diff --git a/wlantest/bss.c b/wlantest/bss.c
index f021956cc..03baf949f 100644
--- a/wlantest/bss.c
+++ b/wlantest/bss.c
@@ -93,7 +93,7 @@ int bss_add_pmk_from_passphrase(struct wlantest_bss *bss,
 	if (pmk == NULL)
 		return -1;
 	if (pbkdf2_sha1(passphrase, bss->ssid, bss->ssid_len, 4096,
-			pmk->pmk, sizeof(pmk->pmk)) < 0) {
+			pmk->pmk, PMK_LEN) < 0) {
 		os_free(pmk);
 		return -1;
 	}
@@ -101,7 +101,7 @@ int bss_add_pmk_from_passphrase(struct wlantest_bss *bss,
 	wpa_printf(MSG_INFO, "Add possible PMK for BSSID " MACSTR
 		   " based on passphrase '%s'",
 		   MAC2STR(bss->bssid), passphrase);
-	wpa_hexdump(MSG_DEBUG, "Possible PMK", pmk->pmk, sizeof(pmk->pmk));
+	wpa_hexdump(MSG_DEBUG, "Possible PMK", pmk->pmk, PMK_LEN);
 	dl_list_add(&bss->pmk, &pmk->list);
 
 	return 0;
diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index a0c6845b6..1353702ab 100644
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -106,7 +106,7 @@ static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
 		u8 pmk_r1_name[WPA_PMK_NAME_LEN];
 		u8 ptk_name[WPA_PMK_NAME_LEN];
 
-		wpa_derive_pmk_r0(pmk->pmk, sizeof(pmk->pmk),
+		wpa_derive_pmk_r0(pmk->pmk, PMK_LEN,
 				  bss->ssid, bss->ssid_len, bss->mdid,
 				  bss->r0kh_id, bss->r0kh_id_len,
 				  sta->addr, pmk_r0, pmk_r0_name);
@@ -126,7 +126,7 @@ static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
 		    check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
 			      len) < 0)
 			return -1;
-	} else if (wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk),
+	} else if (wpa_pmk_to_ptk(pmk->pmk, PMK_LEN,
 				  "Pairwise key expansion",
 				  bss->bssid, sta->addr, sta->anonce,
 				  sta->snonce, &ptk, sta->key_mgmt,
diff --git a/wlantest/wired.c b/wlantest/wired.c
index 77a395fdc..9267f9776 100644
--- a/wlantest/wired.c
+++ b/wlantest/wired.c
@@ -87,16 +87,17 @@ static void process_radius_access_request(struct wlantest *wt, u32 dst,
 }
 
 
-static void wlantest_add_pmk(struct wlantest *wt, const u8 *pmk)
+static void wlantest_add_pmk(struct wlantest *wt, const u8 *pmk, size_t pmk_len)
 {
 	struct wlantest_pmk *p;
 
 	p = os_zalloc(sizeof(*p));
 	if (p == NULL)
 		return;
-	os_memcpy(p->pmk, pmk, 32);
+	os_memcpy(p->pmk, pmk, pmk_len);
+	p->pmk_len = pmk_len;
 	dl_list_add(&wt->pmk, &p->list);
-	wpa_hexdump(MSG_INFO, "Add PMK", pmk, 32);
+	wpa_hexdump(MSG_INFO, "Add PMK", pmk, pmk_len);
 }
 
 
@@ -127,20 +128,25 @@ static void process_radius_access_accept(struct wlantest *wt, u32 dst, u32 src,
 					      (u8 *) s->secret,
 					      os_strlen(s->secret));
 		if (keys && keys->send && keys->recv) {
-			u8 pmk[32];
+			u8 pmk[PMK_LEN_MAX];
+			size_t pmk_len, len2;
+
 			wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Send-Key",
 					keys->send, keys->send_len);
 			wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Recv-Key",
 					keys->recv, keys->recv_len);
-			os_memcpy(pmk, keys->recv,
-				  keys->recv_len > 32 ? 32 : keys->recv_len);
-			if (keys->recv_len < 32) {
-				os_memcpy(pmk + keys->recv_len,
-					  keys->send,
-					  keys->recv_len + keys->send_len > 32
-					  ? 32 : 32 - keys->recv_len);
+			pmk_len = keys->recv_len;
+			if (pmk_len > PMK_LEN_MAX)
+				pmk_len = PMK_LEN_MAX;
+			os_memcpy(pmk, keys->recv, pmk_len);
+			if (pmk_len < PMK_LEN_MAX) {
+				len2 = keys->send_len;
+				if (pmk_len + len2 > PMK_LEN_MAX)
+					len2 = PMK_LEN_MAX - pmk_len;
+				os_memcpy(pmk + pmk_len, keys->send, len2);
+				pmk_len += len2;
 			}
-			wlantest_add_pmk(wt, pmk);
+			wlantest_add_pmk(wt, pmk, pmk_len);
 			found = 1;
 		}
 
diff --git a/wlantest/wlantest.c b/wlantest/wlantest.c
index 9efeea487..e46850aef 100644
--- a/wlantest/wlantest.c
+++ b/wlantest/wlantest.c
@@ -146,7 +146,8 @@ static void add_secret(struct wlantest *wt, const char *secret)
 static int add_pmk_file(struct wlantest *wt, const char *pmk_file)
 {
 	FILE *f;
-	u8 pmk[32];
+	u8 pmk[PMK_LEN_MAX];
+	size_t pmk_len;
 	char buf[300], *pos;
 	struct wlantest_pmk *p;
 
@@ -163,25 +164,30 @@ static int add_pmk_file(struct wlantest *wt, const char *pmk_file)
 		*pos = '\0';
 		if (pos - buf < 2 * 32)
 			continue;
-		if (hexstr2bin(buf, pmk, 32) < 0)
+		pmk_len = (pos - buf) / 2;
+		if (pmk_len > PMK_LEN_MAX)
+			pmk_len = PMK_LEN_MAX;
+		if (hexstr2bin(buf, pmk, pmk_len) < 0)
 			continue;
 		p = os_zalloc(sizeof(*p));
 		if (p == NULL)
 			break;
-		os_memcpy(p->pmk, pmk, 32);
+		os_memcpy(p->pmk, pmk, pmk_len);
+		p->pmk_len = pmk_len;
 		dl_list_add(&wt->pmk, &p->list);
-		wpa_hexdump(MSG_DEBUG, "Added PMK from file", pmk, 32);
+		wpa_hexdump(MSG_DEBUG, "Added PMK from file", pmk, pmk_len);
 
 		/* For FT, the send half of MSK is used */
-		if (hexstr2bin(&buf[64], pmk, 32) < 0)
+		if (hexstr2bin(&buf[2 * PMK_LEN], pmk, PMK_LEN) < 0)
 			continue;
 		p = os_zalloc(sizeof(*p));
 		if (p == NULL)
 			break;
-		os_memcpy(p->pmk, pmk, 32);
+		os_memcpy(p->pmk, pmk, PMK_LEN);
+		p->pmk_len = PMK_LEN;
 		dl_list_add(&wt->pmk, &p->list);
 		wpa_hexdump(MSG_DEBUG, "Added PMK from file (2nd half of MSK)",
-			    pmk, 32);
+			    pmk, PMK_LEN);
 	}
 
 	fclose(f);
diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index f9a67c32f..7a56b97b7 100644
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -35,7 +35,8 @@ struct wlantest_passphrase {
 
 struct wlantest_pmk {
 	struct dl_list list;
-	u8 pmk[32];
+	u8 pmk[PMK_LEN_MAX];
+	size_t pmk_len;
 };
 
 struct wlantest_ptk {