diff --git a/src/bin/pg_dump/common_cipher.cpp b/src/bin/pg_dump/common_cipher.cpp
index c5f1696a0..39ff718d7 100644
--- a/src/bin/pg_dump/common_cipher.cpp
+++ b/src/bin/pg_dump/common_cipher.cpp
@@ -402,12 +402,14 @@ void CryptoModuleParamsCheck(ArchiveHandle* AH, const char* params, const char*
             rc = memcpy_s((GS_UCHAR*)fout->Key, KEY_MAX_LEN, tmpkey, tmpkeylen);
             securec_check_c(rc, "\0", "\0");
             fout->keylen = tmpkeylen;
+            OPENSSL_free(tmpkey);
         }
     } else if (is_gen_key){
         char *encodedley = NULL;
         symmGenerateKey((ArchiveHandle*)fout);
         encodedley = SEC_encodeBase64((char*)fout->Key, fout->keylen);
         write_msg(NULL, "generate key success:%s\n", encodedley);
+        OPENSSL_free(encodedley);
 
     }
 
diff --git a/src/bin/psql/common_cipher.cpp b/src/bin/psql/common_cipher.cpp
index fb8e56670..54a8a612f 100644
--- a/src/bin/psql/common_cipher.cpp
+++ b/src/bin/psql/common_cipher.cpp
@@ -389,7 +389,7 @@ void CryptoModuleParamsCheck(DecryptInfo* pDecryptInfo, const char* params, cons
                 OPENSSL_free(tmpkey);
             }
             fprintf(stderr, ("invalid key\n"));
-            exit(1);	
+            exit(1);
         } else {
             rc = memset_s(pDecryptInfo->Key, KEY_MAX_LEN, 0x0, KEY_MAX_LEN);
             securec_check_c(rc, "\0", "\0");
@@ -397,6 +397,7 @@ void CryptoModuleParamsCheck(DecryptInfo* pDecryptInfo, const char* params, cons
             rc = memcpy_s((GS_UCHAR*)pDecryptInfo->Key, KEY_MAX_LEN, tmpkey, tmpkeylen);
             securec_check_c(rc, "\0", "\0");
             pDecryptInfo->keyLen = tmpkeylen;
+            OPENSSL_free(tmpkey);
         }
     } else {
         fprintf(stderr, ("invalid key\n"));