diff --git a/sshkey.c b/sshkey.c
index e1e882b72..4a656f846 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -3913,6 +3913,20 @@ convert_libcrypto_error(void)
 	return translate_libcrypto_error(ERR_peek_last_error());
 }
 
+static int
+pem_passphrase_cb(char *buf, int size, int rwflag, void *u)
+{
+	char *p = (char *)u;
+	size_t len;
+
+	if (p == NULL || (len = strlen(p)) == 0)
+		return -1;
+	if (size < 0 || len > (size_t)size)
+		return -1;
+	memcpy(buf, p, len);
+	return (int)len;
+}
+
 static int
 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
     const char *passphrase, struct sshkey **keyp)
@@ -3934,7 +3948,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
 	}
 
 	clear_libcrypto_errors();
-	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
+	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, pem_passphrase_cb,
 	    (char *)passphrase)) == NULL) {
 	       /*
 		* libcrypto may return various ASN.1 errors when attempting