diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS
index 7c49d8402c0..b47c8ed3415 100644
--- a/UPGRADING.INTERNALS
+++ b/UPGRADING.INTERNALS
@@ -83,6 +83,9 @@ PHP 8.4 INTERNALS UPGRADE NOTES
      the new php_random_result struct, replacing the last_generated_size
      member of the php_random_status struct and the generate_size member of
      the php_random_algo struct.
+   - The CSPRNG API (php_random_(bytes|int)_*) is now provided by the new
+     and much smaller php_random_csprng.h header. The new header is included
+     in php_random.h for compatibility with existing users.
 
  c. ext/xsl
    - The function php_xsl_create_object() was removed as it was not used
diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
index ff2b37ae09f..ae9c9b9e5e0 100644
--- a/ext/gmp/gmp.c
+++ b/ext/gmp/gmp.c
@@ -31,6 +31,7 @@
 
 /* Needed for gmp_random() */
 #include "ext/random/php_random.h"
+#include "ext/random/php_random_csprng.h"
 
 #define GMP_ROUND_ZERO      0
 #define GMP_ROUND_PLUSINF   1
diff --git a/ext/random/config.m4 b/ext/random/config.m4
index 0bdb1ed7e3a..2078b61ebcd 100644
--- a/ext/random/config.m4
+++ b/ext/random/config.m4
@@ -29,4 +29,4 @@ PHP_NEW_EXTENSION(random,
       gammasection.c \
       randomizer.c,
       no,, -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1)
-PHP_INSTALL_HEADERS([ext/random], [php_random.h php_random_uint128.h])
+PHP_INSTALL_HEADERS([ext/random], [php_random.h php_random_csprng.h php_random_uint128.h])
diff --git a/ext/random/config.w32 b/ext/random/config.w32
index 930ee623ca9..6b04fb6758b 100644
--- a/ext/random/config.w32
+++ b/ext/random/config.w32
@@ -1,4 +1,4 @@
 EXTENSION("random", "random.c", false /* never shared */, "/DZEND_ENABLE_STATIC_TSRMLS_CACHE=1");
 PHP_RANDOM="yes";
 ADD_SOURCES(configure_module_dirname, "csprng.c engine_combinedlcg.c engine_mt19937.c engine_pcgoneseq128xslrr64.c engine_xoshiro256starstar.c engine_secure.c engine_user.c gammasection.c randomizer.c", "random");
-PHP_INSTALL_HEADERS("ext/random", "php_random.h php_random_uint128.h");
+PHP_INSTALL_HEADERS("ext/random", "php_random.h php_random_csprng.h php_random_uint128.h");
diff --git a/ext/random/csprng.c b/ext/random/csprng.c
index 106ec91affa..7d505c67bcb 100644
--- a/ext/random/csprng.c
+++ b/ext/random/csprng.c
@@ -28,6 +28,7 @@
 #include "Zend/zend_exceptions.h"
 
 #include "php_random.h"
+#include "php_random_csprng.h"
 
 #if HAVE_UNISTD_H
 # include <unistd.h>
diff --git a/ext/random/engine_mt19937.c b/ext/random/engine_mt19937.c
index 7559f148615..d82a341b36c 100644
--- a/ext/random/engine_mt19937.c
+++ b/ext/random/engine_mt19937.c
@@ -29,6 +29,7 @@
 
 #include "php.h"
 #include "php_random.h"
+#include "php_random_csprng.h"
 
 #include "Zend/zend_exceptions.h"
 
diff --git a/ext/random/engine_pcgoneseq128xslrr64.c b/ext/random/engine_pcgoneseq128xslrr64.c
index b0d6d418f32..5f318fa3f75 100644
--- a/ext/random/engine_pcgoneseq128xslrr64.c
+++ b/ext/random/engine_pcgoneseq128xslrr64.c
@@ -22,6 +22,7 @@
 
 #include "php.h"
 #include "php_random.h"
+#include "php_random_csprng.h"
 #include "php_random_uint128.h"
 
 #include "Zend/zend_exceptions.h"
diff --git a/ext/random/engine_secure.c b/ext/random/engine_secure.c
index 90ed4c0ed85..bc5e4874cd9 100644
--- a/ext/random/engine_secure.c
+++ b/ext/random/engine_secure.c
@@ -21,6 +21,7 @@
 
 #include "php.h"
 #include "php_random.h"
+#include "php_random_csprng.h"
 
 #include "Zend/zend_exceptions.h"
 
diff --git a/ext/random/engine_xoshiro256starstar.c b/ext/random/engine_xoshiro256starstar.c
index 51971833b55..7468bde3b16 100644
--- a/ext/random/engine_xoshiro256starstar.c
+++ b/ext/random/engine_xoshiro256starstar.c
@@ -23,6 +23,7 @@
 
 #include "php.h"
 #include "php_random.h"
+#include "php_random_csprng.h"
 
 #include "Zend/zend_exceptions.h"
 
diff --git a/ext/random/php_random.h b/ext/random/php_random.h
index b3e2400d995..88366cc4d69 100644
--- a/ext/random/php_random.h
+++ b/ext/random/php_random.h
@@ -32,6 +32,7 @@
 # define PHP_RANDOM_H
 
 # include "php.h"
+# include "php_random_csprng.h"
 # include "php_random_uint128.h"
 
 PHPAPI double php_combined_lcg(void);
@@ -65,29 +66,6 @@ PHPAPI zend_long php_mt_rand_common(zend_long min, zend_long max);
 PHPAPI void php_srand(zend_long seed);
 PHPAPI zend_long php_rand(void);
 
-PHPAPI zend_result php_random_bytes(void *bytes, size_t size, bool should_throw);
-PHPAPI zend_result php_random_int(zend_long min, zend_long max, zend_long *result, bool should_throw);
-
-static inline zend_result php_random_bytes_throw(void *bytes, size_t size)
-{
-	return php_random_bytes(bytes, size, true);
-}
-
-static inline zend_result php_random_bytes_silent(void *bytes, size_t size)
-{
-	return php_random_bytes(bytes, size, false);
-}
-
-static inline zend_result php_random_int_throw(zend_long min, zend_long max, zend_long *result)
-{
-	return php_random_int(min, max, result, true);
-}
-
-static inline zend_result php_random_int_silent(zend_long min, zend_long max, zend_long *result)
-{
-	return php_random_int(min, max, result, false);
-}
-
 typedef struct _php_random_status_ {
 	void *state;
 } php_random_status;
diff --git a/ext/random/php_random_csprng.h b/ext/random/php_random_csprng.h
new file mode 100644
index 00000000000..64a7050d50b
--- /dev/null
+++ b/ext/random/php_random_csprng.h
@@ -0,0 +1,46 @@
+/*
+   +----------------------------------------------------------------------+
+   | Copyright (c) The PHP Group                                          |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.01 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | https://www.php.net/license/3_01.txt                                 |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Authors: Tim Düsterhus <timwolla@php.net>                            |
+   |          Go Kudo <zeriyoshi@php.net>                                 |
+   +----------------------------------------------------------------------+
+*/
+
+#ifndef PHP_RANDOM_CSPRNG_H
+# define PHP_RANDOM_CSPRNG_H
+
+# include "php.h"
+
+PHPAPI zend_result php_random_bytes(void *bytes, size_t size, bool should_throw);
+PHPAPI zend_result php_random_int(zend_long min, zend_long max, zend_long *result, bool should_throw);
+
+static inline zend_result php_random_bytes_throw(void *bytes, size_t size)
+{
+	return php_random_bytes(bytes, size, true);
+}
+
+static inline zend_result php_random_bytes_silent(void *bytes, size_t size)
+{
+	return php_random_bytes(bytes, size, false);
+}
+
+static inline zend_result php_random_int_throw(zend_long min, zend_long max, zend_long *result)
+{
+	return php_random_int(min, max, result, true);
+}
+
+static inline zend_result php_random_int_silent(zend_long min, zend_long max, zend_long *result)
+{
+	return php_random_int(min, max, result, false);
+}
+
+#endif	/* PHP_RANDOM_CSPRNG_H */
diff --git a/ext/random/random.c b/ext/random/random.c
index 7935e1794fd..efe14e0f6e3 100644
--- a/ext/random/random.c
+++ b/ext/random/random.c
@@ -30,6 +30,7 @@
 #include "Zend/zend_exceptions.h"
 
 #include "php_random.h"
+#include "php_random_csprng.h"
 
 #if HAVE_UNISTD_H
 # include <unistd.h>
diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
index 53e978604ad..5c52c4c1c4a 100644
--- a/ext/reflection/php_reflection.c
+++ b/ext/reflection/php_reflection.c
@@ -27,7 +27,7 @@
 #include "php_reflection.h"
 #include "ext/standard/info.h"
 #include "ext/standard/sha1.h"
-#include "ext/random/php_random.h"
+#include "ext/random/php_random_csprng.h"
 
 #include "zend.h"
 #include "zend_API.h"
diff --git a/ext/session/session.c b/ext/session/session.c
index 8a2e575a7eb..61d91b77eaa 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -46,6 +46,7 @@
 #include "ext/standard/basic_functions.h"
 #include "ext/standard/head.h"
 #include "ext/random/php_random.h"
+#include "ext/random/php_random_csprng.h"
 
 #include "mod_files.h"
 #include "mod_user.h"
diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 8b87487017e..241afb16e52 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -19,7 +19,7 @@
 #include "php_soap.h"
 #include "ext/standard/base64.h"
 #include "ext/standard/md5.h"
-#include "ext/random/php_random.h"
+#include "ext/random/php_random_csprng.h"
 #include "ext/hash/php_hash.h"
 
 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
diff --git a/ext/standard/password.c b/ext/standard/password.c
index c3f7f738218..6270ba389d9 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -25,7 +25,7 @@
 #include "base64.h"
 #include "zend_interfaces.h"
 #include "info.h"
-#include "ext/random/php_random.h"
+#include "ext/random/php_random_csprng.h"
 #ifdef HAVE_ARGON2LIB
 #include "argon2.h"
 #endif
diff --git a/ext/standard/uniqid.c b/ext/standard/uniqid.c
index c6a68ed3b82..ec7673a304f 100644
--- a/ext/standard/uniqid.c
+++ b/ext/standard/uniqid.c
@@ -32,6 +32,7 @@
 #endif
 
 #include "ext/random/php_random.h"
+#include "ext/random/php_random_csprng.h"
 
 #ifdef HAVE_GETTIMEOFDAY
 ZEND_TLS struct timeval prev_tv = { 0, 0 };