diff --git a/frameworks/js/napi/crypto/src/napi_cipher.cpp b/frameworks/js/napi/crypto/src/napi_cipher.cpp
index ac947b7dbefcd20d457f41b739f4da1e66c40d79..44f976fed9a34e61330d0d57f3f90d9da696e7d2 100644
--- a/frameworks/js/napi/crypto/src/napi_cipher.cpp
+++ b/frameworks/js/napi/crypto/src/napi_cipher.cpp
@@ -853,6 +853,8 @@ napi_value NapiCipher::JsSetCipherSpec(napi_env env, napi_callback_info info)
     }
     HcfBlob *pSource = GetBlobFromNapiUint8Arr(env, argv[1]);
     if (pSource == nullptr || pSource->len == 0) {
+        HcfBlobDataFree(pSource);
+        HcfFree(pSource);
         LOGE("failed to get pSource.");
         napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "[pSource]: must be of the DataBlob type."));
         return nullptr;
diff --git a/frameworks/js/napi/crypto/src/napi_utils.cpp b/frameworks/js/napi/crypto/src/napi_utils.cpp
index d1a1afaaff65449651b8914bdcbba58e17022780..ae8acfc42c57262d14772670ebea7db1567a462e 100644
--- a/frameworks/js/napi/crypto/src/napi_utils.cpp
+++ b/frameworks/js/napi/crypto/src/napi_utils.cpp
@@ -404,12 +404,46 @@ static bool GetIvAndAadBlob(napi_env env, napi_value arg, HcfBlob **iv, HcfBlob
     return true;
 }
 
+static bool HandleAuthTag(napi_env env, napi_value arg, HcfCryptoMode opMode, HcfBlob **tag, size_t authTagLen)
+{
+    if (opMode == DECRYPT_MODE) {
+        *tag = GetBlobFromParamsSpec(env, arg, AUTHTAG_PARAMS);
+        if (*tag == nullptr) {
+            LOGE("get tag failed!");
+            return false;
+        }
+    } else if (opMode == ENCRYPT_MODE) {
+        HcfBlob authTag = {};
+        authTag->data = static_cast<uint8_t *>(HcfMalloc(authTagLen, 0));
+        if (authTag->data == nullptr) {
+            LOGE("malloc authTag failed!");
+            return false;
+        }
+        authTag->len = authTagLen;
+        *tag = &authTag;
+    } else {
+        LOGE("Invalid operation mode!");
+        return false;
+    }
+    return true;
+}
+
+static void FreeParamsResources(HcfBlob *iv, HcfBlob *aad, HcfBlob *tag, void *paramsSpec)
+{
+    HcfBlobDataFree(iv);
+    HcfBlobDataFree(aad);
+    HcfBlobDataFree(tag);
+    HcfFree(iv);
+    HcfFree(aad);
+    HcfFree(tag);
+    HcfFree(paramsSpec);
+}
+
 static bool GetGcmParamsSpec(napi_env env, napi_value arg, HcfCryptoMode opMode, HcfParamsSpec **paramsSpec)
 {
     HcfBlob *iv = nullptr;
     HcfBlob *aad = nullptr;
     HcfBlob *tag = nullptr;
-    HcfBlob authTag = {};
     bool ret = false;
 
     HcfGcmParamsSpec *gcmParamsSpec = reinterpret_cast<HcfGcmParamsSpec *>(HcfMalloc(sizeof(HcfGcmParamsSpec), 0));
@@ -424,35 +458,21 @@ static bool GetGcmParamsSpec(napi_env env, napi_value arg, HcfCryptoMode opMode,
         goto clearup;
     }
 
-    if (opMode == DECRYPT_MODE) {
-        tag = GetBlobFromParamsSpec(env, arg, AUTHTAG_PARAMS);
-        if (tag == nullptr) {
-            LOGE("get tag failed!");
-            goto clearup;
-        }
-    } else if (opMode == ENCRYPT_MODE) {
-        authTag.data = static_cast<uint8_t *>(HcfMalloc(GCM_AUTH_TAG_LEN, 0));
-        if (authTag.data == nullptr) {
-            LOGE("get tag failed!");
-            goto clearup;
-        }
-        authTag.len = GCM_AUTH_TAG_LEN;
-    } else {
+    ret = HandleAuthTag(env, arg, opMode, &tag, GCM_AUTH_TAG_LEN);
+    if (!ret) {
+        LOGE("HandleAuthTag failed!");
         goto clearup;
     }
 
     gcmParamsSpec->base.getType = GetGcmParamsSpecType;
     gcmParamsSpec->iv = *iv;
     gcmParamsSpec->aad = *aad;
-    gcmParamsSpec->tag = opMode == DECRYPT_MODE ? *tag : authTag;
+    gcmParamsSpec->tag = *tag
     *paramsSpec = reinterpret_cast<HcfParamsSpec *>(gcmParamsSpec);
     ret = true;
 clearup:
    if (!ret) {
-        HcfBlobDataFree(iv);
-        HcfBlobDataFree(aad);
-        HcfBlobDataFree(tag);
-        HcfFree(gcmParamsSpec);
+        FreeParamsResources(iv, aad, tag, gcmParamsSpec);
     }
     HcfFree(iv);
     HcfFree(aad);
@@ -465,7 +485,6 @@ static bool GetCcmParamsSpec(napi_env env, napi_value arg, HcfCryptoMode opMode,
     HcfBlob *iv = nullptr;
     HcfBlob *aad = nullptr;
     HcfBlob *tag = nullptr;
-    HcfBlob authTag = {};
     bool ret = false;
 
     HcfCcmParamsSpec *ccmParamsSpec = reinterpret_cast<HcfCcmParamsSpec *>(HcfMalloc(sizeof(HcfCcmParamsSpec), 0));
@@ -479,34 +498,20 @@ static bool GetCcmParamsSpec(napi_env env, napi_value arg, HcfCryptoMode opMode,
         goto clearup;
     }
 
-    if (opMode == DECRYPT_MODE) {
-        tag = GetBlobFromParamsSpec(env, arg, AUTHTAG_PARAMS);
-        if (tag == nullptr) {
-            LOGE("get tag failed!");
-            goto clearup;
-        }
-    } else if (opMode == ENCRYPT_MODE) {
-        authTag.data = static_cast<uint8_t *>(HcfMalloc(CCM_AUTH_TAG_LEN, 0));
-        if (authTag.data == nullptr) {
-            LOGE("get tag failed!");
-            goto clearup;
-        }
-        authTag.len = CCM_AUTH_TAG_LEN;
-    } else {
+    ret = HandleAuthTag(env, arg, opMode, &tag, CCM_AUTH_TAG_LEN);
+    if (!ret) {
+        LOGE("HandleAuthTag failed!");
         goto clearup;
     }
     ccmParamsSpec->base.getType = GetCcmParamsSpecType;
     ccmParamsSpec->iv = *iv;
     ccmParamsSpec->aad = *aad;
-    ccmParamsSpec->tag = opMode == DECRYPT_MODE ? *tag : authTag;
+    ccmParamsSpec->tag = *tag;
     *paramsSpec = reinterpret_cast<HcfParamsSpec *>(ccmParamsSpec);
     ret = true;
 clearup:
     if (!ret) {
-        HcfBlobDataFree(iv);
-        HcfBlobDataFree(aad);
-        HcfBlobDataFree(tag);
-        HcfFree(ccmParamsSpec);
+        FreeParamsResources(iv, aad, tag, ccmParamsSpec);
     }
     HcfFree(iv);
     HcfFree(aad);