diff --git a/src/crypto/internal/fips140/sha256/sha256block_riscv64.s b/src/crypto/internal/fips140/sha256/sha256block_riscv64.s
index 847b9699a6..567d44781c 100644
--- a/src/crypto/internal/fips140/sha256/sha256block_riscv64.s
+++ b/src/crypto/internal/fips140/sha256/sha256block_riscv64.s
@@ -88,47 +88,46 @@
 //   T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + Kt + Wt
 //     BIGSIGMA1(x) = ROTR(6,x) XOR ROTR(11,x) XOR ROTR(25,x)
 //     Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
+//                 = ((y XOR z) AND x) XOR z
 #define SHA256T1(index, e, f, g, h) \
 	MOVWU	(index*4)(X18), X8; \
 	ADD	X5, h; \
 	RORW	$6, e, X6; \
 	ADD	X8, h; \
 	RORW	$11, e, X7; \
-	XOR	X7, X6; \
 	RORW	$25, e, X8; \
+	XOR	X7, X6; \
+	XOR	f, g, X5; \
 	XOR	X8, X6; \
+	AND	e, X5; \
 	ADD	X6, h; \
-	AND	e, f, X5; \
-	NOT	e, X7; \
-	AND	g, X7; \
-	XOR	X7, X5; \
+	XOR	g, X5; \
 	ADD	h, X5
 
 // Calculate T2 in X6.
 //   T2 = BIGSIGMA0(a) + Maj(a, b, c)
 //     BIGSIGMA0(x) = ROTR(2,x) XOR ROTR(13,x) XOR ROTR(22,x)
 //     Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
+//                  = ((y XOR z) AND x) XOR (y AND z)
 #define SHA256T2(a, b, c) \
 	RORW	$2, a, X6; \
 	RORW	$13, a, X7; \
-	XOR	X7, X6; \
 	RORW	$22, a, X8; \
+	XOR	X7, X6; \
+	XOR	b, c, X9; \
+	AND	b, c, X7; \
+	AND	a, X9; \
 	XOR	X8, X6; \
-	AND	a, b, X7; \
-	AND	a, c, X8; \
-	XOR	X8, X7; \
-	AND	b, c, X9; \
-	XOR	X9, X7; \
-	ADD	X7, X6
+	XOR	X7, X9; \
+	ADD	X9, X6
 
 // Calculate T1 and T2, then e = d + T1 and a = T1 + T2.
 // The values for e and a are stored in d and h, ready for rotation.
 #define SHA256ROUND(index, a, b, c, d, e, f, g, h) \
 	SHA256T1(index, e, f, g, h); \
 	SHA256T2(a, b, c); \
-	MOV	X6, h; \
 	ADD	X5, d; \
-	ADD	X5, h
+	ADD	X6, X5, h
 
 #define SHA256ROUND0(index, a, b, c, d, e, f, g, h) \
 	MSGSCHEDULE0(index); \