diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php index 17dcd81f6dfcd5d9ecb9a413a1ccf071b10a95b0..14cfeec0f921174a049171cd75a127bdef6b53ff 100644 --- a/lib/SimpleSAML/Utils/Crypto.php +++ b/lib/SimpleSAML/Utils/Crypto.php @@ -36,7 +36,7 @@ class Crypto $hmac = mb_substr($ciphertext, 0, 32, '8bit'); $iv = mb_substr($ciphertext, 32, 16, '8bit'); - $msg = mb_substr($ciphertext, 48, null, '8bit'); + $msg = mb_substr($ciphertext, 48, mb_strlen($ciphertext) - 48, '8bit'); // authenticate the ciphertext if (self::secureCompare(hash_hmac('sha256', $iv.$msg, substr($key, 64, 64), true), $hmac)) {