diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index f225fc394..8541403b7 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -249,7 +249,7 @@ void mpi_swap( mpi *X, mpi *Y );
  *                 information through branch prediction and/or memory access
  *                 patterns analysis).
  */
-int mpi_safe_cond_assign( mpi *X, mpi *Y, unsigned char assign );
+int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign );
 
 /**
  * \brief          Set value from integer
diff --git a/library/bignum.c b/library/bignum.c
index 49321bb65..9eceeba55 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -206,8 +206,10 @@ void mpi_swap( mpi *X, mpi *Y )
 
 /*
  * Conditionally assign X = Y, without leaking information
+ * about whether the assignment was made or not.
+ * (Leaking information about the respective sizes of X and Y is ok however.)
  */
-int mpi_safe_cond_assign( mpi *X, mpi *Y, unsigned char assign )
+int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign )
 {
     int ret = 0;
     size_t i;
@@ -215,16 +217,15 @@ int mpi_safe_cond_assign( mpi *X, mpi *Y, unsigned char assign )
     if( assign * ( 1 - assign ) != 0 )
         return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
 
-    /* Make sure both MPIs have the same size */
-    if( X->n > Y->n )
-        MPI_CHK( mpi_grow( Y, X->n ) );
     if( Y->n > X->n )
         MPI_CHK( mpi_grow( X, Y->n ) );
 
     /* Do the conditional assign safely */
     X->s = X->s * (1 - assign) + Y->s * assign;
-    for( i = 0; i < X->n; i++ )
+    for( i = 0; i < Y->n; i++ )
         X->p[i] = X->p[i] * (1 - assign) + Y->p[i] * assign;
+    for( ; i < X->n; i++ )
+        X->p[i] *= (1 - assign);
 
 cleanup:
     return( ret );
diff --git a/library/ecp.c b/library/ecp.c
index 01b62f8f1..7b7d079a8 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1392,7 +1392,7 @@ cleanup:
  * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ]
  */
 static int ecp_select_comb( const ecp_group *grp, ecp_point *R,
-                            ecp_point T[], unsigned char t_len,
+                            const ecp_point T[], unsigned char t_len,
                             unsigned char i )
 {
     int ret;
@@ -1425,7 +1425,7 @@ cleanup:
  * Cost: d A + d D + 1 R
  */
 static int ecp_mul_comb_core( const ecp_group *grp, ecp_point *R,
-                              ecp_point T[], unsigned char t_len,
+                              const ecp_point T[], unsigned char t_len,
                               const unsigned char x[], size_t d,
                               int (*f_rng)(void *, unsigned char *, size_t),
                               void *p_rng )