From 795579cbacb5e4bd072d7cef2a2638f1d44c2d0d Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Tue, 23 Dec 2014 18:13:33 +0100
Subject: [PATCH] invert pby when normalizing S during signing

---
 ecdsa.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ecdsa.c b/ecdsa.c
index 9de0531a2..a4a6c1acc 100644
--- a/ecdsa.c
+++ b/ecdsa.c
@@ -364,6 +364,9 @@ int ecdsa_sign_digest(const uint8_t *priv_key, const uint8_t *digest, uint8_t *s
 	// if S > order/2 => S = -S
 	if (bn_is_less(&order256k1_half, &k)) {
 		bn_substract_noprime(&order256k1, &k, &k);
+		if (pby) {
+			*pby = !*pby;
+		}
 	}
 
 	// we are done, R.x and k is the result signature