This is the code I've written for creating Bitcoin signatures:
https://github.com/ciyam/ciyam/blob/master/src/crypto_keys.cpp#L513 (the code was originally from Bitcoin itself and is using OpenSSL).
It had been working fine (and I also added code to ensure low S values) but now whilst I am trying to test a CLTV tx I am always getting the following error when attempting to send a transaction:
error: {"code":-26,"message":"16: mandatory-script-verify-flag-failed (Non-canonical DER signature)"}
This is a sample DER encoded signature:
3045022100da3114f49f3135fa0e3723a2c05ec304f4d16ce3e3f11920e7caa296dd53a9e202206870c44c3681bb9339c1233895a86c6b2861e3d6e6fa562601accae47fc445b201
I do see in the above that there is 00 after the 21 length and am wondering if the zero padding is the problem (the comments I read in the latest Bitcoin code seem to indicate that leading zeroes should not be there unless the value is negative - hmm... but isn't that number negative?).
If so what should I change in my code to make sure that the DER signature is being canonically constructed (i.e. is it even possible to be done correctly using OpenSSL or do I need to write code to get rid of the leading zeros myself)?