diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php
index 5954743084743d96f78678462e5fe63342766d35..7a86b213d86b45b874ce4a16c2e716606bf2e7c5 100644
--- a/lib/SimpleSAML/Utils/Config/Metadata.php
+++ b/lib/SimpleSAML/Utils/Config/Metadata.php
@@ -277,6 +277,6 @@ class Metadata
         \SimpleSAML\Logger::maskErrors(E_ALL);
         $hidden = in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY]);
         \SimpleSAML\Logger::popErrorMask();
-        return $hidden;
+        return $hidden === true;
     }
 }
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 31f63aad934cc65303a86233bc359e60ea55de4c..766998eb365834feeb080c7448eddf7ce767b768 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -24,9 +24,14 @@ class Crypto
      */
     private static function _aesDecrypt($ciphertext, $secret)
     {
+        if (!is_string($ciphertext)) {
+            throw new \InvalidArgumentException(
+                'Input parameter "$ciphertext" must be a string with more than 48 characters.'
+            );
+        }
         /** @var int $len */
         $len = mb_strlen($ciphertext, '8bit');
-        if (!is_string($ciphertext) || $len < 48) {
+        if ($len < 48) {
             throw new \InvalidArgumentException(
                 'Input parameter "$ciphertext" must be a string with more than 48 characters.'
             );