diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index d44e65843..810cb9f78 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -274,8 +274,14 @@ mbedtls_ecp_keypair;
  *                  of the order of 3600 "basic operations" with default
  *                  settings.
  *
- * \warning         Values lower than 120 are currently not well-supported, in
- *                  that sometimes functions will have to block for longer.
+ * \warning         Very low values are not always respected: sometimes
+ *                  functions need to block for a minimum number of
+ *                  operations, and will do so even if max_ops is set to a
+ *                  lower value.  That minimum depends on the curve size, and
+ *                  can be made lower by decreasing the value of
+ *                  \c MBEDTLS_ECP_WINDOW_SIZE.  As an indication, the minimum
+ *                  is around 160 for P-256 with \c MBEDTLS_ECP_WINDOW_SIZE
+ *                  set to 4.
  */
 void mbedtls_ecp_set_max_ops( unsigned max_ops );
 #endif /* MBEDTLS_ECP_EARLY_RETURN */
diff --git a/library/ecp.c b/library/ecp.c
index a1f019d39..b3bddbfc6 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1397,7 +1397,7 @@ norm_dbl:
     for( i = 1; i < T_len; i <<= 1 )
         TT[j++] = T + i;
 
-    ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); // XXX: split next function?
+    ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 );
 
     MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
 
@@ -1414,7 +1414,7 @@ norm_dbl:
 add:
 #endif
 
-    ECP_BUDGET( ( T_len - 1 ) * ECP_OPS_ADD ); // XXX: split loop?
+    ECP_BUDGET( ( T_len - 1 ) * ECP_OPS_ADD );
 
     for( i = 1; i < T_len; i <<= 1 )
     {
@@ -1440,7 +1440,7 @@ norm_add:
     for( j = 0; j + 1 < T_len; j++ )
         TT[j] = T + j + 1;
 
-    ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 ); // XXX: split next function?
+    ECP_BUDGET( ECP_OPS_INV + 6 * j - 2 );
 
     MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );