import from HEAD:

	otp_authenticate(): generate State as ASCII to workaround Cisco bug

diff --cc src/modules/rlm_otp/otp_rlm.c
index 959759b,0f82394..6314a36
--- 1/src/modules/rlm_otp/otp_rlm.c
--- 2/src/modules/rlm_otp/otp_rlm.c
+++ b/src/modules/rlm_otp/otp_rlm.c
@@@ -492,17 -493,33 +493,33 @@@ otp_authenticate(void *instance, REQUES
        }
  
        if (inst->allow_async) {
-         /* Verify the state. */
-         (void) memcpy(challenge, vp->strvalue, inst->chal_len);
-         (void) memcpy(&sflags, vp->strvalue + inst->chal_len, 4);
-         (void) memcpy(&then, vp->strvalue + inst->chal_len + 4, 4);
+         /*
+          * Verify the state.
+          */
+ 
+         /* ASCII decode */
+         rad_state = rad_malloc(e_length + 1);
 -        (void) memcpy(rad_state, vp->vp_strvalue, vp->length);
++        (void) memcpy(rad_state, vp->strvalue, vp->length);
+         rad_state[e_length] = '\0';
+         (void) otp_keystring2keyblock(rad_state, raw_state);
+         free(rad_state);
+         
+         /* extract data from State */
+         raw_state = rad_malloc(e_length / 2);
+         (void) memcpy(challenge, raw_state, inst->chal_len);
+         (void) memcpy(&sflags, raw_state + inst->chal_len, 4);
+         (void) memcpy(&then, raw_state + inst->chal_len + 4, 4);
+         free(raw_state);
+ 
+         /* generate new state from returned input data */
          if (otp_gen_state(NULL, &state, challenge, inst->chal_len,
                            sflags, then, hmac_key) != 0) {
            otp_log(OTP_LOG_ERR, "%s: %s: failed to generate state",
                    log_prefix, __func__);
            return RLM_MODULE_FAIL;
          }
 -        if (memcmp(state, vp->vp_strvalue, vp->length)) {
+         /* compare generated state against returned state to verify hmac */
 +        if (memcmp(state, vp->strvalue, vp->length)) {
            otp_log(OTP_LOG_AUTH, "%s: %s: bad state for [%s]: hmac",
                    log_prefix, __func__, username);
            free(state);