Fixed uncompress_coords for NIST curve

The bn_sqrti was broken.  It didn't handle primes where all bits are set
in the lowest limb.

bignum.c

@@ -371,7 +371,7 @@ void bn_sqrt(bignum256 *x, const bignum256 *prime)
 	bn_zero(&res); res.val[0] = 1;
 	// compute p = (prime+1)/4
 	memcpy(&p, prime, sizeof(bignum256));
-	p.val[0] += 1;
+	bn_addi(&p, 1);
 	bn_rshift(&p);
 	bn_rshift(&p);
 	for (i = 0; i < 9; i++) {

ecdsa.c

@@ -862,7 +862,7 @@ int ecdsa_address_decode(const char *addr, uint8_t *out)
 
 void uncompress_coords(const ecdsa_curve *curve, uint8_t odd, const bignum256 *x, bignum256 *y)
 {
-	// y^2 = x^3 + 0*x + 7
+	// y^2 = x^3 + a*x + b
 	memcpy(y, x, sizeof(bignum256));         // y is x
 	bn_multiply(x, y, &curve->prime);        // y is x^2
 	bn_subi(y, -curve->a, &curve->prime);    // y is x^2 + a