diff --git a/sw/device/tests/crypto/cryptotest/json/rsa_commands.h b/sw/device/tests/crypto/cryptotest/json/rsa_commands.h
index 9329782449fa1..2ce20e8fe1a20 100644
--- a/sw/device/tests/crypto/cryptotest/json/rsa_commands.h
+++ b/sw/device/tests/crypto/cryptotest/json/rsa_commands.h
@@ -13,7 +13,10 @@ extern "C" {
 
 #define RSA_CMD_MAX_MESSAGE_BYTES 512
 #define RSA_CMD_MAX_N_BYTES 512
-#define RSA_CMD_MAX_SIGNATURE_BYTES 512
+// There are some error test cases that send larger signatures than 512 bytes.
+// The cryptolib should detect this and abort with an error.
+// Accomodate for these additional bytes.
+#define RSA_CMD_MAX_SIGNATURE_BYTES 514
 
 // clang-format off
 
diff --git a/sw/host/tests/crypto/rsa_kat/src/main.rs b/sw/host/tests/crypto/rsa_kat/src/main.rs
index 8bffb45f0f112..d32514987a709 100644
--- a/sw/host/tests/crypto/rsa_kat/src/main.rs
+++ b/sw/host/tests/crypto/rsa_kat/src/main.rs
@@ -87,7 +87,13 @@ fn run_rsa_testcase(
     };
 
     // Convert the inputs into the expected format for the CL.
-    let n: Vec<_> = test_case.n.iter().copied().rev().collect();
+    let mut n: Vec<_> = test_case.n.iter().copied().rev().collect();
+    // n in the wycheproof vectors seem to start with a leading 0.
+    if n.len() * u8::BITS as usize != test_case.security_level {
+        // Remove it.
+        assert_eq!(n.pop(), Some(0));
+    }
+    assert_eq!(n.len() * u8::BITS as usize, test_case.security_level);
 
     CryptotestCommand::Rsa.send(spi_console)?;
     let _operation = &match test_case.operation.as_str() {