diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index c45ad844bd..6aa7ccc924 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2912,8 +2912,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
  *                              must be appropriate for the selected
  *                              algorithm and key:
  *                              - The required signature size is
- *                                #PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, \p alg)
- *                                where key_type and key_bits are the type and
+ *                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ *                                where \c key_type and \c key_bits are the type and
  *                                bit-size respectively of key.
  *                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
  *                                maximum signature size of any supported
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 991c169707..4f2cdb3950 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2512,7 +2512,7 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
     }
 
     /* Immediately reject a zero-length signature buffer. This guarantees
-     * that signature must be a valid pointer. (On the other hand, the hash
+     * that signature must be a valid pointer. (On the other hand, the input
      * buffer can in principle be empty since it doesn't actually have
      * to be a hash.) */
     if( signature_size == 0 )