* keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create

backsigs.

* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid.  If DO_BACKSIGS is not defined, fake this as
always valid.

* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.

* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.

g10/getkey.c

@@ -1923,8 +1923,51 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
         key_expire = 0;
     subpk->has_expired = key_expire >= curtime? 0 : key_expire;
     subpk->expiredate = key_expire;
-}
 
+#ifndef DO_BACKSIGS
+    /* Pretend the backsig is present and accounted for. */
+    subpk->backsig=2;
+#else
+    /* Find the first 0x19 embedded signature on our self-sig. */
+    if(subpk->backsig==0)
+      {
+	int seq=0;
+
+	while((p=enum_sig_subpkt(sig->hashed,
+				 SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))
+	  if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
+	    break;
+
+	if(p==NULL)
+	  {
+	    seq=0;
+	    /* It is safe to have this in the unhashed area since the
+	       0x19 is located here for convenience, not security. */
+	    while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
+				     &n,&seq,NULL)))
+	      if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
+		break;
+	  }
+
+	if(p)
+	  {
+	    PKT_signature *backsig=m_alloc_clear(sizeof(PKT_signature));
+	    IOBUF backsig_buf=iobuf_temp_with_content(p,n);
+
+	    if(parse_signature(backsig_buf,PKT_SIGNATURE,n,backsig)==0)
+	      {
+		if(check_backsig(mainpk,subpk,backsig)==0)
+		  subpk->backsig=2;
+		else
+		  subpk->backsig=1;
+	      }
+
+	    iobuf_close(backsig_buf);
+	    free_seckey_enc(backsig);
+	  }
+      }
+#endif
+}
 
 
 /*