Describe the bug
When running the ut_coverage_html_reporter on an Oracle database 19.30 cdb/pdb with FIPS 140-2 mode enabled, the reporter fails with ORA-28817. The root cause is that ut_coverage_report_html_helper.object_id() uses DBMS_CRYPTO.HASH_MD5 to generate HTML element IDs for the coverage report. MD5 is not a FIPS-compliant algorithm and Oracle's FIPS library rejects the call entirely, causing the HTML reporter to fail. All other coverage reporters (Cobertura, Sonar, Coveralls) are unaffected as they do not go through this code path.
Provide version info
19.0.0.0.0
19.0.0
select substr(ut.version(),1,60) as ut_version from dual;
ut_version
v3.1.14.4197
select * from v$version;
19.30 enterprise edition
select * from nls_session_parameters;
PARAMETER VALUE
NLS_LANGUAGE AMERICAN
NLS_TERRITORY AMERICA
NLS_CURRENCY $
NLS_ISO_CURRENCY AMERICA
NLS_NUMERIC_CHARACTERS .,
NLS_CALENDAR GREGORIAN
NLS_DATE_FORMAT DD-MON-RR
NLS_DATE_LANGUAGE AMERICAN
NLS_SORT BINARY
NLS_TIME_FORMAT HH.MI.SSXFF AM
NLS_TIMESTAMP_FORMAT DD-MON-RR HH.MI.SSXFF AM
NLS_TIME_TZ_FORMAT HH.MI.SSXFF AM TZR
NLS_TIMESTAMP_TZ_FORMAT DD-MON-RR HH.MI.SSXFF AM TZR
NLS_DUAL_CURRENCY $
NLS_COMP BINARY
NLS_LENGTH_SEMANTICS BYTE
NLS_NCHAR_CONV_EXCP FALSE
select substr(dbms_utility.port_string,1,60) as port_string from dual;
x86_64/Linux 2.4.xx
utPLSQL version: 3.1.14
Database: Oracle (FIPS 140-2 enabled via DBFIPS_140=TRUE)
Information about client software
Reproduced via both TOAD, utPLSQL-CLI 3.1.9 local and utPLSQL-CLI 3.1.9 CI build. Error is consistent regardless of client the failure occurs inside the database package itself.
To Reproduce
- Install utPLSQL 3.1.14 on an Oracle database with FIPS 140-2 mode enabled
- Create a test suite with at least one unit test
- Run tests with the HTML coverage reporter:
begin
ut.run('fun_schema.cool_test_suite', ut_coverage_html_reporter());
end;
/
- ORA-28817 is raised
Expected behavior
The HTML coverage report should generate successfully. FIPS-enabled databases are a valid and common Oracle configuration, particularly in government and regulated industries. The reporter should use a FIPS-compliant hashing algorithm.
Example code
The offending code is in ut_coverage_report_html_helper package body:
-- Current code (line ~93) - MD5 is not FIPS compliant
function object_id(a_object_full_name varchar2) return varchar2 is
begin
return rawtohex(dbms_crypto.hash(src => utl_raw.cast_to_raw(a_object_full_name), typ => dbms_crypto.hash_md5));
end;
Full error stack:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "UTPLSQL.UT_RUNNER", line 151
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 131
ORA-06512: at "SYS.DBMS_CRYPTO", line 72
ORA-06512: at "UTPLSQL.UT_COVERAGE_REPORT_HTML_HELPER", line 93
ORA-06512: at "UTPLSQL.UT_COVERAGE_REPORT_HTML_HELPER", line 234
ORA-06512: at "UTPLSQL.UT_COVERAGE_REPORT_HTML_HELPER", line 329
ORA-06512: at "UTPLSQL.UT_COVERAGE_HTML_REPORTER", line 37
ORA-06512: at "UTPLSQL.UT_REPORTER_BASE", line 193
ORA-06512: at "UTPLSQL.UT_EVENT_MANAGER", line 70
ORA-06512: at "UTPLSQL.UT_EVENT_MANAGER", line 80
ORA-06512: at "UTPLSQL.UT_RUN", line 66
ORA-06512: at "UTPLSQL.UT_SUITE_ITEM", line 50
ORA-06512: at "UTPLSQL.UT_RUNNER", line 144
ORA-06512: at line 29
Proposed fix
Two changes are required in ut_coverage_report_html_helper package body:
- Swap
hash_md5 for hash_sh256 in the object_id() function (FIPS-compliant, drop-in replacement):
function object_id(a_object_full_name varchar2) return varchar2 is
begin
return rawtohex(dbms_crypto.hash(src => utl_raw.cast_to_raw(a_object_full_name), typ => dbms_crypto.hash_sh256));
end;
- In the
file_list() function, increase the l_id variable size from VARCHAR2(50) to VARCHAR2(64) to accommodate SHA-256's longer hex output (64 chars vs MD5's 32):
-- Before
l_id varchar2(50) := object_id(a_title);
-- After
l_id varchar2(100) := object_id(a_title);
Both changes were tested and confirmed to resolve the error with the HTML coverage reporter functioning correctly on a FIPS-enabled Oracle database.
Additional context
All other utPLSQL coverage reporters (ut_coverage_cobertura_reporter, ut_coverage_sonar_reporter, ut_coveralls_reporter) work correctly in FIPS mode as they do not use DBMS_CRYPTO. Only the HTML reporter is affected. Note that Oracle has deprecated MD5 starting from Oracle Database 21c, so this fix also future-proofs the reporter against environments where MD5 may be removed entirely.
Describe the bug
When running the
ut_coverage_html_reporteron an Oracle database 19.30 cdb/pdb with FIPS 140-2 mode enabled, the reporter fails with ORA-28817. The root cause is thatut_coverage_report_html_helper.object_id()usesDBMS_CRYPTO.HASH_MD5to generate HTML element IDs for the coverage report. MD5 is not a FIPS-compliant algorithm and Oracle's FIPS library rejects the call entirely, causing the HTML reporter to fail. All other coverage reporters (Cobertura, Sonar, Coveralls) are unaffected as they do not go through this code path.Provide version info
19.0.0.0.0
19.0.0
select substr(ut.version(),1,60) as ut_version from dual;
ut_version
v3.1.14.4197
select * from v$version;
19.30 enterprise edition
select * from nls_session_parameters;
PARAMETER VALUE
NLS_LANGUAGE AMERICAN
NLS_TERRITORY AMERICA
NLS_CURRENCY $
NLS_ISO_CURRENCY AMERICA
NLS_NUMERIC_CHARACTERS .,
NLS_CALENDAR GREGORIAN
NLS_DATE_FORMAT DD-MON-RR
NLS_DATE_LANGUAGE AMERICAN
NLS_SORT BINARY
NLS_TIME_FORMAT HH.MI.SSXFF AM
NLS_TIMESTAMP_FORMAT DD-MON-RR HH.MI.SSXFF AM
NLS_TIME_TZ_FORMAT HH.MI.SSXFF AM TZR
NLS_TIMESTAMP_TZ_FORMAT DD-MON-RR HH.MI.SSXFF AM TZR
NLS_DUAL_CURRENCY $
NLS_COMP BINARY
NLS_LENGTH_SEMANTICS BYTE
NLS_NCHAR_CONV_EXCP FALSE
select substr(dbms_utility.port_string,1,60) as port_string from dual;
x86_64/Linux 2.4.xx
utPLSQL version: 3.1.14
Database: Oracle (FIPS 140-2 enabled via DBFIPS_140=TRUE)
Information about client software
Reproduced via both TOAD, utPLSQL-CLI 3.1.9 local and utPLSQL-CLI 3.1.9 CI build. Error is consistent regardless of client the failure occurs inside the database package itself.
To Reproduce
begin
ut.run('fun_schema.cool_test_suite', ut_coverage_html_reporter());
end;
/
Expected behavior
The HTML coverage report should generate successfully. FIPS-enabled databases are a valid and common Oracle configuration, particularly in government and regulated industries. The reporter should use a FIPS-compliant hashing algorithm.
Example code
The offending code is in
ut_coverage_report_html_helperpackage body:-- Current code (line ~93) - MD5 is not FIPS compliant
function object_id(a_object_full_name varchar2) return varchar2 is
begin
return rawtohex(dbms_crypto.hash(src => utl_raw.cast_to_raw(a_object_full_name), typ => dbms_crypto.hash_md5));
end;
Full error stack:
ORA-28817: PL/SQL function returned an error.
ORA-06512: at "UTPLSQL.UT_RUNNER", line 151
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 131
ORA-06512: at "SYS.DBMS_CRYPTO", line 72
ORA-06512: at "UTPLSQL.UT_COVERAGE_REPORT_HTML_HELPER", line 93
ORA-06512: at "UTPLSQL.UT_COVERAGE_REPORT_HTML_HELPER", line 234
ORA-06512: at "UTPLSQL.UT_COVERAGE_REPORT_HTML_HELPER", line 329
ORA-06512: at "UTPLSQL.UT_COVERAGE_HTML_REPORTER", line 37
ORA-06512: at "UTPLSQL.UT_REPORTER_BASE", line 193
ORA-06512: at "UTPLSQL.UT_EVENT_MANAGER", line 70
ORA-06512: at "UTPLSQL.UT_EVENT_MANAGER", line 80
ORA-06512: at "UTPLSQL.UT_RUN", line 66
ORA-06512: at "UTPLSQL.UT_SUITE_ITEM", line 50
ORA-06512: at "UTPLSQL.UT_RUNNER", line 144
ORA-06512: at line 29
Proposed fix
Two changes are required in
ut_coverage_report_html_helperpackage body:hash_md5forhash_sh256in theobject_id()function (FIPS-compliant, drop-in replacement):function object_id(a_object_full_name varchar2) return varchar2 is
begin
return rawtohex(dbms_crypto.hash(src => utl_raw.cast_to_raw(a_object_full_name), typ => dbms_crypto.hash_sh256));
end;
file_list()function, increase thel_idvariable size fromVARCHAR2(50)toVARCHAR2(64)to accommodate SHA-256's longer hex output (64 chars vs MD5's 32):-- Before
l_id varchar2(50) := object_id(a_title);
-- After
l_id varchar2(100) := object_id(a_title);
Both changes were tested and confirmed to resolve the error with the HTML coverage reporter functioning correctly on a FIPS-enabled Oracle database.
Additional context
All other utPLSQL coverage reporters (ut_coverage_cobertura_reporter, ut_coverage_sonar_reporter, ut_coveralls_reporter) work correctly in FIPS mode as they do not use DBMS_CRYPTO. Only the HTML reporter is affected. Note that Oracle has deprecated MD5 starting from Oracle Database 21c, so this fix also future-proofs the reporter against environments where MD5 may be removed entirely.