|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #66728 gmp_random is obsolete, switch to gmp_urandomm
Submitted: 2014-02-17 20:52 UTC Modified: 2016-03-27 11:36 UTC
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: asphp at dsgml dot com Assigned: nikic (profile)
Status: Closed Package: GNU MP related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: asphp at dsgml dot com
New email:
PHP Version: OS:


 [2014-02-17 20:52 UTC] asphp at dsgml dot com
According to the docs mpz_random (i.e. gmp_random) is obsolete. It's also pretty useless since it returns digits in an undefined range.

Instead switch to mpz_urandomm which lets you specify the max directly.

PHP could either expose it as is and let people subtract to get the min, or PHP could make it easier and let people specify a min and max.

PHP could require that people manually initialize the random state, or just go ahead and do it for them with gmp_randinit_mt.

Also once this is a done a PHP warning should be emitted for use of gmp_random.



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-09-24 20:51 UTC] rainer dot jung at kippdata dot de
IMHO this issue can be closed: starting with PHP 5.6 there is gmp_random_range() which uses mpz_urandomm() and the old gmp_random() uses mpz_urandomb(). Both should be fine.
 [2016-03-26 11:23 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2016-03-26 11:23 UTC]
Closing per previous comment.
 [2016-03-27 03:40 UTC] asphp at dsgml dot com
I'm not sure this should be closed.

The gmp_random function is very confusing and basically useless.

The documentation says:

The number will be between zero and the number of bits per limb multiplied by limiter.

But the code actually uses mpz_urandomb which states:

 0 to 2^n-1, inclusive.

And the code does:

limiter * GMP_LIMB_BITS

So you end up with:

2^(limiter * GMP_LIMB_BITS) which is enormous and worse doesn't match the documentation.

The code for the function should stop multiplying by GMP_LIMB_BITS and the documentation should be updated to say it's simply 2^n.
 [2016-03-27 03:44 UTC] asphp at dsgml dot com
It seems to me that actually gmp_random should be removed.

gmp_random_bits() does the 2^n, and gmp_random_range() does a regular range.

gmp_random does nothing of any value at all.

See also bug: #62375 - gmp_random does actually use that constant.
 [2016-03-27 11:36 UTC]
To clarify, I closed this issue because PHP 5.6 introduced gmp_random_bits() and gmp_random_range(), which supersede the gmp_random() function.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Oct 17 16:03:34 2021 UTC