OpenSSL RAND_bytes returns -1 (not supported) as well as 0; checking only ==0 could return uninitialized buffer bytes as cryptographically strong randomness. Use ~= 1.