From 2dd2767922eb7c09bcc7d7bc9cc980bcf662e17d Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sat, 11 Feb 2023 23:11:43 +0000
Subject: [PATCH 1/2] build-ca: Deliberately remove manual password in
 temp-file

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index b9237db..e118c29 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1518,6 +1518,10 @@ Unable to create necessary PKI files (permissions?)"
 			|| die "Failed to build the CA certificate"
 
 	# Remove passphrase temp-file
+	if [ -f "$in_key_pass_tmp" ]; then
+		rm "$in_key_pass_tmp" || die "\
+Failed to remove the CA passphrase temp-file!"
+	fi
 	if [ -f "$out_key_pass_tmp" ]; then
 		rm "$out_key_pass_tmp" || die "\
 Failed to remove the CA passphrase temp-file!"

From 88557aae8c266a90fa2a38f1b18381a649436561 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 12 Feb 2023 02:37:34 +0000
Subject: [PATCH 2/2] build_ca: Initialise get_passphrase() correctly

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index e118c29..90f25f1 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1272,9 +1272,9 @@ Could not disable echo. Password will be shown on screen!"
 
 # Get passphrase
 get_passphrase() {
+	t="$1"; shift || die "password malfunction"
 	while :; do
 		r=""
-		t="$1"; shift || die "password malfunction"
 		printf '\n%s' "$*"
 		hide_read_pass r