diff --git a/[refs] b/[refs]
index 7f58ec1a5d1a..56a34c782f19 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 54b6a1bd5364aca95cd6ffae00f2b64c6511122c
+refs/heads/master: d7992f42c61d5dc6d164f7dddd05284485204ada
diff --git a/trunk/crypto/ansi_cprng.c b/trunk/crypto/ansi_cprng.c
index 0fac8ffc2fb7..74478061ac0c 100644
--- a/trunk/crypto/ansi_cprng.c
+++ b/trunk/crypto/ansi_cprng.c
@@ -338,7 +338,16 @@ static int cprng_init(struct crypto_tfm *tfm)
 
 	spin_lock_init(&ctx->prng_lock);
 
-	return reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL);
+	if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0)
+		return -EINVAL;
+
+	/*
+	 * after allocation, we should always force the user to reset
+	 * so they don't inadvertently use the insecure default values
+	 * without specifying them intentially
+	 */
+	ctx->flags |= PRNG_NEED_RESET;
+	return 0;
 }
 
 static void cprng_exit(struct crypto_tfm *tfm)