diff --git a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
index 7d0818a50cad..9b6a873b961b 100644
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
@@ -1242,11 +1242,6 @@ read_sigpkt(pgpv_t *pgp, uint8_t mement, pgpv_sigpkt_t *sigpkt, uint8_t *p, size
 			printf("read_sigpkt: can't read sig subpackets, v4\n");
 			return 0;
 		}
-		if (sigpkt->sig.signer[0] == 0x0) {
-			memcpy(sigpkt->sig.signer,
-				get_ref(&sigpkt->sig.hashstart) + 16,
-				sizeof(sigpkt->sig.signer));
-		}
 		p += sigpkt->subslen;
 		sigpkt->sig.hashlen = (unsigned)(p - base);
 		sigpkt->unhashlen = get_16(p);
@@ -1629,7 +1624,13 @@ recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid)
 	userid->userid.data = pkt->s.data;
 	userid->userid.allocated = 0;
 	pgp->pkt += 1;
-	while (pkt_is(pgp, SIGNATURE_PKT)) {
+	while (pgp->pkt < ARRAY_COUNT(pgp->pkts)) {
+		if (pkt_is(pgp, TRUST_PKT)) {
+			pgp->pkt += 1;
+			continue;
+		}
+		if (!pkt_is(pgp, SIGNATURE_PKT))
+			break;
 		if (!recog_signature(pgp, &signature)) {
 			printf("recog_userid: can't recognise signature/trust\n");
 			return 0;
@@ -2482,6 +2483,13 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 	}
 	/* some keys out there have user ids where they shouldn't */
 	do {
+		while (pgp->pkt < ARRAY_COUNT(pgp->pkts) &&
+		    pkt_is(pgp, TRUST_PKT)) {
+			/* skip trust packets, generated by gpg2 */
+			pgp->pkt += 1;
+		}
+		if (pgp->pkt >= ARRAY_COUNT(pgp->pkts))
+			break;
 		if (!recog_userid(pgp, &userid)) {
 			printf("recog_primary_key: not userid\n");
 			return 0;
@@ -2491,6 +2499,13 @@ recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary)
 		if (userid.primary_userid) {
 			primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1;
 		}
+		while (pgp->pkt < ARRAY_COUNT(pgp->pkts) &&
+		    pkt_is(pgp, TRUST_PKT)) {
+			/* skip trust packets, generated by gpg2 */
+			pgp->pkt += 1;
+		}
+		if (pgp->pkt >= ARRAY_COUNT(pgp->pkts))
+			break;
 		while (pkt_is(pgp, USERID_PKT)) {
 			if (!recog_userid(pgp, &userid)) {
 				printf("recog_primary_key: not signed secondary userid\n");
@@ -3196,16 +3211,6 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 		return 0;
 	}
 	memset(&obuf, 0x0, sizeof(obuf));
-	if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) {
-		if (!fmt_binary(&obuf, onepass->keyid, (unsigned)sizeof(onepass->keyid))) {
-			snprintf(cursor->why, sizeof(cursor->why), "Memory allocation failure");
-			return 0;
-		}
-		snprintf(cursor->why, sizeof(cursor->why),
-			"Signature key id %.*s does not match onepass keyid",
-			(int)obuf.c, (char *)obuf.v);
-		return 0;
-	}
 	if (onepass->hashalg != signature->hashalg) {
 		snprintf(cursor->why, sizeof(cursor->why),
 			"Signature hashalg %u does not match onepass hashalg %u",