Hi, I'm an RSA customer with some installations of the SecurID Authentication Agent.
I'm using the documented API for the Authentication Agent. The API is publicly documented here: Authentication Agent API 8.1.1 for C Developers Guide
However, the function signatures given in the API seem incorrect - in fact, I'm absolutely convinced that they are wrong on x64 machines.
The documentation states several times that the "userData" parameter is a 32-bit quantity, for example in the documentation for AceInit and AceGetUserData we see:
"This function is synchronous and the caller must supply, as the second argument, a pointer to a 32-bit storage area (that is, an unsigned int) into which to copy the user data value."
This is clearly false - from some experimentation, if you pass in a pointer to the center of a buffer filled with 0xff, the AceGetUserData is *definitely* writing out a 64-bit value, not a 32-bit quantity (it writes 8 bytes to memory).
Could RSA technical support please confirm this, and publish a clarification/correction to the documentation.
I have Authentication Agent DLL version 22.214.171.1243 installed.