diff --git a/x86/aes-decrypt-internal.asm b/x86/aes-decrypt-internal.asm
index dffad28223292a248c884fd6f517fac3e8445711..b0265654f9081c61b4722f63d1f210663ab20efa 100644
--- a/x86/aes-decrypt-internal.asm
+++ b/x86/aes-decrypt-internal.asm
@@ -122,16 +122,16 @@ PROLOGUE(_nettle_aes_decrypt)
 
 	C last round
 
-	AES_FINAL_ROUND(SA,SD,SC,SB, TMP, KEY)
+	AES_FINAL_ROUND(SA,SD,SC,SB,T, TMP, KEY)
 	pushl	TMP
 
-	AES_FINAL_ROUND(SB,SA,SD,SC, TMP, KEY)
+	AES_FINAL_ROUND(SB,SA,SD,SC,T, TMP, KEY)
 	pushl	TMP
 
-	AES_FINAL_ROUND(SC,SB,SA,SD, TMP, KEY)
+	AES_FINAL_ROUND(SC,SB,SA,SD,T, TMP, KEY)
 	pushl	TMP
 
-	AES_FINAL_ROUND(SD,SC,SB,SA, TMP, KEY)
+	AES_FINAL_ROUND(SD,SC,SB,SA,T, TMP, KEY)
 
 	movl	TMP,SD
 	popl	SC
@@ -139,7 +139,7 @@ PROLOGUE(_nettle_aes_decrypt)
 	popl	SA
 
 	C Inverse S-box substitution
-	mov	$4,TMP
+	mov	$3,TMP
 .Lsubst:
 	AES_SUBST_BYTE(SA,SB,SC,SD,T, KEY)
 
diff --git a/x86/aes-encrypt-internal.asm b/x86/aes-encrypt-internal.asm
index a651785156ffc6eb762225177aa65593fb0967c3..527afc7fbd532c971367f2149bdde556055d9b93 100644
--- a/x86/aes-encrypt-internal.asm
+++ b/x86/aes-encrypt-internal.asm
@@ -121,16 +121,16 @@ PROLOGUE(_nettle_aes_encrypt)
 
 	C last round
 
-	AES_FINAL_ROUND(SA,SB,SC,SD, TMP, KEY)
+	AES_FINAL_ROUND(SA,SB,SC,SD, T, TMP, KEY)
 	pushl	TMP
 
-	AES_FINAL_ROUND(SB,SC,SD,SA, TMP, KEY)
+	AES_FINAL_ROUND(SB,SC,SD,SA, T, TMP, KEY)
 	pushl	TMP
 
-	AES_FINAL_ROUND(SC,SD,SA,SB, TMP, KEY)
+	AES_FINAL_ROUND(SC,SD,SA,SB, T, TMP, KEY)
 	pushl	TMP
 
-	AES_FINAL_ROUND(SD,SA,SB,SC, TMP, KEY)
+	AES_FINAL_ROUND(SD,SA,SB,SC, T, TMP, KEY)
 
 	movl	TMP,SD
 	popl	SC
@@ -138,7 +138,7 @@ PROLOGUE(_nettle_aes_encrypt)
 	popl	SA
 
 	C S-box substitution
-	mov	$4,TMP
+	mov	$3,TMP
 .Lsubst:
 	AES_SUBST_BYTE(SA,SB,SC,SD, T, KEY)