diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index ba5844fc6..8e93e5690 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -80,6 +80,14 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif
 
+/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
+ * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
+ * to ensure a 128-bit key size in CTR_DRBG.
+ */
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C)
+#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+#endif
+
 /* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it
  * in a previous release, to ensure backwards compatibility.
  */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 96cdb45f8..c81cd1cc5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -66,11 +66,6 @@
 #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
 #endif
 
-#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && \
-    !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#error "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined, but not all prerequisites"
-#endif
-
 #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
 #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 3898471da..ce3a78d14 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -532,8 +532,6 @@
  *
  * Tradeoff: Uncommenting this macro reduces the size of AES code by about 4%.
  *
- * If uncommented, uncomment also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- *
  * Module:  library/aes.c
  *
  * Requires: MBEDTLS_AES_C
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8139e8ed5..0dd7e7323 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3451,7 +3451,6 @@ component_test_malloc_0_null () {
 component_test_aes_only_128_bit_keys () {
     msg "build: default config with AES_ONLY_128_BIT_KEY_LENGTH enabled"
     scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-    scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
     scripts/config.py unset MBEDTLS_PADLOCK_C
 
     make CC=gcc CFLAGS='-Werror -Wall -Wextra'