diff --git a/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_authenticator.h b/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_authenticator.h
index 78b2a557449ff..f3b190fea85ce 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_authenticator.h
+++ b/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_authenticator.h
@@ -49,7 +49,7 @@ class DigestMD5Authenticator {
 
   static size_t NextToken(const std::string &payload, size_t off,
                           std::string *tok);
-  void GenerateCNonce();
+  Status GenerateCNonce();
   std::string username_;
   std::string password_;
   std::string nonce_;
diff --git a/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_digest_md5.cc b/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_digest_md5.cc
index 3ca85786d15f5..cdb25d7e1a097 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_digest_md5.cc
+++ b/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/libhdfspp/lib/common/sasl_digest_md5.cc
@@ -21,6 +21,7 @@
 
 #include <openssl/rand.h>
 #include <openssl/md5.h>
+#include <openssl/err.h>
 
 #include <iomanip>
 #include <map>
@@ -91,12 +92,19 @@ size_t DigestMD5Authenticator::NextToken(const std::string &payload, size_t off,
   return off;
 }
 
-void DigestMD5Authenticator::GenerateCNonce() {
-  if (!TEST_mock_cnonce_) {
-    char buf[8] = {0,};
-    RAND_pseudo_bytes(reinterpret_cast<unsigned char *>(buf), sizeof(buf));
+Status DigestMD5Authenticator::GenerateCNonce() {
+  if (TEST_mock_cnonce_) {
+    return Status::OK();
+  }
+
+  char buf[8] = { 0, };
+  if (RAND_bytes(reinterpret_cast<unsigned char*>(buf), sizeof(buf)) == 1) {
     cnonce_ = Base64Encode(std::string(buf, sizeof(buf)));
+    return Status::OK();
   }
+
+  const auto* error = ERR_reason_error_string(ERR_get_error());
+  return Status::Error(error);
 }
 
 Status DigestMD5Authenticator::ParseFirstChallenge(const std::string &payload) {
@@ -155,8 +163,11 @@ Status DigestMD5Authenticator::GenerateFirstResponse(std::string *result) {
     return Status::Unimplemented();
   }
 
+  if (auto status = GenerateCNonce(); !status.ok()) {
+    return status;
+  }
+
   std::stringstream ss;
-  GenerateCNonce();
   ss << "charset=utf-8,username=\"" << QuoteString(username_) << "\""
      << ",authzid=\"" << QuoteString(username_) << "\""
      << ",nonce=\"" << QuoteString(nonce_) << "\""