diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 720c33877..582be2c79 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1490,13 +1490,13 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
  * \param f_async_sign      Callback to start a signature operation. See
  *                          the description of \c mbedtls_ssl_async_sign_t
  *                          for more information. This may be NULL if the
- *                          external processor does no support any signature
+ *                          external processor does not support any signature
  *                          operation; in this case the private key object
  *                          associated with the certificate will be used.
  * \param f_async_decrypt   Callback to start a decryption operation. See
  *                          the description of \c mbedtls_ssl_async_decrypt_t
  *                          for more information. This may be NULL if the
- *                          external processor does no support any decryption
+ *                          external processor does not support any decryption
  *                          operation; in this case the private key object
  *                          associated with the certificate will be used.
  * \param f_async_resume    Callback to resume an asynchronous operation. See
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index fa858f8e9..f7bed5847 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3221,7 +3221,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
                             ssl->transform_negotiate->ciphersuite_info;
-#endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
 
@@ -3245,7 +3245,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
         ssl->state++;
         return( 0 );
     }
-#endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
     defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8ad3494e4..256590ff7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7431,7 +7431,7 @@ void mbedtls_ssl_handshake_free( const mbedtls_ssl_config *conf,
 {
     if( handshake == NULL )
         return;
-    (void) conf; /*unused in some compile-time configurations*/
+    (void) conf; /* Unused in some compile-time configurations. */
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_1)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 86672e864..9f05e7d4d 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -920,11 +920,13 @@ static int ssl_async_start( void *connection_ctx_arg,
     ssl_async_key_context_t *key_ctx = connection_ctx_arg;
     size_t slot;
     ssl_async_operation_context_t *ctx = NULL;
+
     {
         char dn[100];
         mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject );
         mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn );
     }
+
     for( slot = 0; slot < key_ctx->slots_used; slot++ )
     {
         if( key_ctx->slots[slot].cert == cert )
@@ -938,13 +940,16 @@ static int ssl_async_start( void *connection_ctx_arg,
     }
     mbedtls_printf( "Async %s callback: using key slot %zd, delay=%u.\n",
                     op_name, slot, key_ctx->slots[slot].delay );
+
     if( key_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_START )
     {
         mbedtls_printf( "Async %s callback: injected error\n", op_name );
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
     }
+
     if( input_len > SSL_ASYNC_INPUT_MAX_SIZE )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
     ctx = mbedtls_calloc( 1, sizeof( *ctx ) );
     if( ctx == NULL )
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -954,6 +959,7 @@ static int ssl_async_start( void *connection_ctx_arg,
     ctx->input_len = input_len;
     ctx->delay = key_ctx->slots[slot].delay;
     *p_operation_ctx = ctx;
+
     if( ctx->delay == 0 )
         return( 0 );
     else
@@ -994,11 +1000,13 @@ static int ssl_async_resume( void *connection_ctx_arg,
     ssl_async_key_slot_t *key_slot = &connection_ctx->slots[ctx->slot];
     int ret;
     const char *op_name;
+
     if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME )
     {
         mbedtls_printf( "Async resume callback: injected error\n" );
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
     }
+
     if( ctx->delay > 0 )
     {
         --ctx->delay;
@@ -1006,6 +1014,7 @@ static int ssl_async_resume( void *connection_ctx_arg,
                         ctx->slot, ctx->delay );
         return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
     }
+
     if( ctx->md_alg == MBEDTLS_MD_NONE )
     {
         op_name = "decrypt";
@@ -1023,12 +1032,14 @@ static int ssl_async_resume( void *connection_ctx_arg,
                                output, output_len,
                                connection_ctx->f_rng, connection_ctx->p_rng );
     }
+
     if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_PK )
     {
         mbedtls_printf( "Async resume callback: %s done but injected error\n",
                         op_name );
         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
     }
+
     mbedtls_printf( "Async resume (slot %zd): %s done, status=%d.\n",
                     ctx->slot, op_name, ret );
     mbedtls_free( ctx );