As it stands we only enforce descsize limits when an algorithm is registered. However, as descsize is dynamic and may be set at init_tfm time this is not enough. This is why hmac has its own descsize check. This series adds descsize limit enforcement at init_tfm time so that the API takes over the responsibility of checking descsize after the algorithm's init_tfm has completed. v2 addresses the issues raised during review, including adding a WARN_ON_ONCE to crypto_shash_init_tfm. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt