One comment, this:
> /* get 128 random bits */
> int err = px_get_random_bytes(buf, 16);
might be better to use px_get_pseudo_random_bytes(). UUIDs don't
need to be unguessable or have perfect entropy; they just need to
be collision-resistant. RFC4122 mentions this I think, and if you
look at the ossp-uuid function that this is replacing, it also uses
its internal PRNG for v4 UUIDs rather than strong high-entropy
randomness.
(The downside of requesting strong randomness when you don't need
it is that it can potentially cause the server to block while the
system gathers entropy.)