From a1ed80517b1befe26b831e0ac2af4437f5fdc90e Mon Sep 17 00:00:00 2001
From: Eric F Crist <ecrist@secure-computing.net>
Date: Sun, 21 Jan 2018 23:41:07 -0600
Subject: [PATCH] Use stty -echo instead of read -s

Some Linux distros and BSD sh don't support the -s option to the read
builin.  This is the POSIX way to handle secure input to a tty.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
---
 easyrsa3/easyrsa | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index fe75fdc..7b227e5 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -419,7 +419,7 @@ build_ca() {
 	crypto="-aes256"
 	while [ -n "$1" ]; do
 		case "$1" in
-			nopass) opts="$opts -nodes "; crypt=  ;;
+			nopass) opts="$opts -nodes " ;;
 			subca) sub_ca=1 ;;
 			*) warn "Ignoring unknown command option: '$1'" ;;
 		esac
@@ -468,10 +468,14 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	out_key_pass_tmp="$(mktemp "$out_key_pass.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_key_pass_tmp"
 	out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp"
 	printf "Enter New CA Key Passphrase: "
-	read -s kpass
+	stty -echo
+	read kpass
+	stty echo
 	echo
 	printf "Re-Enter New CA Key Passphrase: "
-	read -s kpass2
+	stty -echo
+	read kpass2
+	stty echo
 	echo
 	if [ "$kpass" = "$kpass2" ];
 	then