Remove twofish and remnants of blowfish

Twofish CTR was never enabled by default and CBC modes are
deprecated

SMALL

@@ -9,10 +9,7 @@ The same applies if you are compiling just a client.
 
 ---
 
-The following are set in options.h:
-
-	- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
-	  affecting interoperability
+The following are set in localoptions.h:
 
 	- If you're compiling statically, you can turn off host lookups
 

common-algo.c

@@ -64,14 +64,6 @@ static const struct dropbear_cipher dropbear_aes256 =
 static const struct dropbear_cipher dropbear_aes128 = 
 	{&aes_desc, 16, 16};
 #endif
-#if DROPBEAR_TWOFISH256
-static const struct dropbear_cipher dropbear_twofish256 = 
-	{&twofish_desc, 32, 16};
-#endif
-#if DROPBEAR_TWOFISH128
-static const struct dropbear_cipher dropbear_twofish128 = 
-	{&twofish_desc, 16, 16};
-#endif
 #if DROPBEAR_3DES
 static const struct dropbear_cipher dropbear_3des = 
 	{&des3_desc, 24, 8};
@@ -156,15 +148,6 @@ algo_type sshciphers[] = {
 #if DROPBEAR_AES256
 	{"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
 #endif
-#if DROPBEAR_TWOFISH_CTR
-/* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */
-#if DROPBEAR_TWOFISH256
-	{"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr},
-#endif
-#if DROPBEAR_TWOFISH128
-	{"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr},
-#endif
-#endif /* DROPBEAR_TWOFISH_CTR */
 #endif /* DROPBEAR_ENABLE_CTR_MODE */
 
 #if DROPBEAR_ENABLE_CBC_MODE
@@ -174,13 +157,6 @@ algo_type sshciphers[] = {
 #if DROPBEAR_AES256
 	{"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
 #endif
-#if DROPBEAR_TWOFISH256
-	{"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
-	{"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc},
-#endif
-#if DROPBEAR_TWOFISH128
-	{"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc},
-#endif
 #endif /* DROPBEAR_ENABLE_CBC_MODE */
 
 #if DROPBEAR_3DES

crypto_desc.c

@@ -24,12 +24,6 @@ void crypto_init() {
 #if DROPBEAR_AES
 		&aes_desc,
 #endif
-#if DROPBEAR_BLOWFISH
-		&blowfish_desc,
-#endif
-#if DROPBEAR_TWOFISH
-		&twofish_desc,
-#endif
 #if DROPBEAR_3DES
 		&des3_desc,
 #endif

default_options.h

@@ -95,8 +95,6 @@ IMPORTANT: Some options will require "make clean" after changes */
 #define DROPBEAR_AES128 1
 #define DROPBEAR_AES256 1
 #define DROPBEAR_3DES 0
-#define DROPBEAR_TWOFISH256 0
-#define DROPBEAR_TWOFISH128 0
 
 /* Enable Chacha20-Poly1305 authenticated encryption mode. This is
  * generally faster than AES256 on CPU w/o dedicated AES instructions,

sysoptions.h

@@ -131,14 +131,6 @@
 #define DROPBEAR_MD5_HMAC 0
 #endif
 
-/* Twofish counter mode is disabled by default because it 
-has not been tested for interoperability with other SSH implementations.
-If you test it please contact the Dropbear author */
-#ifndef DROPBEAR_TWOFISH_CTR
-#define DROPBEAR_TWOFISH_CTR 0
-#endif
-
-
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
 
 /* Debian doesn't define this in system headers */
@@ -235,8 +227,6 @@ If you test it please contact the Dropbear author */
 
 #define DROPBEAR_AES ((DROPBEAR_AES256) || (DROPBEAR_AES128))
 
-#define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128))
-
 #define DROPBEAR_AEAD_MODE ((DROPBEAR_CHACHA20POLY1305) || (DROPBEAR_ENABLE_GCM_MODE))
 
 #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD))
@@ -280,8 +270,7 @@ If you test it please contact the Dropbear author */
 	#error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins"
 #endif
 
-#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
-      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128 || DROPBEAR_CHACHA20POLY1305)
+#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305)
 	#error "At least one encryption algorithm must be enabled. AES128 is recommended."
 #endif