diff --git a/src/include/netif/ppp/mppe.h b/src/include/netif/ppp/mppe.h
index 2b9c4d4f..7f4c678c 100644
--- a/src/include/netif/ppp/mppe.h
+++ b/src/include/netif/ppp/mppe.h
@@ -169,8 +169,8 @@ typedef struct ppp_mppe_state {
 	u8_t unit;
 } ppp_mppe_state;
 
-int mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen,
-	u8_t unit, u8_t debug, const char *debugstr);
+void mppe_set_key(ppp_mppe_state *state, u8_t *key);
+void mppe_init(ppp_mppe_state *state, u8_t options, u8_t unit, u8_t debug, const char *debugstr);
 void mppe_comp_reset(ppp_mppe_state *state);
 err_t mppe_compress(ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
 void mppe_decomp_reset(ppp_mppe_state *state);
diff --git a/src/include/netif/ppp/ppp.h b/src/include/netif/ppp/ppp.h
index fd4133af..b86854fa 100644
--- a/src/include/netif/ppp/ppp.h
+++ b/src/include/netif/ppp/ppp.h
@@ -423,8 +423,6 @@ struct ppp_pcb_s {
 #if MPPE_SUPPORT
   ppp_mppe_state mppe_comp;      /* MPPE "compressor" structure */
   ppp_mppe_state mppe_decomp;    /* MPPE "decompressor" structure */
-  u8_t mppe_send_key[MPPE_MAX_KEY_LEN];
-  u8_t mppe_recv_key[MPPE_MAX_KEY_LEN];
 #endif /* MPPE_SUPPORT */
 #endif /* CCP_SUPPORT */
 
diff --git a/src/netif/ppp/ccp.c b/src/netif/ppp/ccp.c
index e78d671c..877e1a6a 100644
--- a/src/netif/ppp/ccp.c
+++ b/src/netif/ppp/ccp.c
@@ -765,15 +765,10 @@ static void ccp_addci(fsm *f, u_char *p, int *lenp) {
      */
 #if MPPE_SUPPORT
     if (go->mppe) {
-	u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
-
-	p[0] = opt_buf[0] = CI_MPPE;
-	p[1] = opt_buf[1] = CILEN_MPPE;
+	p[0] = CI_MPPE;
+	p[1] = CILEN_MPPE;
 	MPPE_OPTS_TO_CI(go->mppe, &p[2]);
-	MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
-	MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
-	mppe_init(&pcb->mppe_decomp, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN,
-		pcb->netif->num, 1, "mppe_decomp_init");
+	mppe_init(&pcb->mppe_decomp, go->mppe, pcb->netif->num, 1, "mppe_decomp_init");
 	p += CILEN_MPPE;
     }
 #endif /* MPPE_SUPPORT */
@@ -1199,20 +1194,9 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
 		/* rebuild the opts */
 		MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
 		if (newret == CONFACK) {
-		    u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
 		    int mtu;
 
-		    MEMCPY(opt_buf, p, CILEN_MPPE);
-		    MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_send_key,
-			  MPPE_MAX_KEY_LEN);
-		    if (mppe_init(&pcb->mppe_comp, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN,
-			    pcb->netif->num, 1, "mppe_comp_init") <= 0) {
-			/* This shouldn't happen, we've already tested it! */
-			ppp_error("MPPE required, but kernel has no support.");
-			lcp_close(pcb, "MPPE required but not available");
-			newret = CONFREJ;
-			break;
-		    }
+		    mppe_init(&pcb->mppe_comp, ho->mppe, pcb->netif->num, 1, "mppe_comp_init");
 		    /*
 		     * We need to decrease the interface MTU by MPPE_PAD
 		     * because MPPE frames **grow**.  The kernel [must]
@@ -1483,8 +1467,6 @@ static void ccp_up(fsm *f) {
 	ppp_notice("%s transmit compression enabled", method_name(ho, NULL));
 #if MPPE_SUPPORT
     if (go->mppe) {
-	BZERO(pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
-	BZERO(pcb->mppe_send_key, MPPE_MAX_KEY_LEN);
 	continue_networks(pcb);		/* Bring up IP et al */
     }
 #endif /* MPPE_SUPPORT */
diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c
index 03e1fcc7..59829dd5 100644
--- a/src/netif/ppp/chap_ms.c
+++ b/src/netif/ppp/chap_ms.c
@@ -94,7 +94,7 @@
 #include "netif/ppp/pppcrypt.h"
 #include "netif/ppp/magic.h"
 #if MPPE_SUPPORT
-#include "netif/ppp/mppe.h" /* For mppe_sha1_pad* */
+#include "netif/ppp/mppe.h" /* For mppe_sha1_pad*, mppe_set_key() */
 #endif /* MPPE_SUPPORT */
 
 #if LWIP_INCLUDED_POLARSSL_MD4
@@ -730,8 +730,8 @@ static void Set_Start_Key(ppp_pcb *pcb, u_char *rchallenge, char *secret, int se
     sha1_finish(&sha1Context, Digest);
 
     /* Same key in both directions. */
-    MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN);
-    MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN);
+    mppe_set_key(&pcb->mppe_comp, Digest);
+    mppe_set_key(&pcb->mppe_decomp, Digest);
 
     pcb->mppe_keys_set = 1;
 }
@@ -803,7 +803,7 @@ static void SetMasterKeys(ppp_pcb *pcb, char *secret, int secret_len, u_char NTR
     sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE);
     sha1_finish(&sha1Context, Digest);
 
-    MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN);
+    mppe_set_key(&pcb->mppe_comp, Digest);
 
     /*
      * generate recv key
@@ -819,7 +819,7 @@ static void SetMasterKeys(ppp_pcb *pcb, char *secret, int secret_len, u_char NTR
     sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE);
     sha1_finish(&sha1Context, Digest);
 
-    MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN);
+    mppe_set_key(&pcb->mppe_decomp, Digest);
 
     pcb->mppe_keys_set = 1;
 }
diff --git a/src/netif/ppp/mppe.c b/src/netif/ppp/mppe.c
index d5a283bf..768fc84a 100644
--- a/src/netif/ppp/mppe.c
+++ b/src/netif/ppp/mppe.c
@@ -99,34 +99,33 @@ static void mppe_rekey(ppp_mppe_state * state, int initial_key)
 	arc4_setup(&state->arc4, state->session_key, state->keylen);
 }
 
+/*
+ * Set key, used by MSCHAP before mppe_init() is actually called by CCP so we
+ * don't have to keep multiple copies of keys.
+ */
+void mppe_set_key(ppp_mppe_state *state, u8_t *key) {
+    MEMCPY(state->master_key, key, MPPE_MAX_KEY_LEN);
+}
+
 /*
  * Initialize (de)compressor state.
  */
-int
-mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, u8_t unit, u8_t debug,
-	  const char *debugstr)
+void
+mppe_init(ppp_mppe_state *state, u8_t options, u8_t unit, u8_t debug, const char *debugstr)
 {
-	unsigned char mppe_opts;
-
-	if (optlen != CILEN_MPPE + sizeof(state->master_key) ||
-	    options[0] != CI_MPPE || options[1] != CILEN_MPPE)
-		return 0;
-
 	/* Save keys. */
-	MEMCPY(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
 	MEMCPY(state->session_key, state->master_key, sizeof(state->master_key));
 
-	MPPE_CI_TO_OPTS(&options[2], mppe_opts);
-	if (mppe_opts & MPPE_OPT_128)
+	if (options & MPPE_OPT_128)
 		state->keylen = 16;
-	else if (mppe_opts & MPPE_OPT_40)
+	else if (options & MPPE_OPT_40)
 		state->keylen = 8;
 	else {
 		PPPDEBUG(LOG_DEBUG, ("%s[%d]: unknown key length\n", debugstr,
 		       unit));
-		return 0;
+		return;
 	}
-	if (mppe_opts & MPPE_OPT_STATEFUL)
+	if (options & MPPE_OPT_STATEFUL)
 		state->stateful = 1;
 
 	/* Generate the initial session key. */
@@ -166,8 +165,6 @@ mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, u8_t unit,
 
 	state->unit = unit;
 	state->debug = debug;
-
-	return 1;
 }
 
 /*