diff --git a/sys/crypto/aes.c b/sys/crypto/aes.c
index 064d251b7e..0e7fd6a75d 100644
--- a/sys/crypto/aes.c
+++ b/sys/crypto/aes.c
@@ -800,6 +800,11 @@ int aes_init(cipher_context_t *context, const uint8_t *key, uint8_t keySize)
 {
     uint8_t i;
 
+    /* This implementation only supports a single key size (defined in AES_KEY_SIZE) */
+    if (keySize != AES_KEY_SIZE) {
+        return CIPHER_ERR_INVALID_KEY_SIZE;
+    }
+
     /* Make sure that context is large enough. If this is not the case,
        you should build with -DAES */
     if (CIPHER_MAX_CONTEXT_SIZE < AES_KEY_SIZE) {
diff --git a/sys/include/crypto/aes.h b/sys/include/crypto/aes.h
index b8756b10ce..5a57d33f75 100644
--- a/sys/include/crypto/aes.h
+++ b/sys/include/crypto/aes.h
@@ -75,6 +75,8 @@ typedef struct {
  * @param       context   the cipher_context_t-struct to save the
  *                        initialization of the cipher in
  * @param       keySize   the size of the key
+ *                        Must be 16, since this implementation does not
+ *                        support key lengths of 24 or 32 bytes
  * @param       key       a pointer to the key
  *
  * @return  CIPHER_INIT_SUCCESS if the initialization was successful.