diff --git a/src/modules/ecdh/main_impl.h b/src/modules/ecdh/main_impl.h
index 5f09292..b635529 100644
--- a/src/modules/ecdh/main_impl.h
+++ b/src/modules/ecdh/main_impl.h
@@ -81,23 +81,23 @@ int secp256k1_ecdh_raw(const secp256k1_context* ctx, unsigned char *result, cons
 
     secp256k1_pubkey_load(ctx, &pt, point);
     secp256k1_scalar_set_b32(&s, scalar, &overflow);
-    if (overflow || secp256k1_scalar_is_zero(&s)) {
-        ret = 0;
-    } else {
-        secp256k1_ecmult_const(&res, &pt, &s);
-        secp256k1_ge_set_gej(&pt, &res);
-        /* Output the point in compressed form.
-         * Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not
-         * expect its output to be secret and has a timing sidechannel. */
-        secp256k1_fe_normalize(&pt.x);
-        secp256k1_fe_normalize(&pt.y);
-        result[0] = 0x02 | secp256k1_fe_is_odd(&pt.y);
-        secp256k1_fe_get_b32(&result[1], &pt.x);
-        ret = 1;
-    }
+
+    overflow |= secp256k1_scalar_is_zero(&s);
+    secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow);
+
+    secp256k1_ecmult_const(&res, &pt, &s, 256);
+    secp256k1_ge_set_gej(&pt, &res);
+
+    /* Output the point in compressed form.
+        * Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not
+        * expect its output to be secret and has a timing sidechannel. */
+    secp256k1_fe_normalize(&pt.x);
+    secp256k1_fe_normalize(&pt.y);
+    result[0] = 0x02 | secp256k1_fe_is_odd(&pt.y);
+    secp256k1_fe_get_b32(&result[1], &pt.x);
 
     secp256k1_scalar_clear(&s);
-    return ret;
+    return !overflow;
 }
 
 #endif /* SECP256K1_MODULE_ECDH_MAIN_H */