From 4740d937aab3b7e30cfa4d186a73e286f13d8723 Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <evgeniy@nspcc.ru>
Date: Fri, 17 Apr 2020 17:03:07 +0300
Subject: [PATCH] vm: dont use SetCheckedHash outside of `vm` package

---
 pkg/core/interop/crypto/ecdsa.go |  3 +--
 pkg/vm/vm.go                     | 12 ++++++------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/pkg/core/interop/crypto/ecdsa.go b/pkg/core/interop/crypto/ecdsa.go
index d03118d21..9e634f5ea 100644
--- a/pkg/core/interop/crypto/ecdsa.go
+++ b/pkg/core/interop/crypto/ecdsa.go
@@ -43,8 +43,7 @@ func ECDSACheckMultisig(ic *interop.Context, v *vm.VM) error {
 	if len(pkeys) < len(sigs) {
 		return errors.New("more signatures than there are keys")
 	}
-	v.SetCheckedHash(hashToCheck)
-	sigok := vm.CheckMultisigPar(v, pkeys, sigs)
+	sigok := vm.CheckMultisigPar(v, hashToCheck, pkeys, sigs)
 	v.Estack().PushVal(sigok)
 	return nil
 }
diff --git a/pkg/vm/vm.go b/pkg/vm/vm.go
index 55133c3e2..86a2c73d4 100644
--- a/pkg/vm/vm.go
+++ b/pkg/vm/vm.go
@@ -1232,7 +1232,7 @@ func (v *VM) execute(ctx *Context, op opcode.Opcode, parameter []byte) (err erro
 			panic("VM is not set up properly for signature checks")
 		}
 
-		sigok := CheckMultisigPar(v, pkeys, sigs)
+		sigok := CheckMultisigPar(v, v.checkhash, pkeys, sigs)
 		v.estack.PushVal(sigok)
 
 	case opcode.NEWMAP:
@@ -1419,9 +1419,9 @@ func (v *VM) getJumpOffset(ctx *Context, parameter []byte, mod int) int {
 }
 
 // CheckMultisigPar checks if sigs contains sufficient valid signatures.
-func CheckMultisigPar(v *VM, pkeys [][]byte, sigs [][]byte) bool {
+func CheckMultisigPar(v *VM, h []byte, pkeys [][]byte, sigs [][]byte) bool {
 	if len(sigs) == 1 {
-		return checkMultisig1(v, pkeys, sigs[0])
+		return checkMultisig1(v, h, pkeys, sigs[0])
 	}
 
 	k1, k2 := 0, len(pkeys)-1
@@ -1446,7 +1446,7 @@ func CheckMultisigPar(v *VM, pkeys [][]byte, sigs [][]byte) bool {
 
 			result <- verify{
 				signum: t.signum,
-				ok:     t.pub.Verify(sigs[t.signum], v.checkhash),
+				ok:     t.pub.Verify(sigs[t.signum], h),
 			}
 		}
 	}
@@ -1511,10 +1511,10 @@ loop:
 	return sigok
 }
 
-func checkMultisig1(v *VM, pkeys [][]byte, sig []byte) bool {
+func checkMultisig1(v *VM, h []byte, pkeys [][]byte, sig []byte) bool {
 	for i := range pkeys {
 		pkey := v.bytesToPublicKey(pkeys[i])
-		if pkey.Verify(sig, v.checkhash) {
+		if pkey.Verify(sig, h) {
 			return true
 		}
 	}