branch preview-10.10-misc

Please stop testing this until it is clearly documented why we should remove this function.

The default is that MariaDB should NOT remove any old functions or functionality that people MAY still use, unless there is a VERY good reason why we cannot support the old functionality anymore.

What have we done to ensure/check that these functions are still not used.
What should users use instead?
How should they migrate old servers/applications?
How can they test if these functions are not in use?

These questions will be relevant when we'll be removing this functionality. For now we only warn people that they should not be using DES.
See https://en.wikipedia.org/wiki/Data_Encryption_Standard
DES was superseded in 2001.

A chosen-plaintext attack utilizing a rainbow table can recover the DES key for a single specific chosen plaintext ... in 25 seconds.

One can brute-force the password in 15 days using a $1000 off-the-shelf Nvidia card. Or under 2 days with 8 such cards.

Plain DES is pretty much irrelevant nowadays.

in bb-10.10-MDEV-27104 branch

Test main.func_encrypt_nossl fails. Ex.:
Part of test:

-- source include/not_ssl.inc

select des_encrypt("test", 'akeystr');

Expected result:

des_encrypt("test", 'akeystr')

NULL

Warnings:

Note	1287	'des_encrypt' is deprecated and will be removed in a future release

Warning	1289	The 'des_encrypt' feature is disabled; you need MariaDB built with '--with-ssl' to have it working

Actual result:

des_encrypt("test", 'akeystr')

���+YL���

Warnings:

Note	1287	'des_encrypt' is deprecated and will be removed in a future release

serg, please, fix the test.

Not quite. This test was supposed to be run when no ssl support is compiled in.
This is not possible since 5.5, ssl support is always in the binary.

But you can run this test with --mysqld=--skip-ssl. It'll run but fail as above, because ssl support is present in the binary.

I'll update the test.

Now all tests pass.