fix: governance correct sig check (#5242)

## Issue being fixed or feature implemented

## What was done?
When verifying signature of `CGovernanceVote`/`CGovernanceObject` we
need to use the active scheme.

## How Has This Been Tested?

## Breaking Changes

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation

**For repository code-owners and collaborators only**
- [x] I have assigned this pull request to a milestone

src/bls/bls.cpp

@@ -288,19 +288,24 @@ void CBLSSignature::SubInsecure(const CBLSSignature& o)
     cachedHash.SetNull();
 }
 
-bool CBLSSignature::VerifyInsecure(const CBLSPublicKey& pubKey, const uint256& hash) const
+bool CBLSSignature::VerifyInsecure(const CBLSPublicKey& pubKey, const uint256& hash, const bool specificLegacyScheme) const
 {
     if (!IsValid() || !pubKey.IsValid()) {
         return false;
     }
 
     try {
-        return Scheme(bls::bls_legacy_scheme.load())->Verify(pubKey.impl, bls::Bytes(hash.begin(), hash.size()), impl);
+        return Scheme(specificLegacyScheme)->Verify(pubKey.impl, bls::Bytes(hash.begin(), hash.size()), impl);
     } catch (...) {
         return false;
     }
 }
 
+bool CBLSSignature::VerifyInsecure(const CBLSPublicKey& pubKey, const uint256& hash) const
+{
+    return VerifyInsecure(pubKey, hash, bls::bls_legacy_scheme.load());
+}
+
 bool CBLSSignature::VerifyInsecureAggregated(const std::vector<CBLSPublicKey>& pubKeys, const std::vector<uint256>& hashes) const
 {
     if (!IsValid()) {

src/bls/bls.h

@@ -368,7 +368,7 @@ public:
     static CBLSSignature AggregateSecure(const std::vector<CBLSSignature>& sigs, const std::vector<CBLSPublicKey>& pks, const uint256& hash);
 
     void SubInsecure(const CBLSSignature& o);
-
+    [[nodiscard]] bool VerifyInsecure(const CBLSPublicKey& pubKey, const uint256& hash, const bool specificLegacyScheme) const;
     [[nodiscard]] bool VerifyInsecure(const CBLSPublicKey& pubKey, const uint256& hash) const;
     [[nodiscard]] bool VerifyInsecureAggregated(const std::vector<CBLSPublicKey>& pubKeys, const std::vector<uint256>& hashes) const;
 

src/governance/object.cpp

@@ -318,7 +318,7 @@ bool CGovernanceObject::CheckSignature(const CBLSPublicKey& pubKey) const
     const auto pindex = llmq::utils::V19ActivationIndex(::ChainActive().Tip());
     bool is_bls_legacy_scheme = pindex == nullptr || nTime < pindex->nTime;
     sig.SetByteVector(vchSig, is_bls_legacy_scheme);
-    if (!sig.VerifyInsecure(pubKey, GetSignatureHash())) {
+    if (!sig.VerifyInsecure(pubKey, GetSignatureHash(), is_bls_legacy_scheme)) {
         LogPrintf("CGovernanceObject::CheckSignature -- VerifyInsecure() failed\n");
         return false;
     }

src/governance/vote.cpp

@@ -240,7 +240,7 @@ bool CGovernanceVote::CheckSignature(const CBLSPublicKey& pubKey) const
     const auto pindex = llmq::utils::V19ActivationIndex(::ChainActive().Tip());
     bool is_bls_legacy_scheme = pindex == nullptr || nTime < pindex->nTime;
     sig.SetByteVector(vchSig, is_bls_legacy_scheme);
-    if (!sig.VerifyInsecure(pubKey, GetSignatureHash())) {
+    if (!sig.VerifyInsecure(pubKey, GetSignatureHash(), is_bls_legacy_scheme)) {
         LogPrintf("CGovernanceVote::CheckSignature -- VerifyInsecure() failed\n");
         return false;
     }