Blowfish OFB Block Cipher Mode Support (#2892)

### Description of changes: 
* Users of PyCA cryptography are not able to use Blowfish for their
legacy use cases, as we forgot to remove the `OPENSSL_NO_BF` define when
we re-added support for these decrepit algorithms.
* Blowfish was missing the OFB block cipher mode implementation that was
present in OpenSSL. I have brought this implementation over and updated
the types and function signatures. Which is also a mode support by PyCA
cryptography.

### Testing:
There doesn't really appear to be much extensive OFB KATs available, so
I've extended the current test data using the OpenSSL 1.1.1 APIs:

```
$ echo -n "plaintextHexStr" | xxd -p -r > plaintext.txt
$ openssl enc -bf-ofb -in plaintext.txt -out ciphertext -K <keyHex>  -iv  <ivHex>
$ xxd -i < ciphertext
```

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Author: skmcgrail

crypto/decrepit/blowfish/blowfish.c

@@ -71,7 +71,7 @@
    LL ^=                                                                  \
    (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \
      S[0x0200 + ((int)(R >> 8) & 0xff)]) +                                \
-    S[0x0300 + ((int)(R)&0xff)]) &                                        \
+    S[0x0300 + ((int)(R) & 0xff)]) &                                      \
    0xffffffffL)
 
 void BF_encrypt(uint32_t *data, const BF_KEY *key) {
@@ -510,7 +510,7 @@ void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
                       const BF_KEY *schedule, uint8_t *ivec, int *num,
                       int encrypt) {
   uint32_t v0, v1, t;
-  int n = *num;
+  int n = *num & 0x07;
   size_t l = length;
   uint32_t ti[2];
   uint8_t c, cc;
@@ -562,6 +562,53 @@ void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
   *num = n;
 }
 
+void BF_ofb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
+                      const BF_KEY *schedule, uint8_t *ivec, int *num) {
+  uint32_t v0 = 0, v1 = 0, t = 0;
+  int n = *num & 0x07;
+  size_t l = length;
+  uint8_t d[8] = {0};
+  uint8_t *dp = NULL;
+  uint32_t ti[2] = {0};
+  uint8_t *iv = NULL;
+  int save = 0;
+
+  iv = ivec;
+  n2l(iv, v0);
+  n2l(iv, v1);
+  ti[0] = v0;
+  ti[1] = v1;
+  dp = d;
+  l2n(v0, dp);
+  l2n(v1, dp);
+  while (l--) {
+    if (n == 0) {
+      BF_encrypt(ti, schedule);
+      dp = d;
+      t = ti[0];
+      l2n(t, dp);
+      t = ti[1];
+      l2n(t, dp);
+      save++;
+    }
+    *(out++) = *(in++) ^ d[n];
+    n = (n + 1) & 0x07;
+  }
+  if (save) {
+    v0 = ti[0];
+    v1 = ti[1];
+    iv = ivec;
+    l2n(v0, iv);
+    l2n(v1, iv);
+  }
+  OPENSSL_cleanse(&t, sizeof(t));
+  OPENSSL_cleanse(&v0, sizeof(v0));
+  OPENSSL_cleanse(&v1, sizeof(v1));
+  OPENSSL_cleanse(ti, sizeof(ti));
+  OPENSSL_cleanse(d, sizeof(d));
+  *num = n;
+}
+
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
                        const uint8_t *iv, int enc) {
   BF_KEY *bf_key = ctx->cipher_data;
@@ -600,6 +647,15 @@ static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
   return 1;
 }
 
+static int bf_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+                         size_t len) {
+  BF_KEY *bf_key = ctx->cipher_data;
+  int num = ctx->num;
+  BF_ofb64_encrypt(in, out, len, bf_key, ctx->iv, &num);
+  ctx->num = num;
+  return 1;
+}
+
 OPENSSL_END_ALLOW_DEPRECATED
 
 static const EVP_CIPHER bf_ecb = {
@@ -635,10 +691,23 @@ static const EVP_CIPHER bf_cfb = {
     .cipher = bf_cfb_cipher,
 };
 
+static const EVP_CIPHER bf_ofb = {
+    .nid = NID_bf_ofb64,
+    .block_size = 1,
+    .key_len = 16,
+    .iv_len = BF_BLOCK,
+    .ctx_size = sizeof(BF_KEY),
+    .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+    .init = bf_init_key,
+    .cipher = bf_ofb_cipher,
+};
+
 const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; }
 
 const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; }
 
 const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
 
 const EVP_CIPHER *EVP_bf_cfb64(void) { return &bf_cfb; }
+
+const EVP_CIPHER *EVP_bf_ofb(void) { return &bf_ofb; }