Allow the PKCS#7 (S/MIME encrypt) application to support more than one
recipient.

CHANGES

diff --git a/CHANGES b/CHANGES
index 8ae1483..049d781 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.3a and 0.9.4  [xx Jul/Aug/...? 1999]
 
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
   *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
      an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
      it will always use the numerical form of the OID, even if it has a short

crypto/pkcs7/enc.c

diff --git a/crypto/pkcs7/enc.c b/crypto/pkcs7/enc.c
index 22bf9b0..43bfd10 100644
--- a/crypto/pkcs7/enc.c
+++ b/crypto/pkcs7/enc.c
@@ -74,6 +74,7 @@
 	int nodetach=1;
 	char *keyfile = NULL;
 	const EVP_CIPHER *cipher=NULL;
+	STACK_OF(X509) *recips=NULL;
 
 	SSLeay_add_all_algorithms();
 
@@ -96,13 +97,20 @@
 			keyfile = argv[2];
 			argc-=2;
 			argv+=2;
+			if (!(in=BIO_new_file(keyfile,"r"))) goto err;
+			if (!(x509=PEM_read_bio_X509(in,NULL,NULL))) goto err;
+			if(!recips) recips = sk_X509_new_null();
+			sk_X509_push(recips, x509);
+			BIO_free(in);
 		} else break;
 	}
 
-	if (!BIO_read_filename(data,argv[1])) goto err;
+	if(!recips) {
+		fprintf(stderr, "No recipients\n");
+		goto err;
+	}
 
-	if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	if (!BIO_read_filename(data,argv[1])) goto err;
 
 	p7=PKCS7_new();
 #if 0
@@ -120,9 +128,10 @@
 	if(!cipher) cipher = EVP_des_ede3_cbc();
 
 	if (!PKCS7_set_cipher(p7,cipher)) goto err;
-	if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
-
-
+	for(i = 0; i < sk_X509_num(recips); i++) {
+		if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
+	}
+	sk_X509_pop_free(recips, X509_free);
 
 	/* Set the content of the signed to 'data' */
 	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */