Clarify documentation for AES OFB
1. Changed reference/link to NIST SP800-38A
2. Clarified language around AES-OFB usage
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 1289c5a..de5ffad 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -298,34 +298,35 @@
#if defined(MBEDTLS_CIPHER_MODE_OFB)
/**
- * \brief This function performs an AES-OFB (Output Feedback Mode) encryption
- * or decryption operation.
+ * \brief This function performs an AES-OFB (Output Feedback Mode)
+ * encryption or decryption operation.
*
- * For OFB, you must set up the context with mbedtls_aes_setkey_enc(),
- * regardless of whether you are performing an encryption or decryption
- * operation. This is because OFB mode uses the same key schedule for
- * encryption and decryption.
+ * For OFB, you must set up the context with
+ * mbedtls_aes_setkey_enc(), regardless of whether you are
+ * performing an encryption or decryption operation. This is
+ * because OFB mode uses the same key schedule for encryption and
+ * decryption.
*
- * The OFB operation is identical for encryption or decryption, therefore
- * no operation mode needs to be specified.
+ * The OFB operation is identical for encryption or decryption,
+ * therefore no operation mode needs to be specified.
*
- * \note Upon exit, the content of iv, the Initialisation Vector, is updated
- * so that you can call the same function again on the next block(s) of
- * data and get the same result as if it was encrypted in one call. This
- * allows a "streaming" usage, by initialising iv_off to 0 before the
- * first call, and preserving its value between calls.
+ * \note Upon exit, the content of iv, the Initialisation Vector, is
+ * updated so that you can call the same function again on the next
+ * block(s) of data and get the same result as if it was encrypted
+ * in one call. This allows a "streaming" usage, by initialising
+ * iv_off to 0 before the first call, and preserving its value
+ * between calls.
*
- * For block by block usage, (or non-streaming use), the iv should be
- * initialised on each call to a unique value, and iv_off set to 0 on
- * each call.
+ * For non-streaming use, the iv should be initialised on each call
+ * to a unique value, and iv_off set to 0 on each call.
*
- * If you need to retain the contents of the initialisation vector, you
- * must either save it manually or use the cipher module instead.
+ * If you need to retain the contents of the initialisation vector,
+ * you must either save it manually or use the cipher module
+ * instead.
*
- * For the OFB mode, the initiallisation vector must be unique and must
- * be unique for every encryption operation. Reuse of an initialisation
- * vector will compromise security.
- *
+ * \warning For the OFB mode, the initiallisation vector must be unique and
+ * must be unique for every encryption operation. Reuse of an
+ * initialisation vector will compromise security.
*
* \param ctx The AES context to use for encryption or decryption.
* \param length The length of the input data.
diff --git a/library/aes.c b/library/aes.c
index c221613..e27e40a 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1256,7 +1256,7 @@
/*
* AES-OFB test vectors from:
*
- * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ * https://csrc.nist.gov/publications/detail/sp/800-38a/final
*/
static const unsigned char aes_test_ofb_key[3][32] =
{
