So let me get this straight: bitcoin's signatures are always in DER encoding, but it will accept any BER-encoded signature?
To encode a positive integer in DER, you convert it to a big endian sequence of octets, using the minimum necessary, and if the sign bit on the leading one is set, you prepend a zero octet so it won't be interpreted as a negative number. You then prepend an "02", which indicates "integer", and an octet count which is a single byte for lengths up to 127, and 0x80 plus an octet count followed by the length octets for lengths greater than 127. This maps every integer onto a unique octet sequence.
A signature is a pair of bignum integers, (r,s), so it consists of 0x30, which indicates a sequence of one or more things, an octet count of what follows, followed by two encoded integers. In addition, bitcoin appends the hashtype, which is always "1", to the end.
Here is a sample bitcoin sig, broken up into the relevant fields.
3046
0221
00c352d3dd993a981beba4a63ad15c209275ca9470abfcd57da93b58e4eb5dce82
0221
00840792bc1f456062819f15d33ee7055cf7b5ee1af1ebcc6028d9cdb1c3af7748
01
openssl doesn't enforce the rule that the leading octet can't be 0x00 or 0xff if it is an extension of the sign bit on the following octet. So you can prepend any number of 0x00 octets to a positive integer, and 0xff octets to a negative integer, and it is still considered legal. Thus you can make an unlimited number of working signatures given one of them.