I am writing transactions manually and have stumbled across a rather bizarre situation.
Only one in a few of the transactions I broadcast to bitcoind is accepted, otherwise I get a
REJECT_NONSTANDARD
(Non-canonical DER signature).
So I got my hands dirty and tracked the rejection to be originating from this line:
https://github.com/bitcoin/bitcoin/blob/9c5f0d542d1db507b3b9c87bd9de6d0d758d51c1/src/script/interpreter.cpp#L163I read about DER encoding and checked how IsValidSignatureEncoding is enforcing it, but I do not know why OpenSSL generates not-DER-compliant (r, s) values?
How should I overcome this? I am thinking of something along the lines of (pseudocode):
Pair (r, s);
do
{
(r, s) = sign(hash, pvtkey);
} while (r[0] >= 128 || s[0] >= 128); // where r[0], s[0] should be the very first byte of each value
But isn't that kind of redundant? Can I give OpenSSL any flag to produce a valid DER (R, S) pair in the first place?