From d938275b9c2fda522c01fac84d118cb57f5474cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois?= <mockersf@gmail.com>
Date: Mon, 23 Oct 2023 06:15:04 +0200
Subject: [PATCH] assets: use blake3 instead of md5 (#10208)

# Objective

- Replace md5 by another hasher, as suggested in
https://github.com/bevyengine/bevy/pull/8624#discussion_r1359291028
- md5 is not secure, and is slow. use something more secure and faster

## Solution

- Replace md5 by blake3


Putting this PR in the 0.12 as once it's released, changing the hash
algorithm will be a painful breaking change
---
 crates/bevy_asset/Cargo.toml  |  2 +-
 crates/bevy_asset/src/meta.rs | 20 +++++++++-----------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/crates/bevy_asset/Cargo.toml b/crates/bevy_asset/Cargo.toml
index 922b622b89d8c..d67340effc47f 100644
--- a/crates/bevy_asset/Cargo.toml
+++ b/crates/bevy_asset/Cargo.toml
@@ -33,7 +33,7 @@ crossbeam-channel = "0.5"
 downcast-rs = "1.2"
 futures-io = "0.3"
 futures-lite = "1.12"
-md5 = "0.7"
+blake3 = "1.5"
 parking_lot = { version = "0.12", features = ["arc_lock", "send_guard"] }
 ron = "0.8"
 serde = { version = "1", features = ["derive"] }
diff --git a/crates/bevy_asset/src/meta.rs b/crates/bevy_asset/src/meta.rs
index e6d65b8ecd535..dbcd7d7feb57d 100644
--- a/crates/bevy_asset/src/meta.rs
+++ b/crates/bevy_asset/src/meta.rs
@@ -225,15 +225,14 @@ pub(crate) fn loader_settings_meta_transform<S: Settings>(
     })
 }
 
-pub type AssetHash = [u8; 16];
+pub type AssetHash = [u8; 32];
 
 /// NOTE: changing the hashing logic here is a _breaking change_ that requires a [`META_FORMAT_VERSION`] bump.
 pub(crate) fn get_asset_hash(meta_bytes: &[u8], asset_bytes: &[u8]) -> AssetHash {
-    let mut context = md5::Context::new();
-    context.consume(meta_bytes);
-    context.consume(asset_bytes);
-    let digest = context.compute();
-    digest.0
+    let mut hasher = blake3::Hasher::new();
+    hasher.update(meta_bytes);
+    hasher.update(asset_bytes);
+    *hasher.finalize().as_bytes()
 }
 
 /// NOTE: changing the hashing logic here is a _breaking change_ that requires a [`META_FORMAT_VERSION`] bump.
@@ -241,11 +240,10 @@ pub(crate) fn get_full_asset_hash(
     asset_hash: AssetHash,
     dependency_hashes: impl Iterator<Item = AssetHash>,
 ) -> AssetHash {
-    let mut context = md5::Context::new();
-    context.consume(asset_hash);
+    let mut hasher = blake3::Hasher::new();
+    hasher.update(&asset_hash);
     for hash in dependency_hashes {
-        context.consume(hash);
+        hasher.update(&hash);
     }
-    let digest = context.compute();
-    digest.0
+    *hasher.finalize().as_bytes()
 }