diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
index 327b9d7e0ff909..ec49580dee0e1a 100644
--- a/src/crypto/crypto_common.cc
+++ b/src/crypto/crypto_common.cc
@@ -499,7 +499,8 @@ MaybeLocal<Value> GetSerialNumber(Environment* env, X509* cert) {
   if (ASN1_INTEGER* serial_number = X509_get_serialNumber(cert)) {
     BignumPointer bn(ASN1_INTEGER_to_BN(serial_number, nullptr));
     if (bn) {
-      OpenSSLBuffer buf(BN_bn2hex(bn.get()));
+      char* data = BN_bn2hex(bn.get());
+      ByteSource buf = ByteSource::Allocated(data, strlen(data));
       if (buf)
         return OneByteString(env->isolate(), buf.get());
     }
diff --git a/src/crypto/crypto_common.h b/src/crypto/crypto_common.h
index e738eac07eb885..afee38b5992d23 100644
--- a/src/crypto/crypto_common.h
+++ b/src/crypto/crypto_common.h
@@ -13,11 +13,6 @@
 
 namespace node {
 namespace crypto {
-// OPENSSL_free is a macro, so we need a wrapper function.
-struct OpenSSLBufferDeleter {
-  void operator()(char* pointer) const { OPENSSL_free(pointer); }
-};
-using OpenSSLBuffer = std::unique_ptr<char[], OpenSSLBufferDeleter>;
 
 struct StackOfX509Deleter {
   void operator()(STACK_OF(X509)* p) const { sk_X509_pop_free(p, X509_free); }
diff --git a/src/crypto/crypto_spkac.cc b/src/crypto/crypto_spkac.cc
index 0f5698d8e80082..6950a0390377e8 100644
--- a/src/crypto/crypto_spkac.cc
+++ b/src/crypto/crypto_spkac.cc
@@ -85,16 +85,18 @@ void ExportPublicKey(const FunctionCallbackInfo<Value>& args) {
   args.GetReturnValue().Set(pkey.ToBuffer().FromMaybe(Local<Value>()));
 }
 
-OpenSSLBuffer ExportChallenge(const ArrayBufferOrViewContents<char>& input) {
+ByteSource ExportChallenge(const ArrayBufferOrViewContents<char>& input) {
   NetscapeSPKIPointer sp(
       NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
   if (!sp)
-    return nullptr;
+    return ByteSource();
 
-  unsigned char* buf = nullptr;
-  ASN1_STRING_to_UTF8(&buf, sp->spkac->challenge);
+  char* buf = nullptr;
+  ASN1_STRING_to_UTF8(
+    reinterpret_cast<unsigned char**>(&buf),
+    sp->spkac->challenge);
 
-  return OpenSSLBuffer(reinterpret_cast<char*>(buf));
+  return ByteSource::Allocated(buf, strlen(buf));
 }
 
 void ExportChallenge(const FunctionCallbackInfo<Value>& args) {
@@ -107,12 +109,12 @@ void ExportChallenge(const FunctionCallbackInfo<Value>& args) {
   if (UNLIKELY(!input.CheckSizeInt32()))
     return THROW_ERR_OUT_OF_RANGE(env, "spkac is too large");
 
-  OpenSSLBuffer cert = ExportChallenge(input);
+  ByteSource cert = ExportChallenge(input);
   if (!cert)
     return args.GetReturnValue().SetEmptyString();
 
   Local<Value> outString =
-      Encode(env->isolate(), cert.get(), strlen(cert.get()), BUFFER);
+      Encode(env->isolate(), cert.get(), cert.size(), BUFFER);
 
   args.GetReturnValue().Set(outString);
 }