diff --git a/arm/aes-decrypt-internal.asm b/arm/aes-decrypt-internal.asm
index 1b04ed9a0a61aeb0c745e86fc39a24935c91c2d3..ed0d66f8cb87cf57f181549a9e5c5f4ca4730a6d 100644
--- a/arm/aes-decrypt-internal.asm
+++ b/arm/aes-decrypt-internal.asm
@@ -111,11 +111,12 @@ define(`AES_DECRYPT_ROUND', `
 	and	T0, MASK, $1, ror #22
 	ldr	T0, [TABLE, T0]
 
-	ldm	$9!, {$1,$2,$3,$4}
+	ldm	$9, {$1,$2,$3,$4}
 	eor	$8, $8, T0
 	sub	TABLE, TABLE, #3072
 	eor	$5, $5, $1
 	eor	$6, $6, $2
+	sub	$9, $9, #16
 	eor	$7, $7, $3
 	eor	$8, $8, $4
 ')
@@ -142,7 +143,7 @@ PROLOGUE(_nettle_aes_decrypt)
 	AES_LOAD(X0,KEY,W0)
 	AES_LOAD(X0,KEY,W1)
 	AES_LOAD(X0,KEY,W2)
-	AES_LOAD(X0,KEY,W3)
+	AES_LOAD_INCR(X0,KEY,W3, -28)
 
 	str	X0, FRAME_SRC
 
diff --git a/arm/aes.m4 b/arm/aes.m4
index 95382de28122fcdf977e0e5ed90ee2031de38296..59706ba9e6784ee50dc2fc744d9b336a847098c6 100644
--- a/arm/aes.m4
+++ b/arm/aes.m4
@@ -1,6 +1,6 @@
 C Loads one word, and adds it to the subkey. Uses T0
-C AES_LOAD(SRC, KEY, REG)
-define(`AES_LOAD', `
+C AES_LOAD(SRC, KEY, REG, INCR)
+define(`AES_LOAD_INCR', `
 	ldrb	$3, [$1], #+1
 	ldrb	T0, [$1], #+1
 	orr	$3, T0, lsl #8
@@ -8,9 +8,13 @@ define(`AES_LOAD', `
 	orr	$3, T0, lsl #16
 	ldrb	T0, [$1], #+1
 	orr	$3, T0, lsl #24
-	ldr	T0, [$2], #+4
+	ldr	T0, [$2], #$4
 	eor	$3, T0
 ')
+C Loads one word, and adds it to the subkey. Uses T0
+C AES_LOAD(SRC, KEY, REG)
+define(`AES_LOAD', `AES_LOAD_INCR($1, $2, $3, +4)')
+
 C Stores one word. Destroys input.
 C AES_STORE(DST, X)
 define(`AES_STORE', `
diff --git a/arm/v6/aes-decrypt-internal.asm b/arm/v6/aes-decrypt-internal.asm
index e8c6e91ad67304dcd8d8cc097c6ce028252b101b..10e0373ed5d32745e8d9cce979ac278b629b8909 100644
--- a/arm/v6/aes-decrypt-internal.asm
+++ b/arm/v6/aes-decrypt-internal.asm
@@ -114,11 +114,12 @@ define(`AES_DECRYPT_ROUND', `
 	uxtb	T0, $1, ror #24
 	ldr	T0, [TABLE, T0, lsl #2]
 
-	ldm	$9!, {$1,$2,$3,$4}
+	ldm	$9, {$1,$2,$3,$4}
 	eor	$8, $8, T0
 	sub	TABLE, TABLE, #3072
 	eor	$5, $5, $1
 	eor	$6, $6, $2
+	sub	$9, $9, #16
 	eor	$7, $7, $3
 	eor	$8, $8, $4
 ')
@@ -148,7 +149,7 @@ PROLOGUE(_nettle_aes_decrypt)
 	AES_LOAD(SRC,KEY,W0)
 	AES_LOAD(SRC,KEY,W1)
 	AES_LOAD(SRC,KEY,W2)
-	AES_LOAD(SRC,KEY,W3)
+	AES_LOAD_INCR(SRC,KEY,W3, -28)
 
 	str	SRC, FRAME_SRC