diff --git a/src/Access/Common/AuthenticationData.cpp b/src/Access/Common/AuthenticationData.cpp
index 69d586dc462..db0a5d54a63 100644
--- a/src/Access/Common/AuthenticationData.cpp
+++ b/src/Access/Common/AuthenticationData.cpp
@@ -210,7 +210,7 @@ void AuthenticationData::setPasswordHashBinary(const Digest & hash)
     throw Exception("setPasswordHashBinary(): authentication type " + toString(type) + " not supported", ErrorCodes::NOT_IMPLEMENTED);
 }
 
-void AuthenticationData::setSalt(String  salt_)
+void AuthenticationData::setSalt(String salt_)
 {
     if (type != AuthenticationType::SHA256_PASSWORD)
         throw Exception("setSalt(): authentication type " + toString(type) + " not supported", ErrorCodes::NOT_IMPLEMENTED);
diff --git a/src/Parsers/Access/ParserCreateUserQuery.cpp b/src/Parsers/Access/ParserCreateUserQuery.cpp
index 9111e6f28ae..8a5d103f5be 100644
--- a/src/Parsers/Access/ParserCreateUserQuery.cpp
+++ b/src/Parsers/Access/ParserCreateUserQuery.cpp
@@ -21,10 +21,17 @@
 #if USE_SSL
 #     include <openssl/crypto.h>
 #     include <openssl/rand.h>
+#     include <openssl/err.h>
 #endif
 
 namespace DB
 {
+
+namespace ErrorCodes
+{
+    extern const int OPENSSL_ERROR;
+}
+
 namespace
 {
     bool parseRenameTo(IParserBase::Pos & pos, Expected & expected, String & new_name)
@@ -166,7 +173,9 @@ namespace
                     ///generate and add salt here
                     ///random generator FIPS complaint
                     uint8_t key[32];
-                    RAND_bytes(key, sizeof(key));
+                    if (RAND_bytes(key, sizeof(key)) != 1)
+                        throw Exception(ErrorCodes::OPENSSL_ERROR, "Cannot generate salt for password. OpenSSL error code: {}", ERR_get_error());
+
                     String salt;
                     salt.resize(sizeof(key) * 2);
                     char * buf_pos = salt.data();