From 44509c77ec222ecaaf6b7a4d9465c97ff3a80634 Mon Sep 17 00:00:00 2001
From: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Date: Tue, 4 Jun 2019 16:08:02 -0300
Subject: [PATCH] Try 'stty', 'set -o echo' and then read -s

Although 'read -s' is not POSIX, it might be the only option
for some systems (OpenWrt). Try each alternative and, if all
those fails, warn the user and read with "echo on".

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
---
 easyrsa3/easyrsa | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index e9fbb21..9501d64 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -317,7 +317,7 @@ easyrsa_mktemp() {
 # remove temp files and do terminal cleanups
 cleanup() {
 	[ -z "$EASYRSA_TEMP_DIR_session" ] || rm -rf "$EASYRSA_TEMP_DIR_session"
-	(stty echo 2>/dev/null) || set -o echo
+	(stty echo 2>/dev/null) || { (set -o echo 2>/dev/null) && set -o echo; }
 	echo "" # just to get a clean line
 } # => cleanup()
 
@@ -514,9 +514,20 @@ Your newly created PKI dir is: $EASYRSA_PKI
 
 hide_read_pass()
 {
-	(stty -echo 2>/dev/null) || set +o echo
-	read -r "$@"
-	(stty echo 2>/dev/null) || set -o echo
+	# shellcheck disable=SC2039
+	if stty -echo 2>/dev/null; then
+		read -r "$@"
+		stty echo
+	elif (set +o echo 2>/dev/null); then
+		set +o echo
+		read -r "$@"
+		set -o echo
+	elif (echo | read -r -s 2>/dev/null) ; then
+		read -r -s "$@"
+	else
+		warn "Could not disable echo. Password will be shown on screen!"
+		read -r "$@"
+	fi
 } # => hide_read_pass()
 
 # build-ca backend: