diff --git a/asymmetric_test.go b/asymmetric_test.go
index eb22b1d..1e5b1a3 100644
--- a/asymmetric_test.go
+++ b/asymmetric_test.go
@@ -165,18 +165,21 @@ func TestInvalidECDecrypt(t *testing.T) {
 
 	// Missing epk header
 	headers := rawHeader{}
-	headers.set(headerAlgorithm, ECDH_ES)
 
-	_, err := dec.decryptKey(headers, nil, generator)
-	if err == nil {
+	if err := headers.set(headerAlgorithm, ECDH_ES); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := dec.decryptKey(headers, nil, generator); err == nil {
 		t.Error("ec decrypter accepted object with missing epk header")
 	}
 
 	// Invalid epk header
-	headers.set(headerEPK, &JSONWebKey{})
+	if err := headers.set(headerEPK, &JSONWebKey{}); err == nil {
+		t.Fatal("epk header should be invalid")
+	}
 
-	_, err = dec.decryptKey(headers, nil, generator)
-	if err == nil {
+	if _, err := dec.decryptKey(headers, nil, generator); err == nil {
 		t.Error("ec decrypter accepted object with invalid epk header")
 	}
 }
@@ -353,7 +356,7 @@ func TestInvalidEllipticCurve(t *testing.T) {
 	}
 }
 
-func estInvalidECPublicKey(t *testing.T) {
+func TestInvalidECPublicKey(t *testing.T) {
 	// Invalid key
 	invalid := &ecdsa.PrivateKey{
 		PublicKey: ecdsa.PublicKey{
@@ -365,17 +368,20 @@ func estInvalidECPublicKey(t *testing.T) {
 	}
 
 	headers := rawHeader{}
-	headers.set(headerAlgorithm, ECDH_ES)
-	headers.set(headerEPK, &JSONWebKey{
-		Key: &invalid.PublicKey,
-	})
+
+	if err := headers.set(headerAlgorithm, ECDH_ES); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := headers.set(headerEPK, &JSONWebKey{Key: &invalid.PublicKey}); err != nil {
+		t.Fatal(err)
+	}
 
 	dec := ecDecrypterSigner{
 		privateKey: ecTestKey256,
 	}
 
-	_, err := dec.decryptKey(headers, nil, randomKeyGenerator{size: 16})
-	if err == nil {
+	if _, err := dec.decryptKey(headers, nil, randomKeyGenerator{size: 16}); err == nil {
 		t.Fatal("decrypter accepted JWS with invalid ECDH public key")
 	}
 }
diff --git a/cipher/cbc_hmac_test.go b/cipher/cbc_hmac_test.go
index b60ec38..ae87825 100644
--- a/cipher/cbc_hmac_test.go
+++ b/cipher/cbc_hmac_test.go
@@ -271,12 +271,17 @@ func TestTruncatedCiphertext(t *testing.T) {
 	nonce := make([]byte, 16)
 	data := make([]byte, 32)
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		t.Fatal(err)
+	}
 
 	aead, err := NewCBCHMAC(key, aes.NewCipher)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	ctx := aead.(*cbcAEAD)
@@ -301,8 +306,13 @@ func TestInvalidPaddingOpen(t *testing.T) {
 	plaintext := padBuffer(make([]byte, 28), aes.BlockSize)
 	plaintext[len(plaintext)-1] = 0xFF
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		t.Fatal(err)
+	}
 
 	block, _ := aes.NewCipher(key)
 	cbc := cipher.NewCBCEncrypter(block, nonce)
@@ -369,14 +379,19 @@ func benchEncryptCBCHMAC(b *testing.B, keySize, chunkSize int) {
 	key := make([]byte, keySize*2)
 	nonce := make([]byte, 16)
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		b.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		b.Fatal(err)
+	}
 
 	chunk := make([]byte, chunkSize)
 
 	aead, err := NewCBCHMAC(key, aes.NewCipher)
 	if err != nil {
-		panic(err)
+		b.Fatal(err)
 	}
 
 	b.SetBytes(int64(chunkSize))
@@ -390,14 +405,19 @@ func benchDecryptCBCHMAC(b *testing.B, keySize, chunkSize int) {
 	key := make([]byte, keySize*2)
 	nonce := make([]byte, 16)
 
-	io.ReadFull(rand.Reader, key)
-	io.ReadFull(rand.Reader, nonce)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		b.Fatal(err)
+	}
+
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		b.Fatal(err)
+	}
 
 	chunk := make([]byte, chunkSize)
 
 	aead, err := NewCBCHMAC(key, aes.NewCipher)
 	if err != nil {
-		panic(err)
+		b.Fatal(err)
 	}
 
 	out := aead.Seal(nil, nonce, chunk, nil)
@@ -405,7 +425,9 @@ func benchDecryptCBCHMAC(b *testing.B, keySize, chunkSize int) {
 	b.SetBytes(int64(chunkSize))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		aead.Open(nil, nonce, out, nil)
+		if _, err = aead.Open(nil, nonce, out, nil); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
diff --git a/cipher/ecdh_es_test.go b/cipher/ecdh_es_test.go
index f5e0761..6d2424a 100644
--- a/cipher/ecdh_es_test.go
+++ b/cipher/ecdh_es_test.go
@@ -68,7 +68,11 @@ func TestVectorECDHES(t *testing.T) {
 }
 
 func TestInvalidECPublicKey(t *testing.T) {
-	defer func() { recover() }()
+	defer func() {
+		if r := recover(); r == nil {
+			panic("panic expected")
+		}
+	}()
 
 	// Invalid key
 	invalid := &ecdsa.PrivateKey{
diff --git a/cipher/key_wrap_test.go b/cipher/key_wrap_test.go
index 558a5fb..64ee58d 100644
--- a/cipher/key_wrap_test.go
+++ b/cipher/key_wrap_test.go
@@ -116,7 +116,9 @@ func BenchmarkAesKeyWrap(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		KeyWrap(block, key)
+		if _, err := KeyWrap(block, key); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
@@ -128,6 +130,8 @@ func BenchmarkAesKeyUnwrap(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		KeyUnwrap(block, input)
+		if _, err := KeyUnwrap(block, input); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
diff --git a/crypter_test.go b/crypter_test.go
index e561de0..4005c82 100644
--- a/crypter_test.go
+++ b/crypter_test.go
@@ -176,7 +176,9 @@ func TestRoundtripsJWECorrupted(t *testing.T) {
 			if skip {
 				return true
 			}
-			obj.protected.set(headerTag, tag)
+			if err := obj.protected.set(headerTag, tag); err != nil {
+				t.Fatal(err)
+			}
 			return false
 		},
 	}
@@ -694,22 +696,6 @@ func generateTestKeys(keyAlg KeyAlgorithm, encAlg ContentEncryption) []testKey {
 	panic("Must update test case")
 }
 
-func RunRoundtripsJWE(b *testing.B, alg KeyAlgorithm, enc ContentEncryption, zip CompressionAlgorithm, priv, pub interface{}) {
-	serializer := func(obj *JSONWebEncryption) (string, error) {
-		return obj.CompactSerialize()
-	}
-
-	corrupter := func(obj *JSONWebEncryption) bool { return false }
-
-	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
-		err := RoundtripJWE(alg, enc, zip, serializer, corrupter, nil, pub, priv)
-		if err != nil {
-			b.Error(err)
-		}
-	}
-}
-
 var (
 	chunks = map[string][]byte{
 		"1B":   make([]byte, 1),
@@ -881,7 +867,9 @@ func benchEncrypt(chunkKey, primKey string, b *testing.B) {
 
 	b.SetBytes(int64(len(data)))
 	for i := 0; i < b.N; i++ {
-		enc.Encrypt(data)
+		if _, err := enc.Encrypt(data); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
@@ -1057,7 +1045,9 @@ func benchDecrypt(chunkKey, primKey string, b *testing.B) {
 	b.SetBytes(int64(len(chunk)))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		data.Decrypt(dec)
+		if _, err := data.Decrypt(dec); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
diff --git a/jwe_test.go b/jwe_test.go
index c5c5f96..179e1ae 100644
--- a/jwe_test.go
+++ b/jwe_test.go
@@ -123,7 +123,11 @@ func TestFullParseJWE(t *testing.T) {
 
 func TestMissingInvalidHeaders(t *testing.T) {
 	protected := &rawHeader{}
-	protected.set(headerEncryption, A128GCM)
+
+	err := protected.set(headerEncryption, A128GCM)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	obj := &JSONWebEncryption{
 		protected:   protected,
@@ -133,21 +137,32 @@ func TestMissingInvalidHeaders(t *testing.T) {
 		},
 	}
 
-	_, err := obj.Decrypt(nil)
+	_, err = obj.Decrypt(nil)
 	if err != ErrUnsupportedKeyType {
 		t.Error("should detect invalid key")
 	}
 
-	obj.unprotected.set(headerCritical, []string{"1", "2"})
+	err = obj.unprotected.set(headerCritical, []string{"1", "2"})
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	_, err = obj.Decrypt(nil)
 	if err == nil {
 		t.Error("should reject message with crit header")
 	}
 
-	obj.unprotected.set(headerCritical, nil)
+	err = obj.unprotected.set(headerCritical, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	obj.protected = &rawHeader{}
-	obj.protected.set(headerAlgorithm, RSA1_5)
+
+	err = obj.protected.set(headerAlgorithm, RSA1_5)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	_, err = obj.Decrypt(rsaTestKey)
 	if err == nil || err == ErrCryptoFailure {
@@ -220,9 +235,13 @@ func TestCompactSerialize(t *testing.T) {
 	obj := &JSONWebEncryption{
 		unprotected: &rawHeader{},
 	}
-	obj.unprotected.set(headerAlgorithm, "XYZ")
 
-	_, err := obj.CompactSerialize()
+	err := obj.unprotected.set(headerAlgorithm, "XYZ")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = obj.CompactSerialize()
 	if err == nil {
 		t.Error("Object with unprotected headers can't be compact serialized")
 	}
@@ -284,15 +303,18 @@ func TestVectorsJWE(t *testing.T) {
 	// Encrypt with a dummy key
 	encrypter, err := NewEncrypter(A256GCM, Recipient{Algorithm: RSA_OAEP, Key: publicKey}, nil)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	object, err := encrypter.Encrypt(plaintext)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	serialized, err := object.CompactSerialize()
+	if err != nil {
+		t.Fatal(err)
+	}
 	if serialized != expectedCompact {
 		t.Error("Compact serialization is not what we expected", serialized, expectedCompact)
 	}
@@ -307,7 +329,9 @@ func TestJWENilProtected(t *testing.T) {
 	key := []byte("1234567890123456")
 	serialized := `{"unprotected":{"alg":"dir","enc":"A128GCM"}}`
 	jwe, _ := ParseEncrypted(serialized)
-	jwe.Decrypt(key)
+	if _, err := jwe.Decrypt(key); err == nil {
+		t.Error(err)
+	}
 }
 
 func TestVectorsJWECorrupt(t *testing.T) {
@@ -615,5 +639,7 @@ func TestTamperedJWE(t *testing.T) {
 func TestJWEWithNullAlg(t *testing.T) {
 	// {"alg":null,"enc":"A128GCM"}
 	serialized := `{"protected":"eyJhbGciOm51bGwsImVuYyI6IkExMjhHQ00ifQ"}`
-	ParseEncrypted(serialized)
+	if _, err := ParseEncrypted(serialized); err == nil {
+		t.Error(err)
+	}
 }
diff --git a/jws_test.go b/jws_test.go
index 9532c70..7bad32e 100644
--- a/jws_test.go
+++ b/jws_test.go
@@ -473,7 +473,9 @@ func TestNullHeaderValue(t *testing.T) {
 			t.Errorf("ParseSigned panic'd when parsing a message with a null protected header value")
 		}
 	}()
-	ParseSigned(msg)
+	if _, err := ParseSigned(msg); err != nil {
+		t.Fatal(err)
+	}
 }
 
 // Test for bug:
diff --git a/jwt/builder_test.go b/jwt/builder_test.go
index 16ad9d2..90e852a 100644
--- a/jwt/builder_test.go
+++ b/jwt/builder_test.go
@@ -72,7 +72,14 @@ func TestIntegerAndFloatsNormalize(t *testing.T) {
 	}
 
 	ni, err := (normalized["int"].(json.Number)).Int64()
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	nf, err := (normalized["float"].(json.Number)).Float64()
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	if ni != c.Int {
 		t.Error(fmt.Sprintf("normalize failed to preserve int64 (got %v, wanted %v, type %s)", normalized["int"], c.Int, reflect.TypeOf(normalized["int"])))
@@ -403,7 +410,9 @@ func BenchmarkSignedCompactSerializeRSA(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		tb.CompactSerialize()
+		if _, err := tb.CompactSerialize(); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
@@ -412,7 +421,9 @@ func BenchmarkSignedCompactSerializeSHA(b *testing.B) {
 
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		tb.CompactSerialize()
+		if _, err := tb.CompactSerialize(); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go
index 99ebd87..3322aa3 100644
--- a/jwt/jwt_test.go
+++ b/jwt/jwt_test.go
@@ -206,12 +206,16 @@ func TestTamperedJWT(t *testing.T) {
 
 func BenchmarkDecodeSignedToken(b *testing.B) {
 	for i := 0; i < b.N; i++ {
-		ParseSigned(hmacSignedToken)
+		if _, err := ParseSigned(hmacSignedToken); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
 
 func BenchmarkDecodeEncryptedHMACToken(b *testing.B) {
 	for i := 0; i < b.N; i++ {
-		ParseEncrypted(hmacEncryptedToken)
+		if _, err := ParseEncrypted(hmacEncryptedToken); err != nil {
+			b.Fatal(err)
+		}
 	}
 }
diff --git a/signing_test.go b/signing_test.go
index 004397b..1c10103 100644
--- a/signing_test.go
+++ b/signing_test.go
@@ -328,12 +328,18 @@ func TestInvalidSignerAlg(t *testing.T) {
 func TestInvalidJWS(t *testing.T) {
 	signer, err := NewSigner(SigningKey{PS256, rsaTestKey}, nil)
 	if err != nil {
-		panic(err)
+		t.Fatal(err)
 	}
 
 	obj, err := signer.Sign([]byte("Lorem ipsum dolor sit amet"))
+	if err != nil {
+		t.Fatal(err)
+	}
 	obj.Signatures[0].header = &rawHeader{}
-	obj.Signatures[0].header.set(headerCritical, []string{"TEST"})
+
+	if err = obj.Signatures[0].header.set(headerCritical, []string{"TEST"}); err != nil {
+		t.Fatal(err)
+	}
 
 	_, err = obj.Verify(&rsaTestKey.PublicKey)
 	if err == nil {
@@ -386,7 +392,11 @@ func TestSignerKid(t *testing.T) {
 	if err != nil {
 		t.Error("problem creating signer with *JSONWebKey", err)
 	}
+
 	signed, err := signer.Sign(payload)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	serialized := signed.FullSerialize()
 
@@ -434,6 +444,9 @@ func TestEmbedJwk(t *testing.T) {
 
 	// This time, sign and do not embed JWK in message
 	signer, err = NewSigner(SigningKey{ES256, key}, &SignerOptions{EmbedJWK: false})
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	object, err = signer.Sign(payload)
 	if err != nil {
diff --git a/symmetric_test.go b/symmetric_test.go
index 41370db..6dbc6a0 100644
--- a/symmetric_test.go
+++ b/symmetric_test.go
@@ -70,7 +70,9 @@ func TestInvalidKey(t *testing.T) {
 
 func TestStaticKeyGen(t *testing.T) {
 	key := make([]byte, 32)
-	io.ReadFull(rand.Reader, key)
+	if _, err := io.ReadFull(rand.Reader, key); err != nil {
+		t.Fatal(err)
+	}
 
 	gen := &staticKeyGenerator{key: key}
 	if gen.keySize() != len(key) {