diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 60bec57dd..9c859eb33 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3330,7 +3330,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
 static int ssl_process_client_key_exchange( mbedtls_ssl_context *ssl );
 
 /* Preparation
- * - For ECDH: Generate client params and derive premater secret
+ * - For ECDH: Generate client params and derive premaster secret
  * - For RSA-suites: Encrypt PMS
  * - For ECJPAKE: Do Round 2
  */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2bb4fcd3c..2d9c59163 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1743,7 +1743,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
         == MBEDTLS_KEY_EXCHANGE_RSA )
     {
         ((void) ret);
-        /* The premaster secret has already been by
+        /* The premaster secret has already been set by
          * ssl_rsa_generate_partial_pms(). Only the
          * PMS length needs to be set. */
         ssl->handshake->pmslen = 48;