diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 17dcd81f6dfcd5d9ecb9a413a1ccf071b10a95b0..14cfeec0f921174a049171cd75a127bdef6b53ff 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -36,7 +36,7 @@ class Crypto
 
         $hmac = mb_substr($ciphertext, 0, 32, '8bit');
         $iv   = mb_substr($ciphertext, 32, 16, '8bit');
-        $msg  = mb_substr($ciphertext, 48, null, '8bit');
+        $msg  = mb_substr($ciphertext, 48, mb_strlen($ciphertext) - 48, '8bit');
 
         // authenticate the ciphertext
         if (self::secureCompare(hash_hmac('sha256', $iv.$msg, substr($key, 64, 64), true), $hmac)) {