diff --git a/src/ts3init_cookie.c b/src/ts3init_cookie.c
index 2172c10..31b8271 100644
--- a/src/ts3init_cookie.c
+++ b/src/ts3init_cookie.c
@@ -11,6 +11,7 @@
  *    under the terms of the GNU General Public License; either version 2
  *    or 3 of the License, as published by the Free Software Foundation.
  */
+#include <linux/init.h>
 #include <linux/version.h>
 #include <linux/kernel.h>
 #include <linux/time.h>
@@ -39,6 +40,8 @@
         struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
 #endif
 
+static struct crypto_shash *sha512_tfm;
+
 
 static void check_update_seed_cache(time_t time, __u8 index, 
                 struct xt_ts3init_cookie_cache* cache,
@@ -46,30 +49,21 @@ static void check_update_seed_cache(time_t time, __u8 index,
 {
     int ret;
     __le32 seed_hash_time;
-    struct crypto_shash *tfm;
 
     if (time == cache->time[index]) return;
 
     /* We need to update the cache. */
     /* seed = sha512(random_seed[RANDOM_SEED_LEN] + __le32 time) */
     seed_hash_time = cpu_to_le32( (__u32)time);
-
-    tfm = crypto_alloc_shash(TS3_SHA_512_NAME, 0, 0);
-    if (IS_ERR(tfm))
-    {
-        printk(KERN_ERR KBUILD_MODNAME ": could not alloc sha512\n");
-    }
-    else 
     {
-        SHASH_DESC_ON_STACK(shash, tfm);
-        shash->tfm = tfm;
+        SHASH_DESC_ON_STACK(shash, sha512_tfm);
+        shash->tfm = sha512_tfm;
         shash->flags = 0;
 
         ret = crypto_shash_init(shash);
         if (ret != 0)
         {
             printk(KERN_ERR KBUILD_MODNAME ": could not initalize sha512\n");
-            crypto_free_shash(tfm);
             return;
         }
 
@@ -77,7 +71,6 @@ static void check_update_seed_cache(time_t time, __u8 index,
         if (ret != 0)
         {
             printk(KERN_ERR KBUILD_MODNAME ": could not update sha512\n");
-            crypto_free_shash(tfm);
             return;
         }
 
@@ -86,11 +79,9 @@ static void check_update_seed_cache(time_t time, __u8 index,
         if (ret != 0)
         {
             printk(KERN_ERR KBUILD_MODNAME ": could not finup sha512\n");
-            crypto_free_shash(tfm);
             return;
         }
 
-        crypto_free_shash(tfm);
         cache->time[index] = time;
     }
 }
@@ -106,7 +97,7 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
     time_t packet_cache_time;
 
     if (packet_index >= 8) return NULL;
-    
+
     current_cache_index = (current_time % 8) / 4;
     packet_cache_index = packet_index / 4;
 
@@ -149,3 +140,19 @@ int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *u
     return 0;
 }
 
+int __init ts3init_cookie_init(void)
+{
+    sha512_tfm = crypto_alloc_shash(TS3_SHA_512_NAME, 0, 0);
+    if (IS_ERR(sha512_tfm))
+    {
+        printk(KERN_ERR KBUILD_MODNAME ": could not alloc sha512\n");
+        return (int) PTR_ERR(sha512_tfm);
+    }
+    return 0;
+}
+
+void ts3init_cookie_exit(void)
+{
+    crypto_free_shash(sha512_tfm);
+}
+
diff --git a/src/ts3init_match.c b/src/ts3init_match.c
index a1ab1de..b17a513 100644
--- a/src/ts3init_match.c
+++ b/src/ts3init_match.c
@@ -14,6 +14,7 @@
 
 #include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/init.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
@@ -440,7 +441,7 @@ static struct xt_match ts3init_mt_reg[] __read_mostly =
     },
 };
 
-int ts3init_match_init(void)
+int __init ts3init_match_init(void)
 {
     return xt_register_matches(ts3init_mt_reg, ARRAY_SIZE(ts3init_mt_reg));
 }
diff --git a/src/ts3init_module.c b/src/ts3init_module.c
index 51034ed..239b51f 100644
--- a/src/ts3init_module.c
+++ b/src/ts3init_module.c
@@ -19,12 +19,15 @@
 
 /* defined in ts3init_match.c */
 int ts3init_match_init(void) __init;
-void ts3init_match_exit(void) __exit;
+void ts3init_match_exit(void);
 
 /* defined in ts3init_target.c */
 int ts3init_target_init(void) __init;
-void ts3init_target_exit(void) __exit;
+void ts3init_target_exit(void);
 
+/* defined in ts3init_cookie.c */
+int ts3init_cookie_init(void) __init;
+void ts3init_cookie_exit(void);
 
 MODULE_AUTHOR("Niels Werensteijn <niels.werensteijn@teamspeak.com>");
 MODULE_DESCRIPTION("A module to aid in ts3 spoof protection");
@@ -35,21 +38,34 @@ MODULE_ALIAS("ip6t_ts3init");
 static int __init ts3init_init(void)
 {
     int error;
+
+    error = ts3init_cookie_init();
+    if (error)
+        goto out1;
+
     error = ts3init_match_init();
     if (error)
-        return error;
+        goto out2;
 
     error = ts3init_target_init();
     if (error)
-        ts3init_match_exit();
+        goto out3;
+
+    return error;
 
+out3:
+    ts3init_match_exit();
+out2:
+    ts3init_cookie_exit();
+out1:
     return error;
 }
 
 static void __exit ts3init_exit(void)
 {
-    ts3init_match_exit();
     ts3init_target_exit();
+    ts3init_match_exit();
+    ts3init_cookie_exit();
 }
 
 module_init(ts3init_init);
diff --git a/src/ts3init_target.c b/src/ts3init_target.c
index ca0b8e5..e1c3d4e 100644
--- a/src/ts3init_target.c
+++ b/src/ts3init_target.c
@@ -14,6 +14,7 @@
 
 #include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/init.h>
 #include <linux/skbuff.h>
 #include <linux/udp.h>
 #include <linux/netfilter/x_tables.h>
@@ -525,7 +526,7 @@ static struct xt_target ts3init_tg_reg[] __read_mostly = {
     },
 };
 
-int ts3init_target_init(void)
+int __init ts3init_target_init(void)
 {
     return xt_register_targets(ts3init_tg_reg, ARRAY_SIZE(ts3init_tg_reg));
 }