Thoughts on the current state of ASN.1 and XML technologies.

CSTADLL v2.3 Is Now Available

Objective Systems has released v2.3 of its CSTADLL software. You can find information about CSTADLL here, under the CSTA .NET DLL tab.

The new features in v2.3 are as follows:

  • Support for the Unify OpenScape 4000.
  • Much more robust CSTA XML support.
  • Multiple small DLLs instead of one large DLL.
  • A different licensing model.
  • Support for uaCSTA.
  • New device information helper methods.
  • Clearer definition of callback invocation mechanisms.
  • CDR support.
  • Configurable log file size.
  • A RequestSystemStatus helper method.

You can get more detail about these new features by looking at the v2.3 README file.

No Comments

New Releases of ASN1C and ASN1VE for 2017

We have released new versions of our ASN1C and ASN1VE products for 2017.

ASN1C is an ASN.1 code generator capable of generating C/C++, Java and C# data bindings for ASN.1 schemas.  The new release adds the following new features:

  • Support added for OER in Java and C# – The capability to generate encoders and decoders for the Octet Encoding Rules (OER) in Java and C# languages has been added.  The capability existed previously to generate C/C++ code for these rules. Generated code now supports the ITU-T X.696 standard by default, although it is still possible to code conforming to the original NTCIP standard..
  • Support added for Canonical OER – The capability to generate code to support Canonical OER in all languages has been added.
  • Generation of C/C++ code to better support 64-bit architectures – A new command-line option – -x64 – was added to generate code that is a better fit for 64-bit architectures.
  • Improved support for ISO date/time C/C++ code generation for BER and DER encoding rules.
  • Support added for character string types as default values.
  • Libraries built with gcc 6.x have been added to Linux distributions.

ASN1VE is an ASN.1 Viewer/Editor program that allows ASN.1 encoded data to analyzed and edited.  The following new capabilities were added:

  • Capability to select multiple elements in tree view for deletion or searching.
  • Capability to more accurately show the location of errors in encoded data.
  • Automatic detection of block-size and padding bytes in CDR files with blocked format.

Both of these releases take advantage of a year’s worth of work to improve the ASN.1 processing engine code base infrastructure.  This includes integration of bug fixes to all issues reported during the past year and well as performance and security improvements.

Free evaluation downloads of both products are now available on our web-site.  Users with active support may upgrade to the new releases at any time.


No Comments

New Major Release of ASN2TXT

Objective Systems is pleased to announce a new major release (version 2.6) of our ASN2TXT product.  ASN2TXT translates data from ASN.1 encoded binary formats (BER, DER, CER, PER, and UPER) to textual formats such as XML, JSON, or Comma-separated value (CSV).   The application allows ASN.1 schemas to be applied to data at run-time rather than having to first generate and compile code in some programming language.

The key new feature in the release is the addition of a Document Object Model (DOM) capability for users of the DLL.  Users can decode ASN.1 binary into a DOM tree format where values can be altered prior to serialization into an output format.  These alterations can be in the form of changing node values, adding additional nodes, or removing nodes from the tree.  The capability also exists to locate nodes in the tree using standard XML Path (XPath) expressions.

In addition to the new DOM feature, we have also added support for ISO 8601 date/time types as well as interfaces that allow the DLL to be used in C and C# .NET applications.

A free, 30-day evaluation version of the product may be downloaded from the ASN2TXT product page by clicking the “Download” button at the bottom of the page.

No Comments

Response to CVE-2016-5080

A security vulnerability was recently raised on our ASN1C software.  The vulnerability, documented in CVE-2016-5080, refers to an integer overflow condition that can occur in a memory heap allocation function within the ASN1C run-time.

We have analyzed this issue and acknowledge that the bug exists.  However, we believe the assertion that this is a readily exploitable issue to be not true in most cases.  Our analysis indicates that in order to exploit this bug in the most commonly used encoding rule libraries we support – the packed encoding rules, (PER/UPER) and basic encoding rules and derivatives (BER/DER/CER) – one would have to get a message processing application to accept a message of an abnormally large size.  This would most likely lead to other issues such as running out of memory well before the point at which the vulnerability can be reached.  We have documented our analysis in a paper which we will make available upon request to customers and partners who would like to assess if and how the bug may affect their applications.

We apologize for the error and have worked quickly to fix it.  Versions of the software affected are 5.7 and higher.  Patch releases will be made available to all current and past customers upon request.

No Comments

XBinder version 2.4 release

We recently released a new major version of our XBinder XML Schema Compiler product.  XBinder generates C, C++, Java, or C# code from XML Schema (XSD) definitions making it easier to create and consume compliant XML documents in a programmatic way.

The primary purpose of this release was to upgrade the product to use up-to-date versions of Microsoft Visual Studio.  For Windows, this includes building 64-bit and 32-bit versions of the code generator using Visual Studio 2013.  64 and 32-bit versions of the run-time are also now available for all versions up to and including Visual Studio 2015.

A full list of changes that went into the release are available in the release notes.


No Comments