Re: Bitcoind does not like ECDSA (r, s) pair produced by OpenSSL
First off thanks for your help
I am doing the encoding myself but 2 days ago when I wrote the question I figured if I followed the "<30><02><02>" scheme and still get rejected there's something wrong in the S/R produced by openssl, hence why I came up with the shitty code above 
. Obviously, I was wrong.
I made some progress in the meantime and out of the 10-20 txes I managed to broadcast not any of them was rejected, but this might be a coincidence so for extra checking I am posting yet another pseudocode of how I do things now:
Does this look better? Am I being lucky that my transactions made it or the code is actually correct? Thanks
I am doing the encoding myself but 2 days ago when I wrote the question I figured if I followed the "<30><02><02>
. Obviously, I was wrong. I made some progress in the meantime and out of the 10-20 txes I managed to broadcast not any of them was rejected, but this might be a coincidence so for extra checking I am posting yet another pseudocode of how I do things now:
Code:
signature = ecdsa_sign(txHash, privateKey);
// enforce a low S
curveOrder = ecdsa_get_order(secp256k1Group);
halfCurveOrder = curveOrder / 2; // actual division done with openssl's right shift BIGNUM function as well as comparison and subtraction operations below
if (signature->s > halfCurveOrder)
{
signature->s = curveOrder - signature->s;
}
// check for LSBit of the MSByte for R
if (signature->r[0] >= 128)
{
signature->r = 0x00 + signature->r; // appending by having a new buffer memcpy(buff, &zero, 1); memcpy(buff + 1, rBuffer, rLength)
}
// the same check/appending done for S -- with this Im not sure it needs to be done since I should have a low S already??
// ...
return <30><4 + rLength + sLength><02><02>
// enforce a low S
curveOrder = ecdsa_get_order(secp256k1Group);
halfCurveOrder = curveOrder / 2; // actual division done with openssl's right shift BIGNUM function as well as comparison and subtraction operations below
if (signature->s > halfCurveOrder)
{
signature->s = curveOrder - signature->s;
}
// check for LSBit of the MSByte for R
if (signature->r[0] >= 128)
{
signature->r = 0x00 + signature->r; // appending by having a new buffer memcpy(buff, &zero, 1); memcpy(buff + 1, rBuffer, rLength)
}
// the same check/appending done for S -- with this Im not sure it needs to be done since I should have a low S already??
// ...
return <30><4 + rLength + sLength><02><02>
Does this look better? Am I being lucky that my transactions made it or the code is actually correct? Thanks