Clarify documentation for AES OFB

1. Changed reference/link to NIST SP800-38A
 2. Clarified language around AES-OFB usage

include/mbedtls/aes.h

@@ -298,34 +298,35 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
 
 #if defined(MBEDTLS_CIPHER_MODE_OFB)
 /**
- * \brief This function performs an AES-OFB (Output Feedback Mode) encryption
+ * \brief       This function performs an AES-OFB (Output Feedback Mode)
- *        or decryption operation.
+ *              encryption or decryption operation.
  *
- *        For OFB, you must set up the context with mbedtls_aes_setkey_enc(),
+ *              For OFB, you must set up the context with
- *        regardless of whether you are performing an encryption or decryption
+ *              mbedtls_aes_setkey_enc(), regardless of whether you are
- *        operation. This is because OFB mode uses the same key schedule for
+ *              performing an encryption or decryption operation. This is
- *        encryption and decryption.
+ *              because OFB mode uses the same key schedule for encryption and
+ *              decryption.
  *
- *        The OFB operation is identical for encryption or decryption, therefore
+ *              The OFB operation is identical for encryption or decryption,
- *        no operation mode needs to be specified.
+ *              therefore no operation mode needs to be specified.
  *
- * \note  Upon exit, the content of iv, the Initialisation Vector, is updated
+ * \note        Upon exit, the content of iv, the Initialisation Vector, is
- *        so that you can call the same function again on the next block(s) of
+ *              updated so that you can call the same function again on the next
- *        data and get the same result as if it was encrypted in one call. This
+ *              block(s) of data and get the same result as if it was encrypted
- *        allows a "streaming" usage, by initialising iv_off to 0 before the
+ *              in one call. This allows a "streaming" usage, by initialising
- *        first call, and preserving its value between calls.
+ *              iv_off to 0 before the first call, and preserving its value
+ *              between calls.
  *
- *        For block by block usage, (or non-streaming use), the iv should be
+ *              For non-streaming use, the iv should be initialised on each call
- *        initialised on each call to a unique value, and iv_off set to 0 on
+ *              to a unique value, and iv_off set to 0 on each call.
- *        each call.
  *
- *        If you need to retain the contents of the initialisation vector, you
+ *              If you need to retain the contents of the initialisation vector,
- *        must either save it manually or use the cipher module instead.
+ *              you must either save it manually or use the cipher module
- *
+ *              instead.
- *        For the OFB mode, the initiallisation vector must be unique and must
- *        be unique for every encryption operation. Reuse of an initialisation
- *        vector will compromise security.
  *
+ * \warning     For the OFB mode, the initiallisation vector must be unique and
+ *              must be unique for every encryption operation. Reuse of an
+ *              initialisation vector will compromise security.
  *
  * \param ctx      The AES context to use for encryption or decryption.
  * \param length   The length of the input data.

library/aes.c

@@ -1256,7 +1256,7 @@ static const unsigned char aes_test_cfb128_ct[3][64] =
 /*
  * AES-OFB test vectors from:
  *
- * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ * https://csrc.nist.gov/publications/detail/sp/800-38a/final
  */
 static const unsigned char aes_test_ofb_key[3][32] =
 {