diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 944ef38e8..77aff4af2 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -292,7 +292,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
  *                 chaining up to those CAs will be trusted, and (2)
  *                 self-signed end-entity certificates to be trusted (for
  *                 specific peers you know) - in that case, the self-signed
- *                 certificate doens't need to have the CA bit set.
+ *                 certificate doesn't need to have the CA bit set.
  *
  * \param crt      a certificate (chain) to be verified
  * \param trust_ca the list of trusted CAs (see note above)
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 28f13787d..234c3e3f8 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -6,9 +6,10 @@
 #
 # Purpose
 #
-# To test the code dependencies on individual PK algs in each test suite. This
-# is a verification step to ensure we don't ship test suites that do not work
-# for some build options.
+# To test the code dependencies on individual PK algs (those that can be used
+# from the PK layer, so currently signature and encryption but not key
+# exchange) in each test suite. This is a verification step to ensure we don't
+# ship test suites that do not work for some build options.
 #
 # The process is:
 #       for each possible PK alg
@@ -38,6 +39,8 @@ my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
 my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p';
 my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` );
 
+# Some algorithms can't be disabled on their own as others depend on them, so
+# we list those reverse-dependencies here to keep check_config.h happy.
 my %algs = (
     'MBEDTLS_ECDSA_C'   => [],
     'MBEDTLS_ECP_C'     => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'],