diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index bbc2a01f22..4079013d6d 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -346,8 +346,8 @@ virCryptoGenerateRandom(size_t nbytes)
     /* If we don't have gnutls_rnd(), we will generate a less cryptographically
      * strong master buf from /dev/urandom.
      */
-    if ((ret = virRandomBytes(buf, nbytes))) {
-        virReportSystemError(ret, "%s", _("failed to generate byte stream"));
+    if ((ret = virRandomBytes(buf, nbytes)) < 0) {
+        virReportSystemError(-ret, "%s", _("failed to generate byte stream"));
         VIR_FREE(buf);
         return NULL;
     }
diff --git a/src/util/virrandom.c b/src/util/virrandom.c
index 41daa404b2..bfd044df55 100644
--- a/src/util/virrandom.c
+++ b/src/util/virrandom.c
@@ -168,7 +168,7 @@ uint32_t virRandomInt(uint32_t max)
  * Generate a stream of random bytes from /dev/urandom
  * into @buf of size @buflen
  *
- * Returns 0 on success or an errno on failure
+ * Returns 0 on success or -errno on failure
  */
 int
 virRandomBytes(unsigned char *buf,
@@ -177,7 +177,7 @@ virRandomBytes(unsigned char *buf,
     int fd;
 
     if ((fd = open("/dev/urandom", O_RDONLY)) < 0)
-        return errno;
+        return -errno;
 
     while (buflen > 0) {
         ssize_t n;
@@ -186,7 +186,7 @@ virRandomBytes(unsigned char *buf,
             if (errno == EINTR)
                 continue;
             VIR_FORCE_CLOSE(fd);
-            return n < 0 ? errno : ENODATA;
+            return n < 0 ? -errno : -ENODATA;
         }
 
         buf += n;
diff --git a/src/util/viruuid.c b/src/util/viruuid.c
index 3cbaae0b85..61877aeba4 100644
--- a/src/util/viruuid.c
+++ b/src/util/viruuid.c
@@ -76,11 +76,11 @@ virUUIDGenerate(unsigned char *uuid)
     if (uuid == NULL)
         return -1;
 
-    if ((err = virRandomBytes(uuid, VIR_UUID_BUFLEN))) {
+    if ((err = virRandomBytes(uuid, VIR_UUID_BUFLEN)) < 0) {
         char ebuf[1024];
         VIR_WARN("Falling back to pseudorandom UUID,"
                  " failed to generate random bytes: %s",
-                 virStrerror(err, ebuf, sizeof(ebuf)));
+                 virStrerror(-err, ebuf, sizeof(ebuf)));
         err = virUUIDGeneratePseudoRandomBytes(uuid, VIR_UUID_BUFLEN);
     }
 
diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c
index d9ffc6f34c..b6313e73ad 100644
--- a/tests/vircryptotest.c
+++ b/tests/vircryptotest.c
@@ -88,8 +88,8 @@ testCryptoEncrypt(const void *opaque)
         VIR_ALLOC_N(iv, ivlen) < 0)
         goto cleanup;
 
-    if (virRandomBytes(enckey, enckeylen) ||
-        virRandomBytes(iv, ivlen)) {
+    if (virRandomBytes(enckey, enckeylen) < 0 ||
+        virRandomBytes(iv, ivlen) < 0) {
         fprintf(stderr, "Failed to generate random bytes\n");
         goto cleanup;
     }