diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 1b72d723c87..1be2f2e42ff 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -3283,13 +3283,10 @@ SignBase::Error Sign::SignFinal(const char* key_pem,
   EVP_PKEY* pkey = NULL;
   bool fatal = true;
 
-  bp = BIO_new(BIO_s_mem());
+  bp = BIO_new_mem_buf(const_cast<char*>(key_pem), key_pem_len);
   if (bp == NULL)
     goto exit;
 
-  if (!BIO_write(bp, key_pem, key_pem_len))
-    goto exit;
-
   pkey = PEM_read_bio_PrivateKey(bp,
                                  NULL,
                                  CryptoPemCallback,
@@ -3475,13 +3472,10 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem,
   bool fatal = true;
   int r = 0;
 
-  bp = BIO_new(BIO_s_mem());
+  bp = BIO_new_mem_buf(const_cast<char*>(key_pem), key_pem_len);
   if (bp == NULL)
     goto exit;
 
-  if (!BIO_write(bp, key_pem, key_pem_len))
-    goto exit;
-
   // Check if this is a PKCS#8 or RSA public key before trying as X.509.
   // Split this out into a separate function once we have more than one
   // consumer of public keys.
@@ -3595,13 +3589,10 @@ bool PublicKeyCipher::Cipher(const char* key_pem,
   X509* x509 = NULL;
   bool fatal = true;
 
-  bp = BIO_new(BIO_s_mem());
+  bp = BIO_new_mem_buf(const_cast<char*>(key_pem), key_pem_len);
   if (bp == NULL)
     goto exit;
 
-  if (!BIO_write(bp, key_pem, key_pem_len))
-    goto exit;
-
   // Check if this is a PKCS#8 or RSA public key before trying as X.509 and
   // private key.
   if (operation == kEncrypt &&