Ken MacKay

It's due to the Co-Z Montgomery ladder.

It looks good to me, but presumably people might also want to get the recid for a deterministic signature. Maybe it would be better after all to just add a...

I can only reproduce this issue when uECC_VLI_NATIVE_LITTLE_ENDIAN is defined to 1. Is that the setup you are using?

Looks like you should be able to just use: recid = p[curve->num_bytes] & 0x01 at uECC.c:1200 (in the current revision). Technically you also need to account for overflow mod n,...

Try it out and see if it works for you locally first. I'll think about whether/how to do an API change.

OK, I'll look into it in more detail

My mistake, it should be: recid = p[num_words] & 0x01;

I am not opposed to including strict RFC 6979 conformance for verification purposes, as long as it is #ifdef'd out by default (ie, have a STRICT_RFC_6769 macro). I would suggest...

You can try setting uECC_SQUARE_FUNC to 1 as well, it should help a bit. Probably the biggest improvement would come from fully-inlined multiplication asm (although it would make the binary...

Hmm, I haven't looked at 'static' branch in a long time. I'd prefer to just rename the test to "test_ecdsa_deterministic.c.example" (like I did in master branch) rather than require linking...