diff --git a/frameworks/js/ani/inc/ani_common.h b/frameworks/js/ani/inc/ani_common.h
index f9bd6fb0da05aea22f2b6ef0a4e20563d4c0c112..87abbc699bb5acd1bb889a4706d4a557a4b8b8be 100644
--- a/frameworks/js/ani/inc/ani_common.h
+++ b/frameworks/js/ani/inc/ani_common.h
@@ -51,16 +51,21 @@ constexpr int SPEC_ITEM_TYPE_UINT8ARR = 4;
 
 #define ANI_LOGE_THROW(code, msg) \
     do { \
-        LOGE("%{public}s", msg); \
-        set_business_error(ConvertResultCode(code), msg); \
+        int rc = ConvertResultCode(code); \
+        LOGE("%{public}s, code: %{public}d", msg, rc); \
+        set_business_error(rc, msg); \
     } while (0)
 
 int ConvertResultCode(HcfResult res);
 
-void ArrayU8ToDataBlob(const array<uint8_t> &arr, HcfBlob &blob);
+template<typename T>
+void ArrayU8ToDataBlob(const T &arr, HcfBlob &blob);
 void DataBlobToArrayU8(const HcfBlob &blob, array<uint8_t> &arr);
-void ArrayU8ToBigInteger(const array<uint8_t> &arr, HcfBigInteger &bigint);
+
+template<typename T>
+bool ArrayU8ToBigInteger(const T &arr, HcfBigInteger &bigint);
 void BigIntegerToArrayU8(const HcfBigInteger &bigint, array<uint8_t> &arr);
+
 void StringToDataBlob(const string &str, HcfBlob &blob);
 
 int GetAsyKeySpecType(HcfAsyKeySpecItem item);
diff --git a/frameworks/js/ani/src/ani_common.cpp b/frameworks/js/ani/src/ani_common.cpp
index 9d6a8d9f08141b1556e27ddc60e8c1c5a770175c..6ca979e8af53721023b703f81f4d4618156af923 100644
--- a/frameworks/js/ani/src/ani_common.cpp
+++ b/frameworks/js/ani/src/ani_common.cpp
@@ -82,6 +82,18 @@ static const std::unordered_map<HcfSignSpecItem, int> SIGN_SPEC_RELATION_MAP = {
 } // namespace
 
 namespace ANI::CryptoFramework {
+// template specialization for ArrayU8ToDataBlob
+template
+void ArrayU8ToDataBlob<array<uint8_t>>(const array<uint8_t> &arr, HcfBlob &blob);
+template
+void ArrayU8ToDataBlob<array_view<uint8_t>>(const array_view<uint8_t> &arr, HcfBlob &blob);
+
+// template specialization for ArrayU8ToBigInteger
+template
+bool ArrayU8ToBigInteger<array<uint8_t>>(const array<uint8_t> &arr, HcfBigInteger &bigint);
+template
+bool ArrayU8ToBigInteger<array_view<uint8_t>>(const array_view<uint8_t> &arr, HcfBigInteger &bigint);
+
 int ConvertResultCode(HcfResult res)
 {
     if (RESULT_CODE.count(res) > 0) {
@@ -90,7 +102,8 @@ int ConvertResultCode(HcfResult res)
     return ERR_RUNTIME_ERROR;
 }
 
-void ArrayU8ToDataBlob(const array<uint8_t> &arr, HcfBlob &blob)
+template<typename T>
+void ArrayU8ToDataBlob(const T &arr, HcfBlob &blob)
 {
     blob.data = arr.empty() ? nullptr : arr.data();
     blob.len = arr.size();
@@ -101,13 +114,22 @@ void DataBlobToArrayU8(const HcfBlob &blob, array<uint8_t> &arr)
     arr = array<uint8_t>(move_data_t{}, blob.data, blob.len);
 }
 
-void ArrayU8ToBigInteger(const array<uint8_t> &arr, HcfBigInteger &bigint)
+template<typename T>
+bool ArrayU8ToBigInteger(const T &arr, HcfBigInteger &bigint)
 {
-    bigint.data = arr.empty() ? nullptr : arr.data();
+    if (arr.empty()) {
+        return false;
+    }
+    uint8_t sign = arr.back() >> (sizeof(uint8_t) * 8 - 1);
+    if (sign != 0) { // not support negative of big integer
+        return false;
+    }
+    bigint.data = arr.data();
     bigint.len = arr.size();
-    if (bigint.len > 0 && bigint.data[bigint.len - 1] == 0) { // remove the sign bit of big integer
+    if (bigint.len > 1 && bigint.data[bigint.len - 1] == 0) { // remove the sign bit of big integer
         bigint.len--;
     }
+    return true;
 }
 
 void BigIntegerToArrayU8(const HcfBigInteger &bigint, array<uint8_t> &arr)
@@ -121,7 +143,7 @@ void BigIntegerToArrayU8(const HcfBigInteger &bigint, array<uint8_t> &arr)
 void StringToDataBlob(const string &str, HcfBlob &blob)
 {
     blob.data = str.empty() ? nullptr : reinterpret_cast<uint8_t *>(const_cast<char *>(str.c_str()));
-    blob.len = str.size() + 1;
+    blob.len = str.empty() ? 0 : str.size() + 1;
 }
 
 int GetAsyKeySpecType(HcfAsyKeySpecItem item)
diff --git a/frameworks/js/ani/src/ani_dh_key_util.cpp b/frameworks/js/ani/src/ani_dh_key_util.cpp
index 4c7294ee05d880dd4cc0acd290f241cc7bb6dde7..740f1d9a1739c5dca93fb599074a462b754ded41 100644
--- a/frameworks/js/ani/src/ani_dh_key_util.cpp
+++ b/frameworks/js/ani/src/ani_dh_key_util.cpp
@@ -29,7 +29,7 @@ DHCommonParamsSpec GenDHCommonParamsSpec(int32_t pLen, optional_view<int32_t> sk
     HcfDhCommParamsSpec *dhCommParamsSpec = nullptr;
     HcfResult res = HcfDhKeyUtilCreate(pLen, skLenValue, &dhCommParamsSpec);
     if (res != HCF_SUCCESS) {
-        ANI_LOGE_THROW(res, "create dhKey obj fail!");
+        ANI_LOGE_THROW(HCF_INVALID_PARAMS, "create dhKey obj fail!"); // the error code is consistent with 1.1
         return dh;
     }
     dh.base.algName = string(dhCommParamsSpec->base.algName);
diff --git a/frameworks/js/ani/src/ani_ecc_key_util.cpp b/frameworks/js/ani/src/ani_ecc_key_util.cpp
index 4de03d1936c5c28564439d1b32be1ff4e6bcfd02..e2ab9c3f3a11c8021c1b869b5f2cf8bf6a7dc208 100644
--- a/frameworks/js/ani/src/ani_ecc_key_util.cpp
+++ b/frameworks/js/ani/src/ani_ecc_key_util.cpp
@@ -68,8 +68,13 @@ Point ConvertPoint(string_view curveName, array_view<uint8_t> encodedPoint)
 array<uint8_t> GetEncodedPoint(string_view curveName, Point const& point, string_view format)
 {
     HcfPoint hcfPoint = {};
-    ArrayU8ToBigInteger(point.x, hcfPoint.x);
-    ArrayU8ToBigInteger(point.y, hcfPoint.y);
+    bool bigintValid = true;
+    bigintValid &= ArrayU8ToBigInteger(point.x, hcfPoint.x);
+    bigintValid &= ArrayU8ToBigInteger(point.y, hcfPoint.y);
+    if (!bigintValid) {
+        ANI_LOGE_THROW(HCF_INVALID_PARAMS, "params is invalid.");
+        return {};
+    }
     HcfBlob outBlob = {};
     HcfResult res = HcfGetEncodedPoint(curveName.c_str(), &hcfPoint, format.c_str(), &outBlob);
     if (res != HCF_SUCCESS) {
diff --git a/frameworks/js/ani/src/ani_md.cpp b/frameworks/js/ani/src/ani_md.cpp
index d2efc233b2b24ba3a7889e205dbe28f31b1e7efa..2b9f26e9e206f3dba9a540f6825fd8f30de907de 100644
--- a/frameworks/js/ani/src/ani_md.cpp
+++ b/frameworks/js/ani/src/ani_md.cpp
@@ -50,7 +50,7 @@ DataBlob MdImpl::DigestSync()
     HcfBlob outBlob = {};
     HcfResult res = this->md_->doFinal(this->md_, &outBlob);
     if (res != HCF_SUCCESS) {
-        ANI_LOGE_THROW(res, "mac doFinal failed!");
+        ANI_LOGE_THROW(res, "md doFinal failed!");
         return {};
     }
     array<uint8_t> data = {};
diff --git a/frameworks/js/ani/src/ani_sm2_crypto_util.cpp b/frameworks/js/ani/src/ani_sm2_crypto_util.cpp
index 4a69d995935e2b5ffc9471b889f8b02e0860db47..3fbfef5a7cd25e7459bfc2809282ede5cb16fc29 100644
--- a/frameworks/js/ani/src/ani_sm2_crypto_util.cpp
+++ b/frameworks/js/ani/src/ani_sm2_crypto_util.cpp
@@ -21,8 +21,13 @@ namespace ANI::CryptoFramework {
 DataBlob GenCipherTextBySpec(SM2CipherTextSpec const& spec, optional_view<string> mode)
 {
     Sm2CipherTextSpec hcfSpec = {};
-    ArrayU8ToBigInteger(spec.xCoordinate, hcfSpec.xCoordinate);
-    ArrayU8ToBigInteger(spec.yCoordinate, hcfSpec.yCoordinate);
+    bool bigintValid = true;
+    bigintValid &= ArrayU8ToBigInteger(spec.xCoordinate, hcfSpec.xCoordinate);
+    bigintValid &= ArrayU8ToBigInteger(spec.yCoordinate, hcfSpec.yCoordinate);
+    if (!bigintValid) {
+        ANI_LOGE_THROW(HCF_INVALID_PARAMS, "params is invalid.");
+        return {};
+    }
     ArrayU8ToDataBlob(spec.cipherTextData, hcfSpec.cipherTextData);
     ArrayU8ToDataBlob(spec.hashData, hcfSpec.hashData);
     string dataMode = mode.has_value() ? mode.value() : "";
diff --git a/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c b/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c
index beeb95ae46caca808da31090a4cf31da4d52ad28..23e7fcbd7b570b9b4a392f278590737d257d7d8d 100644
--- a/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c
+++ b/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c
@@ -105,7 +105,7 @@ static bool CheckHkdfParams(HcfHkdfParamsSpec *params)
             LOGE("beyond the length");
             return false;
     }
-    if (params->key.data == NULL && params->key.len == 0) {
+    if (params->key.data == NULL || params->key.len == 0) {
         LOGE("check params failed, key is NULL");
         return false;
     }
diff --git a/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c b/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c
index 8cf15aef3f3374c04b1c007264dce88fb6323172..025cc7fcbe490c5755fe9b20e7db8c5bb70c50cc 100644
--- a/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c
+++ b/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c
@@ -36,6 +36,7 @@
 #define OPENSSL_BITS_PER_BYTE 8
 #define OPENSSL_RSA_KEYPAIR_CNT 3
 #define OPENSSL_RSA_KEYGEN_DEFAULT_PRIMES 2
+#define PASSWORD_MAX_LENGTH 4096
 #define MAX_KEY_SIZE 8192
 #define MIN_KEY_SIZE 512
 #define PRIMES_2 2
@@ -731,6 +732,11 @@ static HcfResult GetPriKeyEncodedPem(const HcfPriKey *self, HcfParamsSpec *param
             OpensslEvpPkeyFree(pkey);
             return HCF_ERR_PARAMETER_CHECK_FAILED;
         }
+        if (strlen(passWord) == 0 || strlen(passWord) > PASSWORD_MAX_LENGTH) {
+            LOGE("passWord is invalid.");
+            OpensslEvpPkeyFree(pkey);
+            return HCF_INVALID_PARAMS;
+        }
         cipher = EVP_CIPHER_fetch(NULL, cipherStr, NULL);
         result = GetPriKeyPem(format, pkey, cipher, passWord, returnString);
         EVP_CIPHER_free((EVP_CIPHER *)cipher);
@@ -1223,6 +1229,13 @@ static HcfResult EngineConvertPemKey(HcfAsyKeyGeneratorSpi *self, HcfParamsSpec
         LOGE("ConvertPemKeyParams is invalid.");
         return HCF_INVALID_PARAMS;
     }
+    if (params != NULL) {
+        HcfKeyDecodingParamsSpec *spec = (HcfKeyDecodingParamsSpec *)params;
+        if (spec->password == NULL || strlen(spec->password) == 0 || strlen(spec->password) > PASSWORD_MAX_LENGTH) {
+            LOGE("password is invalid.");
+            return HCF_INVALID_PARAMS;
+        }
+    }
     if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
         LOGE("Class not match.");
         return HCF_INVALID_PARAMS;