Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100232
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68471 invoked from network); 16 Aug 2017 20:06:05 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Aug 2017 20:06:05 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.174 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 209.85.223.174 mail-io0-f174.google.com  
Received: from [209.85.223.174] ([209.85.223.174:35732] helo=mail-io0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0B/27-34801-CA5A4995 for <internals@lists.php.net>; Wed, 16 Aug 2017 16:06:05 -0400
Received: by mail-io0-f174.google.com with SMTP id m88so16655825iod.2
        for <internals@lists.php.net>; Wed, 16 Aug 2017 13:06:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=OcybGm0yU2Vmo4jyEQOGQ5eSvFT+L+v9xZy7Yls9CZE=;
        b=Lj3RkPFI17X8/rcd4+W4244QFtVVFEexSRtJ+G39gaDDFXIFZ2iHPR+23kjFPCeCeG
         N8miWY30DpdTEwA2injzlqjUgrUjoyZjEkFTynHWiaj/30eF88yI3Me0u/ticAwoYb7R
         fiQ0431hIO9M7on6s0RoERwx4O77MhloeRuT7eQvaHAOIWmRfoxTkegEkKe6Sjy03f4L
         zA75NNuh5LfhVb7U4lqMhvMRbUYNP3LoQAsTCCKDAXz9NfMISx0z+Vdz/BQuIDHuij6o
         CwOkPg/BUpC1TnV036d2tKz23ktcCHdlTx2tHcL7Rfs+EpMwLuCKP2Al4Gr/EEtMW6s4
         zpjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=OcybGm0yU2Vmo4jyEQOGQ5eSvFT+L+v9xZy7Yls9CZE=;
        b=deJ/fVt0jwM/AbqpFfgOoG7orOWZ3fEKSEgwHSR+oLIs1LOHtP+jHPlYtoxanFuwus
         hTX8mOpYnByg6YRT+tgzoxiCMH51mZ8w2qUYFYq5XWUMMtpJ1LCjjFGYp2rUzlQRPqiJ
         QjotpQqeR63BJ3HF9MjtziuT2CdFzbD2SxMCvXlDMcH92I6+qZkbHXImqsttYyl/j6qX
         UGbuhM+TcbYeDCOc7jorY49VzL1B0jiHnpT3TDYvfFeU3npa0nXcaKMbslQneVQ5bbgx
         ibnWWLC73NXzsU32ABVF/Ases80KYg1YiMDsL/hqvtrCON0gLKkl+cE+l/n9g6UyJDSv
         xoQg==
X-Gm-Message-State: AHYfb5gVt8N56sgjlqiUw1JUwwo39cQzQNsgoX5fpWMNU3flXryuaFKp
	1kD2Q3LAk3EqmZdEhxZFMtHlJhcADg==
X-Received: by 10.107.29.76 with SMTP id d73mr2514095iod.211.1502913962542;
 Wed, 16 Aug 2017 13:06:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.13.3 with HTTP; Wed, 16 Aug 2017 13:06:02 -0700 (PDT)
In-Reply-To: <CAPwsocE+8_4J9ZFtWbExH4mKG1haMs1c0OsTXUijn_+rNUN5wQ@mail.gmail.com>
References: <20170816191247.GA12324@openwall.com> <CAPwsocE+8_4J9ZFtWbExH4mKG1haMs1c0OsTXUijn_+rNUN5wQ@mail.gmail.com>
Date: Wed, 16 Aug 2017 22:06:02 +0200
Message-ID: <CAF+90c82H_4z5TGmKJGS1_Md0c15DvMBngPxUp=Upsx3mb0_2g@mail.gmail.com>
To: Leigh <leight@gmail.com>
Cc: Solar Designer <solar@openwall.com>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="001a11409da2dd8c6e0556e46cb7"
Subject: Re: [PHP-DEV] PHP 7.1.0 to 7.2.0beta2 mt_rand() modulo bias bug
From: nikita.ppv@gmail.com (Nikita Popov)

--001a11409da2dd8c6e0556e46cb7
Content-Type: text/plain; charset="UTF-8"

On Wed, Aug 16, 2017 at 9:47 PM, Leigh <leight@gmail.com> wrote:

> On Wed, 16 Aug 2017 at 20:13 Solar Designer <solar@openwall.com> wrote:
>
> > Also, why even bother to support ranges beyond 32-bit?  Sounds like a
> > misfeature to me, considering it won't(?) be universally available on
> > all PHP builds anyway (not on 32-bit ones, right?) and thus shouldn't(?)
> > be relied upon by applications (although it might become reasonable for
> > application developers not to care about 32-bit soon).  I also see few
> > use cases for it, even if it were universally available.
> >
>
> It was possible (on 64 bit builds) to specify min and max such that the
> size of the output required from mt_rand was the full 64 bit range.
>
> Prior to 7.1 this full output was created by stretching a single 32 bit
> output up to the required range using floating point arithmetic, which
> caused other biases in the output.
>
> Unfortunately when fixing this bias, a new bias was introduced. I took
> known working code from the CSPRNG and didn't account for the variable
> length of the sample.
>
> My proposed fix would be to add a "limit_max" variable, initialise it to
> UINT32_MAX, and in the first range check where we decide to add an extra
> output or not, set it to ZEND_ULONG_MAX. Then the statement creating the
> ceiling value can use limit_max instead of the constant value.
>

I'd suggest to split the 32-bit and 64-bit code codepaths entirely, as the
interleaved #ifs are somewhat hard to follow. Something like
https://gist.github.com/nikic/64e7ec58ebb6121d350fb80927a65082 (not
thoroughly tested).

Nikita

--001a11409da2dd8c6e0556e46cb7--