diff --git a/modules/keying/keying.go b/modules/keying/keying.go
index 6082a91e8f..0b161b39c5 100644
--- a/modules/keying/keying.go
+++ b/modules/keying/keying.go
@@ -28,13 +28,16 @@ var (
 	// The hash used for HKDF.
 	hash = sha256.New
 	// The AEAD used for encryption/decryption.
-	aead          = chacha20poly1305.NewX
-	aeadKeySize   = chacha20poly1305.KeySize
-	aeadNonceSize = chacha20poly1305.NonceSizeX
+	aead = chacha20poly1305.NewX
 	// The pseudorandom key generated by HKDF-Extract.
 	prk []byte
 )
 
+const (
+	aeadKeySize   = chacha20poly1305.KeySize
+	aeadNonceSize = chacha20poly1305.NonceSizeX
+)
+
 // Set the main IKM for this module.
 func Init(ikm []byte) {
 	// Salt is intentionally left empty, it's not useful to Forgejo's use case.
@@ -55,7 +58,7 @@ var (
 // Derive *the* key for a given context, this is a deterministic function.
 // The same key will be provided for the same context.
 func DeriveKey(context Context) *Key {
-	if len(prk) == 0 {
+	if len(prk) != sha256.Size {
 		panic("keying: not initialized")
 	}
 
@@ -63,7 +66,7 @@ func DeriveKey(context Context) *Key {
 
 	key := make([]byte, aeadKeySize)
 	// This should never return an error, but if it does, panic.
-	if _, err := r.Read(key); err != nil {
+	if n, err := r.Read(key); err != nil || n != aeadKeySize {
 		panic(err)
 	}
 
@@ -92,7 +95,7 @@ func (k *Key) Encrypt(plaintext, additionalData []byte) []byte {
 
 	// Generate a random nonce.
 	nonce := make([]byte, aeadNonceSize)
-	if _, err := rand.Read(nonce); err != nil {
+	if n, err := rand.Read(nonce); err != nil || n != aeadNonceSize {
 		panic(err)
 	}