diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f1c8bd293..fe107b76d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -5787,10 +5787,10 @@ int  mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
   * \return            0 on success. An SSL specific error on failure.
   */
  int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
-                                        uint8_t *out, size_t key_len,
-                                        const char *label, size_t label_len,
-                                        const unsigned char *context, size_t context_len,
-                                        int use_context);
+                                        uint8_t *out, const size_t key_len,
+                                        const char *label, const size_t label_len,
+                                        const unsigned char *context, const size_t context_len,
+                                        const int use_context);
 #ifdef __cplusplus
 }
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4fe13ffbf..9e4cf3ec9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -10121,10 +10121,10 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl,
 }
 
 int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
-                                        uint8_t *out, const size_t key_len,
-                                        const char *label, const size_t label_len,
-                                        const unsigned char *context, const size_t context_len,
-                                        const int use_context)
+                                       uint8_t *out, const size_t key_len,
+                                       const char *label, const size_t label_len,
+                                       const unsigned char *context, const size_t context_len,
+                                       const int use_context)
 {
     if (!mbedtls_ssl_is_handshake_over(ssl)) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 07b970aaf..a4b012f36 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -657,11 +657,11 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
  * \param[out]  out  The output buffer for the exported key. Must have room for at least out_len bytes.
  * \param[in]   out_len  Length of the key to generate.
  */
-int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg,
-                               const unsigned char *secret, size_t secret_len,
-                               const unsigned char *label, size_t label_len,
-                               const unsigned char *context_value, size_t context_len,
-                               unsigned char *out, size_t out_len);
+int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg,
+                               const unsigned char *secret, const size_t secret_len,
+                               const unsigned char *label, const size_t label_len,
+                               const unsigned char *context_value, const size_t context_len,
+                               uint8_t *out, const size_t out_len);
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */