diff --git a/CHANGELOG b/CHANGELOG
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Changelog
 
+- 0.2.1 (2026-01-10)
+  * Simply adds bounds to the ppad-sha{256,512} dependencies in the test and
+    benchmark suites.
+
 - 0.2.0 (2026-01-10)
   * In order to better-match the spec, 'gen' now returns an
     'Either Error BS.ByteString'. The new 'Error' value is returned
diff --git a/bench/Main.hs b/bench/Main.hs
--- a/bench/Main.hs
+++ b/bench/Main.hs
@@ -8,11 +8,20 @@
 import qualified Crypto.DRBG.HMAC as DRBG
 import qualified Crypto.Hash.SHA256 as SHA256
 import qualified Crypto.Hash.SHA512 as SHA512
+import qualified Data.ByteString as BS
 
+hmac_sha256 :: BS.ByteString -> BS.ByteString -> BS.ByteString
+hmac_sha256 k b = case SHA256.hmac k b of
+  SHA256.MAC m -> m
+
+hmac_sha512 :: BS.ByteString -> BS.ByteString -> BS.ByteString
+hmac_sha512 k b = case SHA512.hmac k b of
+  SHA512.MAC m -> m
+
 main :: IO ()
 main = do
-  !drbg256 <- DRBG.new SHA256.hmac mempty mempty mempty -- no NFData
-  !drbg512 <- DRBG.new SHA512.hmac mempty mempty mempty -- no NFData
+  !drbg256 <- DRBG.new hmac_sha256 mempty mempty mempty -- no NFData
+  !drbg512 <- DRBG.new hmac_sha512 mempty mempty mempty -- no NFData
   defaultMain [
       suite drbg256 drbg512
     ]
@@ -20,13 +29,13 @@
 suite drbg256 drbg512 =
   bgroup "ppad-hmac-drbg" [
     bgroup "HMAC-SHA256" [
-      bench "new" $ whnfAppIO (DRBG.new SHA256.hmac mempty mempty) mempty
+      bench "new" $ whnfAppIO (DRBG.new hmac_sha256 mempty mempty) mempty
     , bench "reseed" $ whnfAppIO (DRBG.reseed mempty mempty) drbg256
     , bench "gen (32B)"  $ whnfAppIO (DRBG.gen mempty 32) drbg256
     , bench "gen (256B)" $ whnfAppIO (DRBG.gen mempty 256) drbg256
     ]
   , bgroup "HMAC-SHA512" [
-      bench "new" $ whnfAppIO (DRBG.new SHA512.hmac mempty mempty) mempty
+      bench "new" $ whnfAppIO (DRBG.new hmac_sha512 mempty mempty) mempty
     , bench "reseed" $ whnfAppIO (DRBG.reseed mempty mempty) drbg512
     , bench "gen (32B)"  $ whnfAppIO (DRBG.gen mempty 32) drbg512
     , bench "gen (256B)" $ whnfAppIO (DRBG.gen mempty 256) drbg512
diff --git a/lib/Crypto/DRBG/HMAC.hs b/lib/Crypto/DRBG/HMAC.hs
--- a/lib/Crypto/DRBG/HMAC.hs
+++ b/lib/Crypto/DRBG/HMAC.hs
@@ -69,8 +69,7 @@
 --   Create a DRBG with 'new', and then use and reuse it to generate
 --   bytes as needed.
 --
---   >>> import qualified Crypto.Hash.SHA256 as SHA256
---   >>> drbg <- new SHA256.hmac entropy nonce personalization_string
+--   >>> drbg <- new hmac entropy nonce personalization_string
 --   >>> bytes0 <- gen addl_bytes 16 drbg
 --   >>> bytes1 <- gen addl_bytes 16 drbg
 --   >>> drbg
@@ -94,8 +93,9 @@
 --   value as the second, producing a MAC digest.
 --
 --   >>> import qualified Crypto.Hash.SHA256 as SHA256
---   >>> :t SHA256.hmac
---   SHA256.hmac :: BS.ByteString -> BS.ByteString -> BS.ByteString
+--   >>> let hmac k b = let SHA256.MAC m = SHA256.hmac k b in m
+--   >>> :t hmac
+--   hmac :: BS.ByteString -> BS.ByteString -> BS.ByteString
 type HMAC = BS.ByteString -> BS.ByteString -> BS.ByteString
 
 -- HMAC function and its associated outlength
@@ -133,7 +133,8 @@
 --   The DRBG is returned in any 'PrimMonad', e.g. 'ST' or 'IO'.
 --
 --   >>> import qualified Crypto.Hash.SHA256 as SHA256
---   >>> new SHA256.hmac entropy nonce personalization_string
+--   >>> let hmac k b = let SHA256.MAC m = SHA256.hmac k b in m
+--   >>> new hmac entropy nonce personalization_string
 --   "<drbg>"
 new
   :: PrimMonad m
@@ -155,7 +156,7 @@
 --   'MaxBytesExceeded'.
 --
 --   >>> import qualified Data.ByteString.Base16 as B16
---   >>> drbg <- new SHA256.hmac entropy nonce personalization_string
+--   >>> drbg <- new hmac entropy nonce personalization_string
 --   >>> Right bytes0 <- gen addl_bytes 16 drbg
 --   >>> Right bytes1 <- gen addl_bytes 16 drbg
 --   >>> B16.encode bytes0
diff --git a/ppad-hmac-drbg.cabal b/ppad-hmac-drbg.cabal
--- a/ppad-hmac-drbg.cabal
+++ b/ppad-hmac-drbg.cabal
@@ -1,6 +1,6 @@
 cabal-version:      3.0
 name:               ppad-hmac-drbg
-version:            0.2.0
+version:            0.2.1
 synopsis:           HMAC-based deterministic random bit generator
 license:            MIT
 license-file:       LICENSE
@@ -52,8 +52,8 @@
     , bytestring
     , ppad-base16
     , ppad-hmac-drbg
-    , ppad-sha256
-    , ppad-sha512
+    , ppad-sha256 >= 0.3 && < 0.4
+    , ppad-sha512 >= 0.2 && < 0.4
     , tasty
     , tasty-hunit
 
@@ -71,6 +71,6 @@
     , bytestring
     , criterion
     , ppad-hmac-drbg
-    , ppad-sha256
-    , ppad-sha512
+    , ppad-sha256 >= 0.3 && < 0.4
+    , ppad-sha512 >= 0.2 && < 0.4
 
diff --git a/test/Main.hs b/test/Main.hs
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -37,10 +37,18 @@
 
   defaultMain (cavp_14_3 sha256_cases sha512_cases)
 
+hmac_sha256 :: BS.ByteString -> BS.ByteString -> BS.ByteString
+hmac_sha256 k b = case SHA256.hmac k b of
+  SHA256.MAC m -> m
+
+hmac_sha512 :: BS.ByteString -> BS.ByteString -> BS.ByteString
+hmac_sha512 k b = case SHA512.hmac k b of
+  SHA512.MAC m -> m
+
 cavp_14_3 :: [CaseBlock] -> [CaseBlock] -> TestTree
 cavp_14_3 cs ds = testGroup "CAVP 14.3" [
-    testGroup "HMAC-SHA256" (fmap (execute_caseblock SHA256.hmac) cs)
-  , testGroup "HMAC-SHA512" (fmap (execute_caseblock SHA512.hmac) ds)
+    testGroup "HMAC-SHA256" (fmap (execute_caseblock hmac_sha256) cs)
+  , testGroup "HMAC-SHA512" (fmap (execute_caseblock hmac_sha512) ds)
   ]
 
 data CaseBlock = CaseBlock {
