diff --git a/ccryptolib/internal/packing.lua b/ccryptolib/internal/packing.lua
index f5597d6..1ea0db3 100644
--- a/ccryptolib/internal/packing.lua
+++ b/ccryptolib/internal/packing.lua
@@ -95,7 +95,7 @@ if not string.pack or pcall(string.dump, string.pack) then
         local w = {}
         for i in fmt:gmatch("I([%d]+)") do
             local n = tonumber(i) or 4
-            assert(n > 0 and n <= 4, "integral size out of limits")
+            assert(n > 0 and n <= 16, "integral size out of limits")
             w[#w + 1] = n
         end
         return fn(w, e == ">")
diff --git a/ccryptolib/random.lua b/ccryptolib/random.lua
index 797a152..f667ad1 100644
--- a/ccryptolib/random.lua
+++ b/ccryptolib/random.lua
@@ -30,6 +30,7 @@ end
 --- Mixes extra entropy into the generator state.
 --- @param data string The additional entropy to mix.
 local function mix(data)
+    expect(1, data, "string")
     state = blake3.digestKeyed(state, data)
 end
 
@@ -39,7 +40,7 @@ end
 local function random(len)
     expect(1, len, "number")
     lassert(initialized, "attempt to use an uninitialized random generator", 2)
-    local msg = ("\0"):rep(len + 32)
+    local msg = ("\0"):rep(math.max(len, 0) + 32)
     local nonce = ("\0"):rep(12)
     local out = chacha20.crypt(state, nonce, msg, 8, 0)
     state = out:sub(1, 32)
diff --git a/ccryptolib/util.lua b/ccryptolib/util.lua
index 0f2df8e..c4bf192 100644
--- a/ccryptolib/util.lua
+++ b/ccryptolib/util.lua
@@ -1,7 +1,7 @@
 --- General utilities for handling byte strings.
 
 local expect = require "cc.expect".expect
-local random = require "cryptolib.random"
+local random = require "ccryptolib.random"
 local poly1305 = require "ccryptolib.poly1305"
 
 --- Returns the hexadecimal version of a string.