diff --git a/libnm-core/crypto.c b/libnm-core/crypto.c
index 74063379fe..62629a3f72 100644
--- a/libnm-core/crypto.c
+++ b/libnm-core/crypto.c
@@ -405,7 +405,7 @@ crypto_make_des_aes_key (const char *cipher,
 	key = g_malloc0 (digest_len + 1);
 
 	crypto_md5_hash (salt,
-	                 salt_len,
+	                 8,
 	                 password,
 	                 strlen (password),
 	                 key,
@@ -763,9 +763,9 @@ crypto_verify_private_key (const char *filename,
 
 void
 crypto_md5_hash (const char *salt,
-                 const gsize salt_len,
+                 gssize salt_len,
                  const char *password,
-                 gsize password_len,
+                 gssize password_len,
                  char *buffer,
                  gsize buflen)
 {
@@ -778,25 +778,28 @@ crypto_md5_hash (const char *salt,
 
 	g_assert_cmpint (g_checksum_type_get_length (G_CHECKSUM_MD5), ==, sizeof (digest));
 
-	if (salt)
-		g_return_if_fail (salt_len >= 8);
-
-	g_return_if_fail (password != NULL);
-	g_return_if_fail (password_len > 0);
+	g_return_if_fail (password_len == 0 || password);
 	g_return_if_fail (buffer != NULL);
 	g_return_if_fail (buflen > 0);
+	g_return_if_fail (salt_len == 0 || salt);
 
 	ctx = g_checksum_new (G_CHECKSUM_MD5);
 
+	if (salt_len < 0)
+		salt_len = strlen (salt);
+	if (password_len < 0)
+		password_len = strlen (password);
+
 	while (nkey > 0) {
 		int i = 0;
 
 		g_checksum_reset (ctx);
 		if (count++)
 			g_checksum_update (ctx, (const guchar *) digest, digest_len);
-		g_checksum_update (ctx, (const guchar *) password, password_len);
-		if (salt)
-			g_checksum_update (ctx, (const guchar *) salt, 8); /* Only use 8 bytes of salt */
+		if (password_len > 0)
+			g_checksum_update (ctx, (const guchar *) password, password_len);
+		if (salt_len > 0)
+			g_checksum_update (ctx, (const guchar *) salt, salt_len);
 		g_checksum_get_digest (ctx, (guchar *) digest, &digest_len);
 
 		while (nkey && (i < digest_len)) {
diff --git a/libnm-core/crypto.h b/libnm-core/crypto.h
index f36975581e..434f108d0a 100644
--- a/libnm-core/crypto.h
+++ b/libnm-core/crypto.h
@@ -79,9 +79,9 @@ NMCryptoFileFormat crypto_verify_private_key (const char *file,
 /* Internal utils API bits for crypto providers */
 
 void crypto_md5_hash (const char *salt,
-                      const gsize salt_len,
+                      gssize salt_len,
                       const char *password,
-                      gsize password_len,
+                      gssize password_len,
                       char *buffer,
                       gsize buflen);
 
diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c
index 287abfbe3b..05157f0185 100644
--- a/libnm-core/tests/test-crypto.c
+++ b/libnm-core/tests/test-crypto.c
@@ -438,7 +438,11 @@ test_md5 (void)
 	for (i = 0; i < G_N_ELEMENTS (md5_tests); i++) {
 		memset (digest, 0, sizeof (digest));
 		crypto_md5_hash (md5_tests[i].salt,
-		                 md5_tests[i].salt ? strlen (md5_tests[i].salt) : 0,
+		                 /* crypto_md5_hash() used to clamp salt_len to 8.  It
+		                  * doesn't any more, so we need to do it here now to
+		                  * get output that matches md5_tests[i].result.
+		                  */
+		                 md5_tests[i].salt ? 8 : 0,
 		                 md5_tests[i].password,
 		                 strlen (md5_tests[i].password),
 		                 digest, md5_tests[i].digest_size);