define NETPGP_VERIFY_H_	20170201
 
-#define NETPGPVERIFY_VERSION	"netpgpverify portable 20150205"
+#define NETPGPVERIFY_VERSION	"netpgpverify portable 20170201"
 
 #include <sys/types.h>
 
 #include <inttypes.h>
 
-#ifndef PGPV_ARRAY
-/* creates 2 unsigned vars called "name"c and "name"size in current scope */
-/* also creates an array called "name"s in current scope */
-#define PGPV_ARRAY(type, name)						\
-	unsigned name##c; unsigned name##vsize; type *name##s
-#endif
+struct pgpv_t;
+typedef struct pgpv_t	pgpv_t;
 
-/* 64bit key ids */
-#define PGPV_KEYID_LEN		8
-#define PGPV_STR_KEYID_LEN	(PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1)
-
-/* bignum structure */
-typedef struct pgpv_bignum_t {
-	void			*bn;	/* hide the implementation details */
-	uint16_t		 bits;	/* cached number of bits */
-} pgpv_bignum_t;
-
-/* right now, our max binary digest length is 20 bytes */
-#define PGPV_MAX_HASH_LEN	64
-
-/* fingerprint */
-typedef struct pgpv_fingerprint_t {
-	uint8_t			hashalg;	/* algorithm for digest */
-	uint8_t			v[PGPV_MAX_HASH_LEN];	/* the digest */
-	uint32_t		len;		/* its length */
-} pgpv_fingerprint_t;
-
-/* specify size for array of bignums */
-#define PGPV_MAX_PUBKEY_BN	4
-
-/* public key */
-typedef struct pgpv_pubkey_t {
-	pgpv_fingerprint_t	 fingerprint;	/* key fingerprint i.e. digest */
-	uint8_t			 keyid[PGPV_KEYID_LEN];	/* last 8 bytes of v4 keys */
-	int64_t		 	 birth;		/* creation time */
-	int64_t			 expiry;	/* expiry time */
-	pgpv_bignum_t		 bn[PGPV_MAX_PUBKEY_BN];	/* bignums */
-	uint8_t			 keyalg;	/* key algorithm */
-	uint8_t			 hashalg;	/* hash algorithm */
-	uint8_t			 version;	/* key version */
-} pgpv_pubkey_t;
-
-#define PGPV_MAX_SESSKEY_BN	2
-
-/* a (size, byte array) string */
-typedef struct pgpv_string_t {
-	size_t			 size;
-	uint8_t			*data;
-} pgpv_string_t;
-
-typedef struct pgpv_ref_t {
-	void			*vp;
-	size_t			 offset;
-	unsigned		 mem;
-} pgpv_ref_t;
-
-#define PGPV_MAX_SECKEY_BN	4
-
-typedef struct pgpv_compress_t {
-	pgpv_string_t		 s;
-	uint8_t			 compalg;
-} pgpv_compress_t;
-
-/* a packet dealing with trust */
-typedef struct pgpv_trust_t {
-	uint8_t			level;
-	uint8_t			amount;
-} pgpv_trust_t;
-
-/* a signature sub packet */
-typedef struct pgpv_sigsubpkt_t {
-	pgpv_string_t		 s;
-	uint8_t			 tag;
-	uint8_t			 critical;
-} pgpv_sigsubpkt_t;
-
-#define PGPV_MAX_SIG_BN		2
-
-typedef struct pgpv_signature_t {
-	uint8_t			*signer;		/* key id of signer */
-	pgpv_ref_t		 hashstart;
-	uint8_t			*hash2;
-	uint8_t			*mpi;
-	int64_t			 birth;
-	int64_t			 keyexpiry;
-	int64_t			 expiry;
-	uint32_t		 hashlen;
-	uint8_t			 version;
-	uint8_t			 type;
-	uint8_t			 keyalg;
-	uint8_t			 hashalg;
-	uint8_t			 trustlevel;
-	uint8_t			 trustamount;
-	pgpv_bignum_t		 bn[PGPV_MAX_SIG_BN];
-	char			*regexp;
-	char			*pref_key_server;
-	char			*policy;
-	char			*features;
-	char			*why_revoked;
-	uint8_t			*revoke_fingerprint;
-	uint8_t			 revoke_alg;
-	uint8_t			 revoke_sensitive;
-	uint8_t			 trustsig;
-	uint8_t			 revocable;
-	uint8_t			 pref_symm_alg;
-	uint8_t			 pref_hash_alg;
-	uint8_t			 pref_compress_alg;
-	uint8_t			 key_server_modify;
-	uint8_t			 notation;
-	uint8_t			 type_key;
-	uint8_t			 primary_userid;
-	uint8_t			 revoked;	/* subtract 1 to get real reason, 0 == not revoked */
-} pgpv_signature_t;
-
-/* a signature packet */
-typedef struct pgpv_sigpkt_t {
-	pgpv_signature_t	 sig;
-	uint16_t		 subslen;
-	uint16_t		 unhashlen;
-	PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts);
-} pgpv_sigpkt_t;
-
-/* a one-pass signature packet */
-typedef struct pgpv_onepass_t {
-	uint8_t			 keyid[PGPV_KEYID_LEN];
-	uint8_t			 version;
-	uint8_t			 type;
-	uint8_t			 hashalg;
-	uint8_t			 keyalg;
-	uint8_t			 nested;
-} pgpv_onepass_t;
-
-/* a literal data packet */
-typedef struct pgpv_litdata_t {
-	uint8_t			*filename;
-	pgpv_string_t		 s;
-	uint32_t		 secs;
-	uint8_t			 namelen;
-	char			 format;
-	unsigned		 mem;
-	size_t			 offset;
-	size_t			 len;
-} pgpv_litdata_t;
-
-/* user attributes - images */
-typedef struct pgpv_userattr_t {
-	size_t 			 len;
-	PGPV_ARRAY(pgpv_string_t, subattrs);
-} pgpv_userattr_t;
-
-/* a general PGP packet */
-typedef struct pgpv_pkt_t {
-	uint8_t			 tag;
-	uint8_t			 newfmt;
-	uint8_t			 allocated;
-	uint8_t			 mement;
-	size_t			 offset;
-	pgpv_string_t		 s;
-	union {
-		pgpv_sigpkt_t	sigpkt;
-		pgpv_onepass_t	onepass;
-		pgpv_litdata_t	litdata;
-		pgpv_compress_t	compressed;
-		pgpv_trust_t	trust;
-		pgpv_pubkey_t	pubkey;
-		pgpv_string_t	userid;
-		pgpv_userattr_t	userattr;
-	} u;
-} pgpv_pkt_t;
-
-/* a memory structure */
-typedef struct pgpv_mem_t {
-	size_t			 size;
-	size_t			 cc;
-	uint8_t			*mem;
-	FILE			*fp;
-	uint8_t			 dealloc;
-	const char		*allowed;	/* the types of packet that are allowed */
-} pgpv_mem_t;
-
-/* packet parser */
-
-typedef struct pgpv_signed_userid_t {
-	pgpv_string_t	 	 userid;
-	PGPV_ARRAY(pgpv_signature_t, sigs);
-	uint8_t			 primary_userid;
-	uint8_t			 revoked;
-} pgpv_signed_userid_t;
-
-typedef struct pgpv_signed_userattr_t {
-	pgpv_userattr_t	 	 userattr;
-	PGPV_ARRAY(pgpv_signature_t, sigs);
-	uint8_t			 revoked;
-} pgpv_signed_userattr_t;
-
-typedef struct pgpv_signed_subkey_t {
-	pgpv_pubkey_t	 	 subkey;
-	pgpv_signature_t 	 revoc_self_sig;
-	PGPV_ARRAY(pgpv_signature_t, sigs);
-} pgpv_signed_subkey_t;
-
-typedef struct pgpv_primarykey_t {
-	pgpv_pubkey_t 		 primary;
-	pgpv_signature_t 	 revoc_self_sig;
-	PGPV_ARRAY(pgpv_signature_t, direct_sigs);
-	PGPV_ARRAY(pgpv_signed_userid_t, signed_userids);
-	PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs);
-	PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys);
-	size_t			 fmtsize;
-	uint8_t			 primary_userid;
-} pgpv_primarykey_t;
-
-/* everything stems from this structure */
-typedef struct pgpv_t {
-	PGPV_ARRAY(pgpv_pkt_t, 	 pkts);		/* packet array */
-	PGPV_ARRAY(pgpv_primarykey_t,	 primaries);	/* array of primary keys */
-	PGPV_ARRAY(pgpv_mem_t,	 areas);	/* areas we read packets from */
-	PGPV_ARRAY(size_t,	 datastarts);	/* starts of data packets */
-	size_t		 	 pkt;		/* when parsing, current pkt number */
-	const char		*op;		/* the operation we're doing */
-	unsigned		 ssh;		/* using ssh keys */
-} pgpv_t;
-
-#define PGPV_REASON_LEN		128
-
-/* when searching, we define a cursor, and fill in an array of subscripts */
-typedef struct pgpv_cursor_t {
-	pgpv_t			*pgp;			/* pointer to pgp tree */
-	char			*field;			/* field we're searching on */
-	char			*op;			/* operation we're doing */
-	char			*value;			/* value we're searching for */
-	void			*ptr;			/* for regexps etc */
-	PGPV_ARRAY(uint32_t,	 found);		/* array of matched pimary key subscripts */
-	PGPV_ARRAY(size_t,	 datacookies);		/* cookies to retrieve matched data */
-	int64_t			 sigtime;		/* time of signature */
-	char			 why[PGPV_REASON_LEN];	/* reason for bad signature */
-} pgpv_cursor_t;
+struct pgpv_cursor_t;
+typedef struct pgpv_cursor_t	pgpv_cursor_t;
 
 #ifndef __BEGIN_DECLS
 #  if defined(__cplusplus)
@@ -281,17 +49,24 @@ typedef struct pgpv_cursor_t {
 
 __BEGIN_DECLS
 
+pgpv_t *pgpv_new(void);
+pgpv_cursor_t *pgpv_new_cursor(void);
+
 int pgpv_read_pubring(pgpv_t */*pgp*/, const void */*keyringfile/mem*/, ssize_t /*size*/);
 int pgpv_read_ssh_pubkeys(pgpv_t */*pgp*/, const void */*keyring*/, ssize_t /*size*/);
 
 size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/);
 size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/);
-int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/);
 size_t pgpv_dump(pgpv_t */*pgp*/, char **/*data*/);
 
 size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/, const char */*modifiers*/);
 
+int64_t pgpv_get_cursor_num(pgpv_cursor_t */*cursor*/, const char */*field*/);
+char *pgpv_get_cursor_str(pgpv_cursor_t */*cursor*/, const char */*field*/);
+int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/);
+
 int pgpv_close(pgpv_t */*pgp*/);
+int pgpv_cursor_close(pgpv_cursor_t */*cursor*/);
 
 __END_DECLS
 
diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/version.asc b/crypto/external/bsd/netpgp/dist/src/netpgpverify/version.asc
new file mode 100644
index 000000000..c9a1bf775
--- /dev/null
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/version.asc
@@ -0,0 +1,15 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+bar
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAEBAgAGBQJXYOg1AAoJEBto3PzAWWgjN7wIALbMScFoVnkE47+Hj1aLclRL
+9Mb9bKWkPi9iq1SybDEeiK6G9hLXSm2ZbygHNoAwFVlMIxkV2lRKqLfquatW9GH/
+9W2LkKa3wYpHH84Uj2/3Atu7564+IvcvDVkuxp4oHiz4X3i4CvIOf6qPuPHC5fAb
+xmjRLJRh71pJ8zBdtLQV3hnzjuUk5qZvKt109/WARQL5lL5jGIe504TnzHEBSgNa
+Ez1vxN2RngVh4QhDApx05EYfmZnBChXalCCh+noo6gpjUN/xhfq/KkLWrLaRWIL6
+IHBS3MgqDP6ToaJ7R2w1hytCoKlbXGyJGsUn29QBoQBwWGGM3Z5pbFBPcmBx/mg=
+=KXon
+-----END PGP SIGNATURE-----