diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 27be76168..22eb116b8 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -314,7 +314,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
  *             2. Use a randomly-generated \p nonce_counter for each call.
  *             With this strategy, you need to ensure the nonce is generated
  *             in an unbiased way and you must not encrypt more than 2**64
- *             block of data.
+ *             blocks of data.
  *
  *             Note that for both stategies, the limit is in number of blocks
  *             and that an AES block is 16 bytes.
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 2eed2f974..0c4960b1b 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -262,7 +262,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
  *             2. Use a randomly-generated \p nonce_counter for each call.
  *             With this strategy, you need to ensure the nonce is generated
  *             in an unbiased way and you must not encrypt more than 2**64
- *             block of data.
+ *             blocks of data.
  *
  *             Note that for both stategies, the limit is in number of blocks
  *             and that an ARIA block is 16 bytes.
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 4b4916e03..f4e8afcb6 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -184,7 +184,7 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
  *             2. Use a randomly-generated \p nonce_counter for each call.
  *             With this strategy, you need to ensure the nonce is generated
  *             in an unbiased way and you must not encrypt more than 2**32
- *             block of data.
+ *             blocks of data.
  *
  *             Note that for both stategies, the limit is in number of blocks
  *             and that a Blowfish block is 8 bytes.
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 1b138fc9e..74e09615b 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -201,7 +201,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
  *             2. Use a randomly-generated \p nonce_counter for each call.
  *             With this strategy, you need to ensure the nonce is generated
  *             in an unbiased way and you must not encrypt more than 2**64
- *             block of data.
+ *             blocks of data.
  *
  *             Note that for both stategies, the limit is in number of blocks
  *             and that a CAMELLIA block is 16 bytes.