From e2967396ac73cb7410787886cdaf072a184ffc49 Mon Sep 17 00:00:00 2001
From: irungentoo <irungentoo@gmail.com>
Date: Tue, 2 Jul 2013 09:53:34 -0400
Subject: Added NaCl crypto library.

---
 nacl/crypto_onetimeauth/measure.c                  |   69 +
 nacl/crypto_onetimeauth/poly1305/53/api.h          |    2 +
 nacl/crypto_onetimeauth/poly1305/53/auth.c         | 1616 ++++++++++++
 nacl/crypto_onetimeauth/poly1305/53/verify.c       |    9 +
 nacl/crypto_onetimeauth/poly1305/amd64/api.h       |    2 +
 nacl/crypto_onetimeauth/poly1305/amd64/auth.s      | 2787 ++++++++++++++++++++
 nacl/crypto_onetimeauth/poly1305/amd64/constants.s |   85 +
 nacl/crypto_onetimeauth/poly1305/amd64/verify.c    |    9 +
 nacl/crypto_onetimeauth/poly1305/checksum          |    1 +
 nacl/crypto_onetimeauth/poly1305/ref/api.h         |    2 +
 nacl/crypto_onetimeauth/poly1305/ref/auth.c        |  104 +
 nacl/crypto_onetimeauth/poly1305/ref/verify.c      |    9 +
 nacl/crypto_onetimeauth/poly1305/selected          |    0
 nacl/crypto_onetimeauth/poly1305/used              |    0
 nacl/crypto_onetimeauth/poly1305/x86/api.h         |    2 +
 nacl/crypto_onetimeauth/poly1305/x86/auth.s        | 2779 +++++++++++++++++++
 nacl/crypto_onetimeauth/poly1305/x86/constants.s   |   85 +
 nacl/crypto_onetimeauth/poly1305/x86/verify.c      |    9 +
 nacl/crypto_onetimeauth/try.c                      |  119 +
 nacl/crypto_onetimeauth/wrapper-auth.cpp           |   11 +
 nacl/crypto_onetimeauth/wrapper-verify.cpp         |   14 +
 21 files changed, 7714 insertions(+)
 create mode 100644 nacl/crypto_onetimeauth/measure.c
 create mode 100644 nacl/crypto_onetimeauth/poly1305/53/api.h
 create mode 100644 nacl/crypto_onetimeauth/poly1305/53/auth.c
 create mode 100644 nacl/crypto_onetimeauth/poly1305/53/verify.c
 create mode 100644 nacl/crypto_onetimeauth/poly1305/amd64/api.h
 create mode 100644 nacl/crypto_onetimeauth/poly1305/amd64/auth.s
 create mode 100644 nacl/crypto_onetimeauth/poly1305/amd64/constants.s
 create mode 100644 nacl/crypto_onetimeauth/poly1305/amd64/verify.c
 create mode 100644 nacl/crypto_onetimeauth/poly1305/checksum
 create mode 100644 nacl/crypto_onetimeauth/poly1305/ref/api.h
 create mode 100644 nacl/crypto_onetimeauth/poly1305/ref/auth.c
 create mode 100644 nacl/crypto_onetimeauth/poly1305/ref/verify.c
 create mode 100644 nacl/crypto_onetimeauth/poly1305/selected
 create mode 100644 nacl/crypto_onetimeauth/poly1305/used
 create mode 100644 nacl/crypto_onetimeauth/poly1305/x86/api.h
 create mode 100644 nacl/crypto_onetimeauth/poly1305/x86/auth.s
 create mode 100644 nacl/crypto_onetimeauth/poly1305/x86/constants.s
 create mode 100644 nacl/crypto_onetimeauth/poly1305/x86/verify.c
 create mode 100644 nacl/crypto_onetimeauth/try.c
 create mode 100644 nacl/crypto_onetimeauth/wrapper-auth.cpp
 create mode 100644 nacl/crypto_onetimeauth/wrapper-verify.cpp

(limited to 'nacl/crypto_onetimeauth')

diff --git a/nacl/crypto_onetimeauth/measure.c b/nacl/crypto_onetimeauth/measure.c
new file mode 100644
index 00000000..6d3ddfd5
--- /dev/null
+++ b/nacl/crypto_onetimeauth/measure.c
@@ -0,0 +1,69 @@
+#include "crypto_onetimeauth.h"
+#include "randombytes.h"
+#include "cpucycles.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
+const char *implementationversion = crypto_onetimeauth_VERSION;
+const char *sizenames[] = { "outputbytes", "keybytes", 0 };
+const long long sizes[] = { crypto_onetimeauth_BYTES, crypto_onetimeauth_KEYBYTES };
+
+#define MAXTEST_BYTES 4096
+#ifdef SUPERCOP
+#define MGAP 8192
+#else
+#define MGAP 8
+#endif
+
+static unsigned char *k;
+static unsigned char *m;
+static unsigned char *h;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  h = alignedcalloc(crypto_onetimeauth_BYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
+      randombytes(k,crypto_onetimeauth_KEYBYTES);
+      randombytes(m,mlen);
+      randombytes(h,crypto_onetimeauth_BYTES);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_onetimeauth(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_onetimeauth_verify(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"verify_cycles",cycles,TIMINGS);
+    }
+  }
+}
diff --git a/nacl/crypto_onetimeauth/poly1305/53/api.h b/nacl/crypto_onetimeauth/poly1305/53/api.h
new file mode 100644
index 00000000..acc133ed
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/53/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32
diff --git a/nacl/crypto_onetimeauth/poly1305/53/auth.c b/nacl/crypto_onetimeauth/poly1305/53/auth.c
new file mode 100644
index 00000000..a4a9c3f6
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/53/auth.c
@@ -0,0 +1,1616 @@
+/*
+20080910
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_onetimeauth.h"
+
+typedef unsigned char uchar;
+typedef int int32;
+typedef unsigned int uint32;
+typedef long long int64;
+typedef unsigned long long uint64;
+
+static const double poly1305_53_constants[] = {
+  0.00000000558793544769287109375 /* alpham80 = 3 2^(-29) */
+, 24.0 /* alpham48 = 3 2^3 */
+, 103079215104.0 /* alpham16 = 3 2^35 */
+, 6755399441055744.0 /* alpha0 = 3 2^51 */
+, 1770887431076116955136.0 /* alpha18 = 3 2^69 */
+, 29014219670751100192948224.0 /* alpha32 = 3 2^83 */
+, 7605903601369376408980219232256.0 /* alpha50 = 3 2^101 */
+, 124615124604835863084731911901282304.0 /* alpha64 = 3 2^115 */
+, 32667107224410092492483962313449748299776.0 /* alpha82 = 3 2^133 */
+, 535217884764734955396857238543560676143529984.0 /* alpha96 = 3 2^147 */
+, 35076039295941670036888435985190792471742381031424.0 /* alpha112 = 3 2^163 */
+, 9194973245195333150150082162901855101712434733101613056.0 /* alpha130 = 3 2^181 */
+, 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 /* scale = 5 2^(-130) */
+, 6755408030990331.0 /* offset0 = alpha0 + 2^33 - 5 */
+, 29014256564239239022116864.0 /* offset1 = alpha32 + 2^65 - 2^33 */
+, 124615283061160854719918951570079744.0 /* offset2 = alpha64 + 2^97 - 2^65 */
+, 535219245894202480694386063513315216128475136.0 /* offset3 = alpha96 + 2^130 - 2^97 */
+} ;
+
+int crypto_onetimeauth(unsigned char *out,const unsigned char *m,unsigned long long l,const unsigned char *k)
+{
+  register const unsigned char *r = k;
+  register const unsigned char *s = k + 16;
+  double r0high_stack;
+  double r1high_stack;
+  double r1low_stack;
+  double sr1high_stack;
+  double r2low_stack;
+  double sr2high_stack;
+  double r0low_stack;
+  double sr1low_stack;
+  double r2high_stack;
+  double sr2low_stack;
+  double r3high_stack;
+  double sr3high_stack;
+  double r3low_stack;
+  double sr3low_stack;
+  int64 d0;
+  int64 d1;
+  int64 d2;
+  int64 d3;
+  register double scale;
+  register double alpha0;
+  register double alpha32;
+  register double alpha64;
+  register double alpha96;
+  register double alpha130;
+  register double h0;
+  register double h1;
+  register double h2;
+  register double h3;
+  register double h4;
+  register double h5;
+  register double h6;
+  register double h7;
+  register double y7;
+  register double y6;
+  register double y1;
+  register double y0;
+  register double y5;
+  register double y4;
+  register double x7;
+  register double x6;
+  register double x1;
+  register double x0;
+  register double y3;
+  register double y2;
+  register double r3low;
+  register double r0low;
+  register double r3high;
+  register double r0high;
+  register double sr1low;
+  register double x5;
+  register double r3lowx0;
+  register double sr1high;
+  register double x4;
+  register double r0lowx6;
+  register double r1low;
+  register double x3;
+  register double r3highx0;
+  register double r1high;
+  register double x2;
+  register double r0highx6;
+  register double sr2low;
+  register double r0lowx0;
+  register double sr2high;
+  register double sr1lowx6;
+  register double r2low;
+  register double r0highx0;
+  register double r2high;
+  register double sr1highx6;
+  register double sr3low;
+  register double r1lowx0;
+  register double sr3high;
+  register double sr2lowx6;
+  register double r1highx0;
+  register double sr2highx6;
+  register double r2lowx0;
+  register double sr3lowx6;
+  register double r2highx0;
+  register double sr3highx6;
+  register double r1highx4;
+  register double r1lowx4;
+  register double r0highx4;
+  register double r0lowx4;
+  register double sr3highx4;
+  register double sr3lowx4;
+  register double sr2highx4;
+  register double sr2lowx4;
+  register double r0lowx2;
+  register double r0highx2;
+  register double r1lowx2;
+  register double r1highx2;
+  register double r2lowx2;
+  register double r2highx2;
+  register double sr3lowx2;
+  register double sr3highx2;
+  register double z0;
+  register double z1;
+  register double z2;
+  register double z3;
+  register int64 r0;
+  register int64 r1;
+  register int64 r2;
+  register int64 r3;
+  register uint32 r00;
+  register uint32 r01;
+  register uint32 r02;
+  register uint32 r03;
+  register uint32 r10;
+  register uint32 r11;
+  register uint32 r12;
+  register uint32 r13;
+  register uint32 r20;
+  register uint32 r21;
+  register uint32 r22;
+  register uint32 r23;
+  register uint32 r30;
+  register uint32 r31;
+  register uint32 r32;
+  register uint32 r33;
+  register int64 m0;
+  register int64 m1;
+  register int64 m2;
+  register int64 m3;
+  register uint32 m00;
+  register uint32 m01;
+  register uint32 m02;
+  register uint32 m03;
+  register uint32 m10;
+  register uint32 m11;
+  register uint32 m12;
+  register uint32 m13;
+  register uint32 m20;
+  register uint32 m21;
+  register uint32 m22;
+  register uint32 m23;
+  register uint32 m30;
+  register uint32 m31;
+  register uint32 m32;
+  register uint64 m33;
+  register char *constants;
+  register int32 lbelow2;
+  register int32 lbelow3;
+  register int32 lbelow4;
+  register int32 lbelow5;
+  register int32 lbelow6;
+  register int32 lbelow7;
+  register int32 lbelow8;
+  register int32 lbelow9;
+  register int32 lbelow10;
+  register int32 lbelow11;
+  register int32 lbelow12;
+  register int32 lbelow13;
+  register int32 lbelow14;
+  register int32 lbelow15;
+  register double alpham80;
+  register double alpham48;
+  register double alpham16;
+  register double alpha18;
+  register double alpha50;
+  register double alpha82;
+  register double alpha112;
+  register double offset0;
+  register double offset1;
+  register double offset2;
+  register double offset3;
+  register uint32 s00;
+  register uint32 s01;
+  register uint32 s02;
+  register uint32 s03;
+  register uint32 s10;
+  register uint32 s11;
+  register uint32 s12;
+  register uint32 s13;
+  register uint32 s20;
+  register uint32 s21;
+  register uint32 s22;
+  register uint32 s23;
+  register uint32 s30;
+  register uint32 s31;
+  register uint32 s32;
+  register uint32 s33;
+  register uint64 bits32;
+  register uint64 f;
+  register uint64 f0;
+  register uint64 f1;
+  register uint64 f2;
+  register uint64 f3;
+  register uint64 f4;
+  register uint64 g;
+  register uint64 g0;
+  register uint64 g1;
+  register uint64 g2;
+  register uint64 g3;
+  register uint64 g4;
+
+  r00 = *(uchar *) (r + 0);
+  constants = (char *) &poly1305_53_constants;
+
+  r01 = *(uchar *) (r + 1);
+
+  r02 = *(uchar *) (r + 2);
+  r0 = 2151;
+
+  r03 = *(uchar *) (r + 3); r03 &= 15;
+  r0 <<= 51;
+
+  r10 = *(uchar *) (r + 4); r10 &= 252;
+  r01 <<= 8;
+  r0 += r00;
+
+  r11 = *(uchar *) (r + 5);
+  r02 <<= 16;
+  r0 += r01;
+
+  r12 = *(uchar *) (r + 6);
+  r03 <<= 24;
+  r0 += r02;
+
+  r13 = *(uchar *) (r + 7); r13 &= 15;
+  r1 = 2215;
+  r0 += r03;
+
+  d0 = r0;
+  r1 <<= 51;
+  r2 = 2279;
+
+  r20 = *(uchar *) (r + 8); r20 &= 252;
+  r11 <<= 8;
+  r1 += r10;
+
+  r21 = *(uchar *) (r + 9);
+  r12 <<= 16;
+  r1 += r11;
+
+  r22 = *(uchar *) (r + 10);
+  r13 <<= 24;
+  r1 += r12;
+
+  r23 = *(uchar *) (r + 11); r23 &= 15;
+  r2 <<= 51;
+  r1 += r13;
+
+  d1 = r1;
+  r21 <<= 8;
+  r2 += r20;
+
+  r30 = *(uchar *) (r + 12); r30 &= 252;
+  r22 <<= 16;
+  r2 += r21;
+
+  r31 = *(uchar *) (r + 13);
+  r23 <<= 24;
+  r2 += r22;
+
+  r32 = *(uchar *) (r + 14);
+  r2 += r23;
+  r3 = 2343;
+
+  d2 = r2;
+  r3 <<= 51;
+  alpha32 = *(double *) (constants + 40);
+
+  r33 = *(uchar *) (r + 15); r33 &= 15;
+  r31 <<= 8;
+  r3 += r30;
+
+  r32 <<= 16;
+  r3 += r31;
+
+  r33 <<= 24;
+  r3 += r32;
+
+  r3 += r33;
+  h0 = alpha32 - alpha32;
+
+  d3 = r3;
+  h1 = alpha32 - alpha32;
+
+  alpha0 = *(double *) (constants + 24);
+  h2 = alpha32 - alpha32;
+
+  alpha64 = *(double *) (constants + 56);
+  h3 = alpha32 - alpha32;
+
+  alpha18 = *(double *) (constants + 32);
+  h4 = alpha32 - alpha32;
+
+  r0low = *(double *) &d0;
+  h5 = alpha32 - alpha32;
+
+  r1low = *(double *) &d1;
+  h6 = alpha32 - alpha32;
+
+  r2low = *(double *) &d2;
+  h7 = alpha32 - alpha32;
+
+  alpha50 = *(double *) (constants + 48);
+  r0low -= alpha0;
+
+  alpha82 = *(double *) (constants + 64);
+  r1low -= alpha32;
+
+  scale = *(double *) (constants + 96);
+  r2low -= alpha64;
+
+  alpha96 = *(double *) (constants + 72);
+  r0high = r0low + alpha18;
+
+  r3low = *(double *) &d3;
+
+  alpham80 = *(double *) (constants + 0);
+  r1high = r1low + alpha50;
+  sr1low = scale * r1low;
+
+  alpham48 = *(double *) (constants + 8);
+  r2high = r2low + alpha82;
+  sr2low = scale * r2low;
+
+  r0high -= alpha18;
+  r0high_stack = r0high;
+
+  r3low -= alpha96;
+
+  r1high -= alpha50;
+  r1high_stack = r1high;
+
+  sr1high = sr1low + alpham80;
+
+  alpha112 = *(double *) (constants + 80);
+  r0low -= r0high;
+
+  alpham16 = *(double *) (constants + 16);
+  r2high -= alpha82;
+  sr3low = scale * r3low;
+
+  alpha130 = *(double *) (constants + 88);
+  sr2high = sr2low + alpham48;
+
+  r1low -= r1high;
+  r1low_stack = r1low;
+
+  sr1high -= alpham80;
+  sr1high_stack = sr1high;
+
+  r2low -= r2high;
+  r2low_stack = r2low;
+
+  sr2high -= alpham48;
+  sr2high_stack = sr2high;
+
+  r3high = r3low + alpha112;
+  r0low_stack = r0low;
+
+  sr1low -= sr1high;
+  sr1low_stack = sr1low;
+
+  sr3high = sr3low + alpham16;
+  r2high_stack = r2high;
+
+  sr2low -= sr2high;
+  sr2low_stack = sr2low;
+
+  r3high -= alpha112;
+  r3high_stack = r3high;
+
+
+  sr3high -= alpham16;
+  sr3high_stack = sr3high;
+
+
+  r3low -= r3high;
+  r3low_stack = r3low;
+
+
+  sr3low -= sr3high;
+  sr3low_stack = sr3low;
+
+if (l < 16) goto addatmost15bytes;
+
+  m00 = *(uchar *) (m + 0);
+  m0 = 2151;
+
+  m0 <<= 51;
+  m1 = 2215;
+  m01 = *(uchar *) (m + 1);
+
+  m1 <<= 51;
+  m2 = 2279;
+  m02 = *(uchar *) (m + 2);
+
+  m2 <<= 51;
+  m3 = 2343;
+  m03 = *(uchar *) (m + 3);
+
+  m10 = *(uchar *) (m + 4);
+  m01 <<= 8;
+  m0 += m00;
+
+  m11 = *(uchar *) (m + 5);
+  m02 <<= 16;
+  m0 += m01;
+
+  m12 = *(uchar *) (m + 6);
+  m03 <<= 24;
+  m0 += m02;
+
+  m13 = *(uchar *) (m + 7);
+  m3 <<= 51;
+  m0 += m03;
+
+  m20 = *(uchar *) (m + 8);
+  m11 <<= 8;
+  m1 += m10;
+
+  m21 = *(uchar *) (m + 9);
+  m12 <<= 16;
+  m1 += m11;
+
+  m22 = *(uchar *) (m + 10);
+  m13 <<= 24;
+  m1 += m12;
+
+  m23 = *(uchar *) (m + 11);
+  m1 += m13;
+
+  m30 = *(uchar *) (m + 12);
+  m21 <<= 8;
+  m2 += m20;
+
+  m31 = *(uchar *) (m + 13);
+  m22 <<= 16;
+  m2 += m21;
+
+  m32 = *(uchar *) (m + 14);
+  m23 <<= 24;
+  m2 += m22;
+
+  m33 = *(uchar *) (m + 15);
+  m2 += m23;
+
+  d0 = m0;
+  m31 <<= 8;
+  m3 += m30;
+
+  d1 = m1;
+  m32 <<= 16;
+  m3 += m31;
+
+  d2 = m2;
+  m33 += 256;
+
+  m33 <<= 24;
+  m3 += m32;
+
+  m3 += m33;
+  d3 = m3;
+
+  m += 16;
+  l -= 16;
+
+  z0 = *(double *) &d0;
+
+  z1 = *(double *) &d1;
+
+  z2 = *(double *) &d2;
+
+  z3 = *(double *) &d3;
+
+  z0 -= alpha0;
+
+  z1 -= alpha32;
+
+  z2 -= alpha64;
+
+  z3 -= alpha96;
+
+  h0 += z0;
+
+  h1 += z1;
+
+  h3 += z2;
+
+  h5 += z3;
+
+if (l < 16) goto multiplyaddatmost15bytes;
+
+multiplyaddatleast16bytes:;
+
+  m2 = 2279;
+  m20 = *(uchar *) (m + 8);
+  y7 = h7 + alpha130;
+
+  m2 <<= 51;
+  m3 = 2343;
+  m21 = *(uchar *) (m + 9);
+  y6 = h6 + alpha130;
+
+  m3 <<= 51;
+  m0 = 2151;
+  m22 = *(uchar *) (m + 10);
+  y1 = h1 + alpha32;
+
+  m0 <<= 51;
+  m1 = 2215;
+  m23 = *(uchar *) (m + 11);
+  y0 = h0 + alpha32;
+
+  m1 <<= 51;
+  m30 = *(uchar *) (m + 12);
+  y7 -= alpha130;
+
+  m21 <<= 8;
+  m2 += m20;
+  m31 = *(uchar *) (m + 13);
+  y6 -= alpha130;
+
+  m22 <<= 16;
+  m2 += m21;
+  m32 = *(uchar *) (m + 14);
+  y1 -= alpha32;
+
+  m23 <<= 24;
+  m2 += m22;
+  m33 = *(uchar *) (m + 15);
+  y0 -= alpha32;
+
+  m2 += m23;
+  m00 = *(uchar *) (m + 0);
+  y5 = h5 + alpha96;
+
+  m31 <<= 8;
+  m3 += m30;
+  m01 = *(uchar *) (m + 1);
+  y4 = h4 + alpha96;
+
+  m32 <<= 16;
+  m02 = *(uchar *) (m + 2);
+  x7 = h7 - y7;
+  y7 *= scale;
+
+  m33 += 256;
+  m03 = *(uchar *) (m + 3);
+  x6 = h6 - y6;
+  y6 *= scale;
+
+  m33 <<= 24;
+  m3 += m31;
+  m10 = *(uchar *) (m + 4);
+  x1 = h1 - y1;
+
+  m01 <<= 8;
+  m3 += m32;
+  m11 = *(uchar *) (m + 5);
+  x0 = h0 - y0;
+
+  m3 += m33;
+  m0 += m00;
+  m12 = *(uchar *) (m + 6);
+  y5 -= alpha96;
+
+  m02 <<= 16;
+  m0 += m01;
+  m13 = *(uchar *) (m + 7);
+  y4 -= alpha96;
+
+  m03 <<= 24;
+  m0 += m02;
+  d2 = m2;
+  x1 += y7;
+
+  m0 += m03;
+  d3 = m3;
+  x0 += y6;
+
+  m11 <<= 8;
+  m1 += m10;
+  d0 = m0;
+  x7 += y5;
+
+  m12 <<= 16;
+  m1 += m11;
+  x6 += y4;
+
+  m13 <<= 24;
+  m1 += m12;
+  y3 = h3 + alpha64;
+
+  m1 += m13;
+  d1 = m1;
+  y2 = h2 + alpha64;
+
+  x0 += x1;
+
+  x6 += x7;
+
+  y3 -= alpha64;
+  r3low = r3low_stack;
+
+  y2 -= alpha64;
+  r0low = r0low_stack;
+
+  x5 = h5 - y5;
+  r3lowx0 = r3low * x0;
+  r3high = r3high_stack;
+
+  x4 = h4 - y4;
+  r0lowx6 = r0low * x6;
+  r0high = r0high_stack;
+
+  x3 = h3 - y3;
+  r3highx0 = r3high * x0;
+  sr1low = sr1low_stack;
+
+  x2 = h2 - y2;
+  r0highx6 = r0high * x6;
+  sr1high = sr1high_stack;
+
+  x5 += y3;
+  r0lowx0 = r0low * x0;
+  r1low = r1low_stack;
+
+  h6 = r3lowx0 + r0lowx6;
+  sr1lowx6 = sr1low * x6;
+  r1high = r1high_stack;
+
+  x4 += y2;
+  r0highx0 = r0high * x0;
+  sr2low = sr2low_stack;
+
+  h7 = r3highx0 + r0highx6;
+  sr1highx6 = sr1high * x6;
+  sr2high = sr2high_stack;
+
+  x3 += y1;
+  r1lowx0 = r1low * x0;
+  r2low = r2low_stack;
+
+  h0 = r0lowx0 + sr1lowx6;
+  sr2lowx6 = sr2low * x6;
+  r2high = r2high_stack;
+
+  x2 += y0;
+  r1highx0 = r1high * x0;
+  sr3low = sr3low_stack;
+
+  h1 = r0highx0 + sr1highx6;
+  sr2highx6 = sr2high * x6;
+  sr3high = sr3high_stack;
+
+  x4 += x5;
+  r2lowx0 = r2low * x0;
+  z2 = *(double *) &d2;
+
+  h2 = r1lowx0 + sr2lowx6;
+  sr3lowx6 = sr3low * x6;
+
+  x2 += x3;
+  r2highx0 = r2high * x0;
+  z3 = *(double *) &d3;
+
+  h3 = r1highx0 + sr2highx6;
+  sr3highx6 = sr3high * x6;
+
+  r1highx4 = r1high * x4;
+  z2 -= alpha64;
+
+  h4 = r2lowx0 + sr3lowx6;
+  r1lowx4 = r1low * x4;
+
+  r0highx4 = r0high * x4;
+  z3 -= alpha96;
+
+  h5 = r2highx0 + sr3highx6;
+  r0lowx4 = r0low * x4;
+
+  h7 += r1highx4;
+  sr3highx4 = sr3high * x4;
+
+  h6 += r1lowx4;
+  sr3lowx4 = sr3low * x4;
+
+  h5 += r0highx4;
+  sr2highx4 = sr2high * x4;
+
+  h4 += r0lowx4;
+  sr2lowx4 = sr2low * x4;
+
+  h3 += sr3highx4;
+  r0lowx2 = r0low * x2;
+
+  h2 += sr3lowx4;
+  r0highx2 = r0high * x2;
+
+  h1 += sr2highx4;
+  r1lowx2 = r1low * x2;
+
+  h0 += sr2lowx4;
+  r1highx2 = r1high * x2;
+
+  h2 += r0lowx2;
+  r2lowx2 = r2low * x2;
+
+  h3 += r0highx2;
+  r2highx2 = r2high * x2;
+
+  h4 += r1lowx2;
+  sr3lowx2 = sr3low * x2;
+
+  h5 += r1highx2;
+  sr3highx2 = sr3high * x2;
+  alpha0 = *(double *) (constants + 24);
+
+  m += 16;
+  h6 += r2lowx2;
+
+  l -= 16;
+  h7 += r2highx2;
+
+  z1 = *(double *) &d1;
+  h0 += sr3lowx2;
+
+  z0 = *(double *) &d0;
+  h1 += sr3highx2;
+
+  z1 -= alpha32;
+
+  z0 -= alpha0;
+
+  h5 += z3;
+
+  h3 += z2;
+
+  h1 += z1;
+
+  h0 += z0;
+
+if (l >= 16) goto multiplyaddatleast16bytes;
+
+multiplyaddatmost15bytes:;
+
+  y7 = h7 + alpha130;
+
+  y6 = h6 + alpha130;
+
+  y1 = h1 + alpha32;
+
+  y0 = h0 + alpha32;
+
+  y7 -= alpha130;
+
+  y6 -= alpha130;
+
+  y1 -= alpha32;
+
+  y0 -= alpha32;
+
+  y5 = h5 + alpha96;
+
+  y4 = h4 + alpha96;
+
+  x7 = h7 - y7;
+  y7 *= scale;
+
+  x6 = h6 - y6;
+  y6 *= scale;
+
+  x1 = h1 - y1;
+
+  x0 = h0 - y0;
+
+  y5 -= alpha96;
+
+  y4 -= alpha96;
+
+  x1 += y7;
+
+  x0 += y6;
+
+  x7 += y5;
+
+  x6 += y4;
+
+  y3 = h3 + alpha64;
+
+  y2 = h2 + alpha64;
+
+  x0 += x1;
+
+  x6 += x7;
+
+  y3 -= alpha64;
+  r3low = r3low_stack;
+
+  y2 -= alpha64;
+  r0low = r0low_stack;
+
+  x5 = h5 - y5;
+  r3lowx0 = r3low * x0;
+  r3high = r3high_stack;
+
+  x4 = h4 - y4;
+  r0lowx6 = r0low * x6;
+  r0high = r0high_stack;
+
+  x3 = h3 - y3;
+  r3highx0 = r3high * x0;
+  sr1low = sr1low_stack;
+
+  x2 = h2 - y2;
+  r0highx6 = r0high * x6;
+  sr1high = sr1high_stack;
+
+  x5 += y3;
+  r0lowx0 = r0low * x0;
+  r1low = r1low_stack;
+
+  h6 = r3lowx0 + r0lowx6;
+  sr1lowx6 = sr1low * x6;
+  r1high = r1high_stack;
+
+  x4 += y2;
+  r0highx0 = r0high * x0;
+  sr2low = sr2low_stack;
+
+  h7 = r3highx0 + r0highx6;
+  sr1highx6 = sr1high * x6;
+  sr2high = sr2high_stack;
+
+  x3 += y1;
+  r1lowx0 = r1low * x0;
+  r2low = r2low_stack;
+
+  h0 = r0lowx0 + sr1lowx6;
+  sr2lowx6 = sr2low * x6;
+  r2high = r2high_stack;
+
+  x2 += y0;
+  r1highx0 = r1high * x0;
+  sr3low = sr3low_stack;
+
+  h1 = r0highx0 + sr1highx6;
+  sr2highx6 = sr2high * x6;
+  sr3high = sr3high_stack;
+
+  x4 += x5;
+  r2lowx0 = r2low * x0;
+
+  h2 = r1lowx0 + sr2lowx6;
+  sr3lowx6 = sr3low * x6;
+
+  x2 += x3;
+  r2highx0 = r2high * x0;
+
+  h3 = r1highx0 + sr2highx6;
+  sr3highx6 = sr3high * x6;
+
+  r1highx4 = r1high * x4;
+
+  h4 = r2lowx0 + sr3lowx6;
+  r1lowx4 = r1low * x4;
+
+  r0highx4 = r0high * x4;
+
+  h5 = r2highx0 + sr3highx6;
+  r0lowx4 = r0low * x4;
+
+  h7 += r1highx4;
+  sr3highx4 = sr3high * x4;
+
+  h6 += r1lowx4;
+  sr3lowx4 = sr3low * x4;
+
+  h5 += r0highx4;
+  sr2highx4 = sr2high * x4;
+
+  h4 += r0lowx4;
+  sr2lowx4 = sr2low * x4;
+
+  h3 += sr3highx4;
+  r0lowx2 = r0low * x2;
+
+  h2 += sr3lowx4;
+  r0highx2 = r0high * x2;
+
+  h1 += sr2highx4;
+  r1lowx2 = r1low * x2;
+
+  h0 += sr2lowx4;
+  r1highx2 = r1high * x2;
+
+  h2 += r0lowx2;
+  r2lowx2 = r2low * x2;
+
+  h3 += r0highx2;
+  r2highx2 = r2high * x2;
+
+  h4 += r1lowx2;
+  sr3lowx2 = sr3low * x2;
+
+  h5 += r1highx2;
+  sr3highx2 = sr3high * x2;
+
+  h6 += r2lowx2;
+
+  h7 += r2highx2;
+
+  h0 += sr3lowx2;
+
+  h1 += sr3highx2;
+
+addatmost15bytes:;
+
+if (l == 0) goto nomorebytes;
+
+  lbelow2 = l - 2;
+
+  lbelow3 = l - 3;
+
+  lbelow2 >>= 31;
+  lbelow4 = l - 4;
+
+  m00 = *(uchar *) (m + 0);
+  lbelow3 >>= 31;
+  m += lbelow2;
+
+  m01 = *(uchar *) (m + 1);
+  lbelow4 >>= 31;
+  m += lbelow3;
+
+  m02 = *(uchar *) (m + 2);
+  m += lbelow4;
+  m0 = 2151;
+
+  m03 = *(uchar *) (m + 3);
+  m0 <<= 51;
+  m1 = 2215;
+
+  m0 += m00;
+  m01 &= ~lbelow2;
+
+  m02 &= ~lbelow3;
+  m01 -= lbelow2;
+
+  m01 <<= 8;
+  m03 &= ~lbelow4;
+
+  m0 += m01;
+  lbelow2 -= lbelow3;
+
+  m02 += lbelow2;
+  lbelow3 -= lbelow4;
+
+  m02 <<= 16;
+  m03 += lbelow3;
+
+  m03 <<= 24;
+  m0 += m02;
+
+  m0 += m03;
+  lbelow5 = l - 5;
+
+  lbelow6 = l - 6;
+  lbelow7 = l - 7;
+
+  lbelow5 >>= 31;
+  lbelow8 = l - 8;
+
+  lbelow6 >>= 31;
+  m += lbelow5;
+
+  m10 = *(uchar *) (m + 4);
+  lbelow7 >>= 31;
+  m += lbelow6;
+
+  m11 = *(uchar *) (m + 5);
+  lbelow8 >>= 31;
+  m += lbelow7;
+
+  m12 = *(uchar *) (m + 6);
+  m1 <<= 51;
+  m += lbelow8;
+
+  m13 = *(uchar *) (m + 7);
+  m10 &= ~lbelow5;
+  lbelow4 -= lbelow5;
+
+  m10 += lbelow4;
+  lbelow5 -= lbelow6;
+
+  m11 &= ~lbelow6;
+  m11 += lbelow5;
+
+  m11 <<= 8;
+  m1 += m10;
+
+  m1 += m11;
+  m12 &= ~lbelow7;
+
+  lbelow6 -= lbelow7;
+  m13 &= ~lbelow8;
+
+  m12 += lbelow6;
+  lbelow7 -= lbelow8;
+
+  m12 <<= 16;
+  m13 += lbelow7;
+
+  m13 <<= 24;
+  m1 += m12;
+
+  m1 += m13;
+  m2 = 2279;
+
+  lbelow9 = l - 9;
+  m3 = 2343;
+
+  lbelow10 = l - 10;
+  lbelow11 = l - 11;
+
+  lbelow9 >>= 31;
+  lbelow12 = l - 12;
+
+  lbelow10 >>= 31;
+  m += lbelow9;
+
+  m20 = *(uchar *) (m + 8);
+  lbelow11 >>= 31;
+  m += lbelow10;
+
+  m21 = *(uchar *) (m + 9);
+  lbelow12 >>= 31;
+  m += lbelow11;
+
+  m22 = *(uchar *) (m + 10);
+  m2 <<= 51;
+  m += lbelow12;
+
+  m23 = *(uchar *) (m + 11);
+  m20 &= ~lbelow9;
+  lbelow8 -= lbelow9;
+
+  m20 += lbelow8;
+  lbelow9 -= lbelow10;
+
+  m21 &= ~lbelow10;
+  m21 += lbelow9;
+
+  m21 <<= 8;
+  m2 += m20;
+
+  m2 += m21;
+  m22 &= ~lbelow11;
+
+  lbelow10 -= lbelow11;
+  m23 &= ~lbelow12;
+
+  m22 += lbelow10;
+  lbelow11 -= lbelow12;
+
+  m22 <<= 16;
+  m23 += lbelow11;
+
+  m23 <<= 24;
+  m2 += m22;
+
+  m3 <<= 51;
+  lbelow13 = l - 13;
+
+  lbelow13 >>= 31;
+  lbelow14 = l - 14;
+
+  lbelow14 >>= 31;
+  m += lbelow13;
+  lbelow15 = l - 15;
+
+  m30 = *(uchar *) (m + 12);
+  lbelow15 >>= 31;
+  m += lbelow14;
+
+  m31 = *(uchar *) (m + 13);
+  m += lbelow15;
+  m2 += m23;
+
+  m32 = *(uchar *) (m + 14);
+  m30 &= ~lbelow13;
+  lbelow12 -= lbelow13;
+
+  m30 += lbelow12;
+  lbelow13 -= lbelow14;
+
+  m3 += m30;
+  m31 &= ~lbelow14;
+
+  m31 += lbelow13;
+  m32 &= ~lbelow15;
+
+  m31 <<= 8;
+  lbelow14 -= lbelow15;
+
+  m3 += m31;
+  m32 += lbelow14;
+  d0 = m0;
+
+  m32 <<= 16;
+  m33 = lbelow15 + 1;
+  d1 = m1;
+
+  m33 <<= 24;
+  m3 += m32;
+  d2 = m2;
+
+  m3 += m33;
+  d3 = m3;
+
+  alpha0 = *(double *) (constants + 24);
+
+  z3 = *(double *) &d3;
+
+  z2 = *(double *) &d2;
+
+  z1 = *(double *) &d1;
+
+  z0 = *(double *) &d0;
+
+  z3 -= alpha96;
+
+  z2 -= alpha64;
+
+  z1 -= alpha32;
+
+  z0 -= alpha0;
+
+  h5 += z3;
+
+  h3 += z2;
+
+  h1 += z1;
+
+  h0 += z0;
+
+  y7 = h7 + alpha130;
+
+  y6 = h6 + alpha130;
+
+  y1 = h1 + alpha32;
+
+  y0 = h0 + alpha32;
+
+  y7 -= alpha130;
+
+  y6 -= alpha130;
+
+  y1 -= alpha32;
+
+  y0 -= alpha32;
+
+  y5 = h5 + alpha96;
+
+  y4 = h4 + alpha96;
+
+  x7 = h7 - y7;
+  y7 *= scale;
+
+  x6 = h6 - y6;
+  y6 *= scale;
+
+  x1 = h1 - y1;
+
+  x0 = h0 - y0;
+
+  y5 -= alpha96;
+
+  y4 -= alpha96;
+
+  x1 += y7;
+
+  x0 += y6;
+
+  x7 += y5;
+
+  x6 += y4;
+
+  y3 = h3 + alpha64;
+
+  y2 = h2 + alpha64;
+
+  x0 += x1;
+
+  x6 += x7;
+
+  y3 -= alpha64;
+  r3low = r3low_stack;
+
+  y2 -= alpha64;
+  r0low = r0low_stack;
+
+  x5 = h5 - y5;
+  r3lowx0 = r3low * x0;
+  r3high = r3high_stack;
+
+  x4 = h4 - y4;
+  r0lowx6 = r0low * x6;
+  r0high = r0high_stack;
+
+  x3 = h3 - y3;
+  r3highx0 = r3high * x0;
+  sr1low = sr1low_stack;
+
+  x2 = h2 - y2;
+  r0highx6 = r0high * x6;
+  sr1high = sr1high_stack;
+
+  x5 += y3;
+  r0lowx0 = r0low * x0;
+  r1low = r1low_stack;
+
+  h6 = r3lowx0 + r0lowx6;
+  sr1lowx6 = sr1low * x6;
+  r1high = r1high_stack;
+
+  x4 += y2;
+  r0highx0 = r0high * x0;
+  sr2low = sr2low_stack;
+
+  h7 = r3highx0 + r0highx6;
+  sr1highx6 = sr1high * x6;
+  sr2high = sr2high_stack;
+
+  x3 += y1;
+  r1lowx0 = r1low * x0;
+  r2low = r2low_stack;
+
+  h0 = r0lowx0 + sr1lowx6;
+  sr2lowx6 = sr2low * x6;
+  r2high = r2high_stack;
+
+  x2 += y0;
+  r1highx0 = r1high * x0;
+  sr3low = sr3low_stack;
+
+  h1 = r0highx0 + sr1highx6;
+  sr2highx6 = sr2high * x6;
+  sr3high = sr3high_stack;
+
+  x4 += x5;
+  r2lowx0 = r2low * x0;
+
+  h2 = r1lowx0 + sr2lowx6;
+  sr3lowx6 = sr3low * x6;
+
+  x2 += x3;
+  r2highx0 = r2high * x0;
+
+  h3 = r1highx0 + sr2highx6;
+  sr3highx6 = sr3high * x6;
+
+  r1highx4 = r1high * x4;
+
+  h4 = r2lowx0 + sr3lowx6;
+  r1lowx4 = r1low * x4;
+
+  r0highx4 = r0high * x4;
+
+  h5 = r2highx0 + sr3highx6;
+  r0lowx4 = r0low * x4;
+
+  h7 += r1highx4;
+  sr3highx4 = sr3high * x4;
+
+  h6 += r1lowx4;
+  sr3lowx4 = sr3low * x4;
+
+  h5 += r0highx4;
+  sr2highx4 = sr2high * x4;
+
+  h4 += r0lowx4;
+  sr2lowx4 = sr2low * x4;
+
+  h3 += sr3highx4;
+  r0lowx2 = r0low * x2;
+
+  h2 += sr3lowx4;
+  r0highx2 = r0high * x2;
+
+  h1 += sr2highx4;
+  r1lowx2 = r1low * x2;
+
+  h0 += sr2lowx4;
+  r1highx2 = r1high * x2;
+
+  h2 += r0lowx2;
+  r2lowx2 = r2low * x2;
+
+  h3 += r0highx2;
+  r2highx2 = r2high * x2;
+
+  h4 += r1lowx2;
+  sr3lowx2 = sr3low * x2;
+
+  h5 += r1highx2;
+  sr3highx2 = sr3high * x2;
+
+  h6 += r2lowx2;
+
+  h7 += r2highx2;
+
+  h0 += sr3lowx2;
+
+  h1 += sr3highx2;
+
+
+nomorebytes:;
+
+  offset0 = *(double *) (constants + 104);
+  y7 = h7 + alpha130;
+
+  offset1 = *(double *) (constants + 112);
+  y0 = h0 + alpha32;
+
+  offset2 = *(double *) (constants + 120);
+  y1 = h1 + alpha32;
+
+  offset3 = *(double *) (constants + 128);
+  y2 = h2 + alpha64;
+
+  y7 -= alpha130;
+
+  y3 = h3 + alpha64;
+
+  y4 = h4 + alpha96;
+
+  y5 = h5 + alpha96;
+
+  x7 = h7 - y7;
+  y7 *= scale;
+
+  y0 -= alpha32;
+
+  y1 -= alpha32;
+
+  y2 -= alpha64;
+
+  h6 += x7;
+
+  y3 -= alpha64;
+
+  y4 -= alpha96;
+
+  y5 -= alpha96;
+
+  y6 = h6 + alpha130;
+
+  x0 = h0 - y0;
+
+  x1 = h1 - y1;
+
+  x2 = h2 - y2;
+
+  y6 -= alpha130;
+
+  x0 += y7;
+
+  x3 = h3 - y3;
+
+  x4 = h4 - y4;
+
+  x5 = h5 - y5;
+
+  x6 = h6 - y6;
+
+  y6 *= scale;
+
+  x2 += y0;
+
+  x3 += y1;
+
+  x4 += y2;
+
+  x0 += y6;
+
+  x5 += y3;
+
+  x6 += y4;
+
+  x2 += x3;
+
+  x0 += x1;
+
+  x4 += x5;
+
+  x6 += y5;
+
+  x2 += offset1;
+  *(double *) &d1 = x2;
+
+  x0 += offset0;
+  *(double *) &d0 = x0;
+
+  x4 += offset2;
+  *(double *) &d2 = x4;
+
+  x6 += offset3;
+  *(double *) &d3 = x6;
+
+
+
+
+  f0 = d0;
+
+  f1 = d1;
+  bits32 = -1;
+
+  f2 = d2;
+  bits32 >>= 32;
+
+  f3 = d3;
+  f = f0 >> 32;
+
+  f0 &= bits32;
+  f &= 255;
+
+  f1 += f;
+  g0 = f0 + 5;
+
+  g = g0 >> 32;
+  g0 &= bits32;
+
+  f = f1 >> 32;
+  f1 &= bits32;
+
+  f &= 255;
+  g1 = f1 + g;
+
+  g = g1 >> 32;
+  f2 += f;
+
+  f = f2 >> 32;
+  g1 &= bits32;
+
+  f2 &= bits32;
+  f &= 255;
+
+  f3 += f;
+  g2 = f2 + g;
+
+  g = g2 >> 32;
+  g2 &= bits32;
+
+  f4 = f3 >> 32;
+  f3 &= bits32;
+
+  f4 &= 255;
+  g3 = f3 + g;
+
+  g = g3 >> 32;
+  g3 &= bits32;
+
+  g4 = f4 + g;
+
+  g4 = g4 - 4;
+  s00 = *(uchar *) (s + 0);
+
+  f = (int64) g4 >> 63;
+  s01 = *(uchar *) (s + 1);
+
+  f0 &= f;
+  g0 &= ~f;
+  s02 = *(uchar *) (s + 2);
+
+  f1 &= f;
+  f0 |= g0;
+  s03 = *(uchar *) (s + 3);
+
+  g1 &= ~f;
+  f2 &= f;
+  s10 = *(uchar *) (s + 4);
+
+  f3 &= f;
+  g2 &= ~f;
+  s11 = *(uchar *) (s + 5);
+
+  g3 &= ~f;
+  f1 |= g1;
+  s12 = *(uchar *) (s + 6);
+
+  f2 |= g2;
+  f3 |= g3;
+  s13 = *(uchar *) (s + 7);
+
+  s01 <<= 8;
+  f0 += s00;
+  s20 = *(uchar *) (s + 8);
+
+  s02 <<= 16;
+  f0 += s01;
+  s21 = *(uchar *) (s + 9);
+
+  s03 <<= 24;
+  f0 += s02;
+  s22 = *(uchar *) (s + 10);
+
+  s11 <<= 8;
+  f1 += s10;
+  s23 = *(uchar *) (s + 11);
+
+  s12 <<= 16;
+  f1 += s11;
+  s30 = *(uchar *) (s + 12);
+
+  s13 <<= 24;
+  f1 += s12;
+  s31 = *(uchar *) (s + 13);
+
+  f0 += s03;
+  f1 += s13;
+  s32 = *(uchar *) (s + 14);
+
+  s21 <<= 8;
+  f2 += s20;
+  s33 = *(uchar *) (s + 15);
+
+  s22 <<= 16;
+  f2 += s21;
+
+  s23 <<= 24;
+  f2 += s22;
+
+  s31 <<= 8;
+  f3 += s30;
+
+  s32 <<= 16;
+  f3 += s31;
+
+  s33 <<= 24;
+  f3 += s32;
+
+  f2 += s23;
+  f3 += s33;
+
+  *(uchar *) (out + 0) = f0;
+  f0 >>= 8;
+  *(uchar *) (out + 1) = f0;
+  f0 >>= 8;
+  *(uchar *) (out + 2) = f0;
+  f0 >>= 8;
+  *(uchar *) (out + 3) = f0;
+  f0 >>= 8;
+  f1 += f0;
+
+  *(uchar *) (out + 4) = f1;
+  f1 >>= 8;
+  *(uchar *) (out + 5) = f1;
+  f1 >>= 8;
+  *(uchar *) (out + 6) = f1;
+  f1 >>= 8;
+  *(uchar *) (out + 7) = f1;
+  f1 >>= 8;
+  f2 += f1;
+
+  *(uchar *) (out + 8) = f2;
+  f2 >>= 8;
+  *(uchar *) (out + 9) = f2;
+  f2 >>= 8;
+  *(uchar *) (out + 10) = f2;
+  f2 >>= 8;
+  *(uchar *) (out + 11) = f2;
+  f2 >>= 8;
+  f3 += f2;
+
+  *(uchar *) (out + 12) = f3;
+  f3 >>= 8;
+  *(uchar *) (out + 13) = f3;
+  f3 >>= 8;
+  *(uchar *) (out + 14) = f3;
+  f3 >>= 8;
+  *(uchar *) (out + 15) = f3;
+
+  return 0;
+}
diff --git a/nacl/crypto_onetimeauth/poly1305/53/verify.c b/nacl/crypto_onetimeauth/poly1305/53/verify.c
new file mode 100644
index 00000000..c7e063f1
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/53/verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}
diff --git a/nacl/crypto_onetimeauth/poly1305/amd64/api.h b/nacl/crypto_onetimeauth/poly1305/amd64/api.h
new file mode 100644
index 00000000..acc133ed
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/amd64/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32
diff --git a/nacl/crypto_onetimeauth/poly1305/amd64/auth.s b/nacl/crypto_onetimeauth/poly1305/amd64/auth.s
new file mode 100644
index 00000000..5212a3e7
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/amd64/auth.s
@@ -0,0 +1,2787 @@
+
+# qhasm: int64 r11_caller
+
+# qhasm: int64 r12_caller
+
+# qhasm: int64 r13_caller
+
+# qhasm: int64 r14_caller
+
+# qhasm: int64 r15_caller
+
+# qhasm: int64 rbx_caller
+
+# qhasm: int64 rbp_caller
+
+# qhasm: caller r11_caller
+
+# qhasm: caller r12_caller
+
+# qhasm: caller r13_caller
+
+# qhasm: caller r14_caller
+
+# qhasm: caller r15_caller
+
+# qhasm: caller rbx_caller
+
+# qhasm: caller rbp_caller
+
+# qhasm: stack64 r11_stack
+
+# qhasm: stack64 r12_stack
+
+# qhasm: stack64 r13_stack
+
+# qhasm: stack64 r14_stack
+
+# qhasm: stack64 r15_stack
+
+# qhasm: stack64 rbx_stack
+
+# qhasm: stack64 rbp_stack
+
+# qhasm: int64 out
+
+# qhasm: stack64 out_stack
+
+# qhasm: int64 m
+
+# qhasm: int64 l
+
+# qhasm: int64 k
+
+# qhasm: stack64 k_stack
+
+# qhasm: int64 m0
+
+# qhasm: int64 m1
+
+# qhasm: int64 m2
+
+# qhasm: int64 m3
+
+# qhasm: float80 a0
+
+# qhasm: float80 a1
+
+# qhasm: float80 a2
+
+# qhasm: float80 a3
+
+# qhasm: float80 h0
+
+# qhasm: float80 h1
+
+# qhasm: float80 h2
+
+# qhasm: float80 h3
+
+# qhasm: float80 x0
+
+# qhasm: float80 x1
+
+# qhasm: float80 x2
+
+# qhasm: float80 x3
+
+# qhasm: float80 y0
+
+# qhasm: float80 y1
+
+# qhasm: float80 y2
+
+# qhasm: float80 y3
+
+# qhasm: float80 r0x0
+
+# qhasm: float80 r1x0
+
+# qhasm: float80 r2x0
+
+# qhasm: float80 r3x0
+
+# qhasm: float80 r0x1
+
+# qhasm: float80 r1x1
+
+# qhasm: float80 r2x1
+
+# qhasm: float80 sr3x1
+
+# qhasm: float80 r0x2
+
+# qhasm: float80 r1x2
+
+# qhasm: float80 sr2x2
+
+# qhasm: float80 sr3x2
+
+# qhasm: float80 r0x3
+
+# qhasm: float80 sr1x3
+
+# qhasm: float80 sr2x3
+
+# qhasm: float80 sr3x3
+
+# qhasm: stack64 d0
+
+# qhasm: stack64 d1
+
+# qhasm: stack64 d2
+
+# qhasm: stack64 d3
+
+# qhasm: stack64 r0
+
+# qhasm: stack64 r1
+
+# qhasm: stack64 r2
+
+# qhasm: stack64 r3
+
+# qhasm: stack64 sr1
+
+# qhasm: stack64 sr2
+
+# qhasm: stack64 sr3
+
+# qhasm: enter crypto_onetimeauth_poly1305_amd64
+.text
+.p2align 5
+.globl _crypto_onetimeauth_poly1305_amd64
+.globl crypto_onetimeauth_poly1305_amd64
+_crypto_onetimeauth_poly1305_amd64:
+crypto_onetimeauth_poly1305_amd64:
+mov %rsp,%r11
+and $31,%r11
+add $192,%r11
+sub %r11,%rsp
+
+# qhasm: input out
+
+# qhasm: input m
+
+# qhasm: input l
+
+# qhasm: input k
+
+# qhasm: r11_stack = r11_caller
+# asm 1: movq <r11_caller=int64#9,>r11_stack=stack64#1
+# asm 2: movq <r11_caller=%r11,>r11_stack=32(%rsp)
+movq %r11,32(%rsp)
+
+# qhasm: r12_stack = r12_caller
+# asm 1: movq <r12_caller=int64#10,>r12_stack=stack64#2
+# asm 2: movq <r12_caller=%r12,>r12_stack=40(%rsp)
+movq %r12,40(%rsp)
+
+# qhasm: r13_stack = r13_caller
+# asm 1: movq <r13_caller=int64#11,>r13_stack=stack64#3
+# asm 2: movq <r13_caller=%r13,>r13_stack=48(%rsp)
+movq %r13,48(%rsp)
+
+# qhasm: r14_stack = r14_caller
+# asm 1: movq <r14_caller=int64#12,>r14_stack=stack64#4
+# asm 2: movq <r14_caller=%r14,>r14_stack=56(%rsp)
+movq %r14,56(%rsp)
+
+# qhasm: r15_stack = r15_caller
+# asm 1: movq <r15_caller=int64#13,>r15_stack=stack64#5
+# asm 2: movq <r15_caller=%r15,>r15_stack=64(%rsp)
+movq %r15,64(%rsp)
+
+# qhasm: rbx_stack = rbx_caller
+# asm 1: movq <rbx_caller=int64#14,>rbx_stack=stack64#6
+# asm 2: movq <rbx_caller=%rbx,>rbx_stack=72(%rsp)
+movq %rbx,72(%rsp)
+
+# qhasm: rbp_stack = rbp_caller
+# asm 1: movq <rbp_caller=int64#15,>rbp_stack=stack64#7
+# asm 2: movq <rbp_caller=%rbp,>rbp_stack=80(%rsp)
+movq %rbp,80(%rsp)
+
+# qhasm:   round *(uint16 *) &crypto_onetimeauth_poly1305_amd64_rounding
+fldcw crypto_onetimeauth_poly1305_amd64_rounding(%rip)
+
+# qhasm:   m0 = *(uint32 *) (k + 0)
+# asm 1: movl   0(<k=int64#4),>m0=int64#5d
+# asm 2: movl   0(<k=%rcx),>m0=%r8d
+movl   0(%rcx),%r8d
+
+# qhasm:   m1 = *(uint32 *) (k + 4)
+# asm 1: movl   4(<k=int64#4),>m1=int64#6d
+# asm 2: movl   4(<k=%rcx),>m1=%r9d
+movl   4(%rcx),%r9d
+
+# qhasm:   m2 = *(uint32 *) (k + 8)
+# asm 1: movl   8(<k=int64#4),>m2=int64#7d
+# asm 2: movl   8(<k=%rcx),>m2=%eax
+movl   8(%rcx),%eax
+
+# qhasm:   m3 = *(uint32 *) (k + 12)
+# asm 1: movl   12(<k=int64#4),>m3=int64#8d
+# asm 2: movl   12(<k=%rcx),>m3=%r10d
+movl   12(%rcx),%r10d
+
+# qhasm:   out_stack = out
+# asm 1: movq <out=int64#1,>out_stack=stack64#8
+# asm 2: movq <out=%rdi,>out_stack=88(%rsp)
+movq %rdi,88(%rsp)
+
+# qhasm:   k_stack = k
+# asm 1: movq <k=int64#4,>k_stack=stack64#9
+# asm 2: movq <k=%rcx,>k_stack=96(%rsp)
+movq %rcx,96(%rsp)
+
+# qhasm:   d0 top = 0x43300000
+# asm 1: movl  $0x43300000,>d0=stack64#10
+# asm 2: movl  $0x43300000,>d0=108(%rsp)
+movl  $0x43300000,108(%rsp)
+
+# qhasm:   d1 top = 0x45300000
+# asm 1: movl  $0x45300000,>d1=stack64#11
+# asm 2: movl  $0x45300000,>d1=116(%rsp)
+movl  $0x45300000,116(%rsp)
+
+# qhasm:   d2 top = 0x47300000
+# asm 1: movl  $0x47300000,>d2=stack64#12
+# asm 2: movl  $0x47300000,>d2=124(%rsp)
+movl  $0x47300000,124(%rsp)
+
+# qhasm:   d3 top = 0x49300000
+# asm 1: movl  $0x49300000,>d3=stack64#13
+# asm 2: movl  $0x49300000,>d3=132(%rsp)
+movl  $0x49300000,132(%rsp)
+
+# qhasm:   (uint32) m0 &= 0x0fffffff
+# asm 1: and  $0x0fffffff,<m0=int64#5d
+# asm 2: and  $0x0fffffff,<m0=%r8d
+and  $0x0fffffff,%r8d
+
+# qhasm:   (uint32) m1 &= 0x0ffffffc
+# asm 1: and  $0x0ffffffc,<m1=int64#6d
+# asm 2: and  $0x0ffffffc,<m1=%r9d
+and  $0x0ffffffc,%r9d
+
+# qhasm:   (uint32) m2 &= 0x0ffffffc
+# asm 1: and  $0x0ffffffc,<m2=int64#7d
+# asm 2: and  $0x0ffffffc,<m2=%eax
+and  $0x0ffffffc,%eax
+
+# qhasm:   (uint32) m3 &= 0x0ffffffc
+# asm 1: and  $0x0ffffffc,<m3=int64#8d
+# asm 2: and  $0x0ffffffc,<m3=%r10d
+and  $0x0ffffffc,%r10d
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int64#5d,<d0=stack64#10
+# asm 2: movl <m0=%r8d,<d0=104(%rsp)
+movl %r8d,104(%rsp)
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int64#6d,<d1=stack64#11
+# asm 2: movl <m1=%r9d,<d1=112(%rsp)
+movl %r9d,112(%rsp)
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int64#7d,<d2=stack64#12
+# asm 2: movl <m2=%eax,<d2=120(%rsp)
+movl %eax,120(%rsp)
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int64#8d,<d3=stack64#13
+# asm 2: movl <m3=%r10d,<d3=128(%rsp)
+movl %r10d,128(%rsp)
+
+# qhasm:   a0 = *(float64 *) &d0
+# asm 1: fldl <d0=stack64#10
+# asm 2: fldl <d0=104(%rsp)
+fldl 104(%rsp)
+# comment:fpstackfrombottom:<a0#28:
+
+# qhasm:   a0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0
+fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip)
+# comment:fpstackfrombottom:<a0#28:
+
+# qhasm:   a1 = *(float64 *) &d1
+# asm 1: fldl <d1=stack64#11
+# asm 2: fldl <d1=112(%rsp)
+fldl 112(%rsp)
+# comment:fpstackfrombottom:<a0#28:<a1#29:
+
+# qhasm:   a1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1
+fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip)
+# comment:fpstackfrombottom:<a0#28:<a1#29:
+
+# qhasm:   a2 = *(float64 *) &d2
+# asm 1: fldl <d2=stack64#12
+# asm 2: fldl <d2=120(%rsp)
+fldl 120(%rsp)
+# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30:
+
+# qhasm:   a2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2
+fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip)
+# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30:
+
+# qhasm:   a3 = *(float64 *) &d3
+# asm 1: fldl <d3=stack64#13
+# asm 2: fldl <d3=128(%rsp)
+fldl 128(%rsp)
+# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30:<a3#31:
+
+# qhasm:   a3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3
+fsubl crypto_onetimeauth_poly1305_amd64_doffset3(%rip)
+# comment:fpstackfrombottom:<a0#28:<a1#29:<a2#30:<a3#31:
+
+# qhasm: internal stacktop a0
+# asm 1: fxch <a0=float80#4
+# asm 2: fxch <a0=%st(3)
+fxch %st(3)
+
+# qhasm:   *(float64 *) &r0 = a0
+# asm 1: fstpl >r0=stack64#14
+# asm 2: fstpl >r0=136(%rsp)
+fstpl 136(%rsp)
+# comment:fpstackfrombottom:<a3#31:<a1#29:<a2#30:
+
+# qhasm: internal stacktop a1
+# asm 1: fxch <a1=float80#2
+# asm 2: fxch <a1=%st(1)
+fxch %st(1)
+
+# qhasm:   *(float64 *) &r1 = a1
+# asm 1: fstl >r1=stack64#15
+# asm 2: fstl >r1=144(%rsp)
+fstl 144(%rsp)
+# comment:fpstackfrombottom:<a3#31:<a2#30:<a1#29:
+
+# qhasm:   a1 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<a3#31:<a2#30:<a1#29:
+
+# qhasm:   *(float64 *) &sr1 = a1
+# asm 1: fstpl >sr1=stack64#16
+# asm 2: fstpl >sr1=152(%rsp)
+fstpl 152(%rsp)
+# comment:fpstackfrombottom:<a3#31:<a2#30:
+
+# qhasm:   *(float64 *) &r2 = a2
+# asm 1: fstl >r2=stack64#17
+# asm 2: fstl >r2=160(%rsp)
+fstl 160(%rsp)
+# comment:fpstackfrombottom:<a3#31:<a2#30:
+
+# qhasm:   a2 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<a3#31:<a2#30:
+
+# qhasm:   *(float64 *) &sr2 = a2
+# asm 1: fstpl >sr2=stack64#18
+# asm 2: fstpl >sr2=168(%rsp)
+fstpl 168(%rsp)
+# comment:fpstackfrombottom:<a3#31:
+
+# qhasm:   *(float64 *) &r3 = a3
+# asm 1: fstl >r3=stack64#19
+# asm 2: fstl >r3=176(%rsp)
+fstl 176(%rsp)
+# comment:fpstackfrombottom:<a3#31:
+
+# qhasm:   a3 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<a3#31:
+
+# qhasm:   *(float64 *) &sr3 = a3
+# asm 1: fstpl >sr3=stack64#20
+# asm 2: fstpl >sr3=184(%rsp)
+fstpl 184(%rsp)
+# comment:fpstackfrombottom:
+
+# qhasm:   h3 = 0
+fldz
+# comment:fpstackfrombottom:<h3#39:
+
+# qhasm:   h2 = 0
+fldz
+# comment:fpstackfrombottom:<h3#39:<h2#40:
+
+# qhasm:   h1 = 0
+fldz
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h0 = 0
+fldz
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:                          unsigned<? l - 16
+# asm 1: cmp  $16,<l=int64#3
+# asm 2: cmp  $16,<l=%rdx
+cmp  $16,%rdx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: goto addatmost15bytes if unsigned<
+jb ._addatmost15bytes
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: initialatleast16bytes:
+._initialatleast16bytes:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m3 = *(uint32 *) (m + 12)
+# asm 1: movl   12(<m=int64#2),>m3=int64#1d
+# asm 2: movl   12(<m=%rsi),>m3=%edi
+movl   12(%rsi),%edi
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m2 = *(uint32 *) (m + 8)
+# asm 1: movl   8(<m=int64#2),>m2=int64#4d
+# asm 2: movl   8(<m=%rsi),>m2=%ecx
+movl   8(%rsi),%ecx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m1 = *(uint32 *) (m + 4)
+# asm 1: movl   4(<m=int64#2),>m1=int64#5d
+# asm 2: movl   4(<m=%rsi),>m1=%r8d
+movl   4(%rsi),%r8d
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m0 = *(uint32 *) (m + 0)
+# asm 1: movl   0(<m=int64#2),>m0=int64#6d
+# asm 2: movl   0(<m=%rsi),>m0=%r9d
+movl   0(%rsi),%r9d
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int64#1d,<d3=stack64#13
+# asm 2: movl <m3=%edi,<d3=128(%rsp)
+movl %edi,128(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int64#4d,<d2=stack64#12
+# asm 2: movl <m2=%ecx,<d2=120(%rsp)
+movl %ecx,120(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int64#5d,<d1=stack64#11
+# asm 2: movl <m1=%r8d,<d1=112(%rsp)
+movl %r8d,112(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int64#6d,<d0=stack64#10
+# asm 2: movl <m0=%r9d,<d0=104(%rsp)
+movl %r9d,104(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m += 16
+# asm 1: add  $16,<m=int64#2
+# asm 2: add  $16,<m=%rsi
+add  $16,%rsi
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   l -= 16
+# asm 1: sub  $16,<l=int64#3
+# asm 2: sub  $16,<l=%rdx
+sub  $16,%rdx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   h3 += *(float64 *) &d3
+# asm 1: faddl <d3=stack64#13
+# asm 2: faddl <d3=128(%rsp)
+faddl 128(%rsp)
+# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39:
+
+# qhasm:   h3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3minustwo128
+fsubl crypto_onetimeauth_poly1305_amd64_doffset3minustwo128(%rip)
+# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#2
+# asm 2: fxch <h1=%st(1)
+fxch %st(1)
+
+# qhasm:   h1 += *(float64 *) &d1
+# asm 1: faddl <d1=stack64#11
+# asm 2: faddl <d1=112(%rsp)
+faddl 112(%rsp)
+# comment:fpstackfrombottom:<h0#42:<h2#40:<h3#39:<h1#41:
+
+# qhasm:   h1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1
+fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip)
+# comment:fpstackfrombottom:<h0#42:<h2#40:<h3#39:<h1#41:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#3
+# asm 2: fxch <h2=%st(2)
+fxch %st(2)
+
+# qhasm:   h2 += *(float64 *) &d2
+# asm 1: faddl <d2=stack64#12
+# asm 2: faddl <d2=120(%rsp)
+faddl 120(%rsp)
+# comment:fpstackfrombottom:<h0#42:<h1#41:<h3#39:<h2#40:
+
+# qhasm:   h2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2
+fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip)
+# comment:fpstackfrombottom:<h0#42:<h1#41:<h3#39:<h2#40:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#4
+# asm 2: fxch <h0=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += *(float64 *) &d0
+# asm 1: faddl <d0=stack64#10
+# asm 2: faddl <d0=104(%rsp)
+faddl 104(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   h0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0
+fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:                                  unsigned<? l - 16
+# asm 1: cmp  $16,<l=int64#3
+# asm 2: cmp  $16,<l=%rdx
+cmp  $16,%rdx
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm: goto multiplyaddatmost15bytes if unsigned<
+jb ._multiplyaddatmost15bytes
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm: multiplyaddatleast16bytes:
+._multiplyaddatleast16bytes:
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   m3 = *(uint32 *) (m + 12)
+# asm 1: movl   12(<m=int64#2),>m3=int64#1d
+# asm 2: movl   12(<m=%rsi),>m3=%edi
+movl   12(%rsi),%edi
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   m2 = *(uint32 *) (m + 8)
+# asm 1: movl   8(<m=int64#2),>m2=int64#4d
+# asm 2: movl   8(<m=%rsi),>m2=%ecx
+movl   8(%rsi),%ecx
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   m1 = *(uint32 *) (m + 4)
+# asm 1: movl   4(<m=int64#2),>m1=int64#5d
+# asm 2: movl   4(<m=%rsi),>m1=%r8d
+movl   4(%rsi),%r8d
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   m0 = *(uint32 *) (m + 0)
+# asm 1: movl   0(<m=int64#2),>m0=int64#6d
+# asm 2: movl   0(<m=%rsi),>m0=%r9d
+movl   0(%rsi),%r9d
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int64#1d,<d3=stack64#13
+# asm 2: movl <m3=%edi,<d3=128(%rsp)
+movl %edi,128(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int64#4d,<d2=stack64#12
+# asm 2: movl <m2=%ecx,<d2=120(%rsp)
+movl %ecx,120(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int64#5d,<d1=stack64#11
+# asm 2: movl <m1=%r8d,<d1=112(%rsp)
+movl %r8d,112(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int64#6d,<d0=stack64#10
+# asm 2: movl <m0=%r9d,<d0=104(%rsp)
+movl %r9d,104(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   m += 16
+# asm 1: add  $16,<m=int64#2
+# asm 2: add  $16,<m=%rsi
+add  $16,%rsi
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   l -= 16
+# asm 1: sub  $16,<l=int64#3
+# asm 2: sub  $16,<l=%rdx
+sub  $16,%rdx
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#3,<x0=float80#1
+# asm 2: fadd <h3=%st(2),<x0=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#3
+# asm 2: fsubr <x0=%st(0),<h3=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#53:<x1#54:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#3
+# asm 2: fxch <h0=%st(2)
+fxch %st(2)
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#2
+# asm 2: faddp <h0=%st(0),<x0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#5,<x2=float80#1
+# asm 2: fadd <h1=%st(4),<x2=%st(0)
+fadd %st(4),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#5
+# asm 2: fsubr <x2=%st(0),<h1=%st(4)
+fsubr %st(0),%st(4)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#7,<x3=float80#1
+# asm 2: fadd <h2=%st(6),<x3=%st(0)
+fadd %st(6),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56:
+
+# qhasm:   h2 -= x3
+# asm 1: fsubr <x3=float80#1,<h2=float80#7
+# asm 2: fsubr <x3=%st(0),<h2=%st(6)
+fsubr %st(0),%st(6)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:<x3#56:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#7
+# asm 2: fxch <h2=%st(6)
+fxch %st(6)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#2
+# asm 2: faddp <h2=%st(0),<x2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#56:<h1#41:<h3#39:<x1#54:<x0#53:<x2#55:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#6
+# asm 2: faddp <h3=%st(0),<x3=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#56:<h1#41:<x2#55:<x1#54:<x0#53:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#4
+# asm 2: fxch <h1=%st(3)
+fxch %st(3)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:
+
+# qhasm:   h3 = *(float64 *) &r3
+# asm 1: fldl <r3=stack64#19
+# asm 2: fldl <r3=176(%rsp)
+fldl 176(%rsp)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:
+
+# qhasm:   h3 *= x0
+# asm 1: fmul <x0=float80#4,<h3=float80#1
+# asm 2: fmul <x0=%st(3),<h3=%st(0)
+fmul %st(3),%st(0)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:
+
+# qhasm:   h2 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#17
+# asm 2: fldl <r2=160(%rsp)
+fldl 160(%rsp)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:
+
+# qhasm:   h2 *= x0
+# asm 1: fmul <x0=float80#5,<h2=float80#1
+# asm 2: fmul <x0=%st(4),<h2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:
+
+# qhasm:   h1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h1 *= x0
+# asm 1: fmul <x0=float80#6,<h1=float80#1
+# asm 2: fmul <x0=%st(5),<h1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h0 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#56:<x0#53:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   h0 *= x0
+# asm 1: fmulp <x0=float80#1,<h0=float80#7
+# asm 2: fmulp <x0=%st(0),<h0=%st(6)
+fmulp %st(0),%st(6)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r2x1 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#17
+# asm 2: fldl <r2=160(%rsp)
+fldl 160(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r2x1#57:
+
+# qhasm:   r2x1 *= x1
+# asm 1: fmul <x1=float80#5,<r2x1=float80#1
+# asm 2: fmul <x1=%st(4),<r2x1=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r2x1#57:
+
+# qhasm:   h3 += r2x1
+# asm 1: faddp <r2x1=float80#1,<h3=float80#4
+# asm 2: faddp <r2x1=%st(0),<h3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r1x1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r1x1#58:
+
+# qhasm:   r1x1 *= x1
+# asm 1: fmul <x1=float80#5,<r1x1=float80#1
+# asm 2: fmul <x1=%st(4),<r1x1=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r1x1#58:
+
+# qhasm:   h2 += r1x1
+# asm 1: faddp <r1x1=float80#1,<h2=float80#3
+# asm 2: faddp <r1x1=%st(0),<h2=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r0x1 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r0x1#59:
+
+# qhasm:   r0x1 *= x1
+# asm 1: fmul <x1=float80#5,<r0x1=float80#1
+# asm 2: fmul <x1=%st(4),<r0x1=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<r0x1#59:
+
+# qhasm:   h1 += r0x1
+# asm 1: faddp <r0x1=float80#1,<h1=float80#2
+# asm 2: faddp <r0x1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   sr3x1 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<x1#54:<h3#39:<h2#40:<h1#41:<sr3x1#60:
+
+# qhasm:   sr3x1 *= x1
+# asm 1: fmulp <x1=float80#1,<sr3x1=float80#5
+# asm 2: fmulp <x1=%st(0),<sr3x1=%st(4)
+fmulp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<sr3x1#60:<h3#39:<h2#40:<h1#41:
+
+# qhasm: internal stacktop sr3x1
+# asm 1: fxch <sr3x1=float80#4
+# asm 2: fxch <sr3x1=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += sr3x1
+# asm 1: faddp <sr3x1=float80#1,<h0=float80#6
+# asm 2: faddp <sr3x1=%st(0),<h0=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:
+
+# qhasm:   r1x2 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r1x2#61:
+
+# qhasm:   r1x2 *= x2
+# asm 1: fmul <x2=float80#5,<r1x2=float80#1
+# asm 2: fmul <x2=%st(4),<r1x2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r1x2#61:
+
+# qhasm:   h3 += r1x2
+# asm 1: faddp <r1x2=float80#1,<h3=float80#3
+# asm 2: faddp <r1x2=%st(0),<h3=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:
+
+# qhasm:   r0x2 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r0x2#62:
+
+# qhasm:   r0x2 *= x2
+# asm 1: fmul <x2=float80#5,<r0x2=float80#1
+# asm 2: fmul <x2=%st(4),<r0x2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<r0x2#62:
+
+# qhasm:   h2 += r0x2
+# asm 1: faddp <r0x2=float80#1,<h2=float80#2
+# asm 2: faddp <r0x2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:
+
+# qhasm:   sr3x2 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<sr3x2#63:
+
+# qhasm:   sr3x2 *= x2
+# asm 1: fmul <x2=float80#5,<sr3x2=float80#1
+# asm 2: fmul <x2=%st(4),<sr3x2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<sr3x2#63:
+
+# qhasm:   h1 += sr3x2
+# asm 1: faddp <sr3x2=float80#1,<h1=float80#4
+# asm 2: faddp <sr3x2=%st(0),<h1=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:
+
+# qhasm:   sr2x2 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#18
+# asm 2: fldl <sr2=168(%rsp)
+fldl 168(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<x2#55:<h1#41:<h3#39:<h2#40:<sr2x2#64:
+
+# qhasm:   sr2x2 *= x2
+# asm 1: fmulp <x2=float80#1,<sr2x2=float80#5
+# asm 2: fmulp <x2=%st(0),<sr2x2=%st(4)
+fmulp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<sr2x2#64:<h1#41:<h3#39:<h2#40:
+
+# qhasm: internal stacktop sr2x2
+# asm 1: fxch <sr2x2=float80#4
+# asm 2: fxch <sr2x2=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += sr2x2
+# asm 1: faddp <sr2x2=float80#1,<h0=float80#5
+# asm 2: faddp <sr2x2=%st(0),<h0=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39:
+
+# qhasm:   r0x3 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39:<r0x3#65:
+
+# qhasm:   r0x3 *= x3
+# asm 1: fmul <x3=float80#6,<r0x3=float80#1
+# asm 2: fmul <x3=%st(5),<r0x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39:<r0x3#65:
+
+# qhasm:   h3 += r0x3
+# asm 1: faddp <r0x3=float80#1,<h3=float80#2
+# asm 2: faddp <r0x3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#56:<h0#42:<h2#40:<h1#41:<h3#39:
+
+# qhasm:   stacktop h0
+# asm 1: fxch <h0=float80#4
+# asm 2: fxch <h0=%st(3)
+fxch %st(3)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   sr3x3 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42:<sr3x3#66:
+
+# qhasm:   sr3x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr3x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr3x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42:<sr3x3#66:
+
+# qhasm:   h2 += sr3x3
+# asm 1: faddp <sr3x3=float80#1,<h2=float80#4
+# asm 2: faddp <sr3x3=%st(0),<h2=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   stacktop h1
+# asm 1: fxch <h1=float80#2
+# asm 2: fxch <h1=%st(1)
+fxch %st(1)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:
+
+# qhasm:   sr2x3 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#18
+# asm 2: fldl <sr2=168(%rsp)
+fldl 168(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:<sr2x3#67:
+
+# qhasm:   sr2x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr2x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr2x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:<sr2x3#67:
+
+# qhasm:   h1 += sr2x3
+# asm 1: faddp <sr2x3=float80#1,<h1=float80#2
+# asm 2: faddp <sr2x3=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:
+
+# qhasm:   sr1x3 = *(float64 *) &sr1
+# asm 1: fldl <sr1=stack64#16
+# asm 2: fldl <sr1=152(%rsp)
+fldl 152(%rsp)
+# comment:fpstackfrombottom:<x3#56:<h3#39:<h2#40:<h0#42:<h1#41:<sr1x3#68:
+
+# qhasm:   sr1x3 *= x3
+# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6
+# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<sr1x3#68:<h3#39:<h2#40:<h0#42:<h1#41:
+
+# qhasm: internal stacktop sr1x3
+# asm 1: fxch <sr1x3=float80#5
+# asm 2: fxch <sr1x3=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr1x3
+# asm 1: faddp <sr1x3=float80#1,<h0=float80#2
+# asm 2: faddp <sr1x3=%st(0),<h0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:
+
+# qhasm:                                    unsigned<? l - 16
+# asm 1: cmp  $16,<l=int64#3
+# asm 2: cmp  $16,<l=%rdx
+cmp  $16,%rdx
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:
+
+# qhasm:   stacktop h3
+# asm 1: fxch <h3=float80#3
+# asm 2: fxch <h3=%st(2)
+fxch %st(2)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39:
+
+# qhasm:   y3 = *(float64 *) &d3
+# asm 1: fldl <d3=stack64#13
+# asm 2: fldl <d3=128(%rsp)
+fldl 128(%rsp)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39:<y3#70:
+
+# qhasm:   y3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3minustwo128
+fsubl crypto_onetimeauth_poly1305_amd64_doffset3minustwo128(%rip)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39:<y3#70:
+
+# qhasm:   h3 += y3
+# asm 1: faddp <y3=float80#1,<h3=float80#2
+# asm 2: faddp <y3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h2#40:<h3#39:
+
+# qhasm:   stacktop h2
+# asm 1: fxch <h2=float80#2
+# asm 2: fxch <h2=%st(1)
+fxch %st(1)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm:   y2 = *(float64 *) &d2
+# asm 1: fldl <d2=stack64#12
+# asm 2: fldl <d2=120(%rsp)
+fldl 120(%rsp)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40:<y2#71:
+
+# qhasm:   y2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2
+fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40:<y2#71:
+
+# qhasm:   h2 += y2
+# asm 1: faddp <y2=float80#1,<h2=float80#2
+# asm 2: faddp <y2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm:   stacktop h1
+# asm 1: fxch <h1=float80#4
+# asm 2: fxch <h1=%st(3)
+fxch %st(3)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41:
+
+# qhasm:   y1 = *(float64 *) &d1
+# asm 1: fldl <d1=stack64#11
+# asm 2: fldl <d1=112(%rsp)
+fldl 112(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41:<y1#72:
+
+# qhasm:   y1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1
+fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41:<y1#72:
+
+# qhasm:   h1 += y1
+# asm 1: faddp <y1=float80#1,<h1=float80#2
+# asm 2: faddp <y1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h3#39:<h1#41:
+
+# qhasm:   stacktop h0
+# asm 1: fxch <h0=float80#3
+# asm 2: fxch <h0=%st(2)
+fxch %st(2)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   y0 = *(float64 *) &d0
+# asm 1: fldl <d0=stack64#10
+# asm 2: fldl <d0=104(%rsp)
+fldl 104(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<y0#73:
+
+# qhasm:   y0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0
+fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<y0#73:
+
+# qhasm:   h0 += y0
+# asm 1: faddp <y0=float80#1,<h0=float80#2
+# asm 2: faddp <y0=%st(0),<h0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm: goto multiplyaddatleast16bytes if !unsigned<
+jae ._multiplyaddatleast16bytes
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+# comment:fp stack unchanged by fallthrough
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm: multiplyaddatmost15bytes:
+._multiplyaddatmost15bytes:
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#3,<x0=float80#1
+# asm 2: fadd <h3=%st(2),<x0=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#3
+# asm 2: fsubr <x0=%st(0),<h3=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#6,<x2=float80#1
+# asm 2: fadd <h1=%st(5),<x2=%st(0)
+fadd %st(5),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#6
+# asm 2: fsubr <x2=%st(0),<h1=%st(5)
+fsubr %st(0),%st(5)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#8,<x3=float80#1
+# asm 2: fadd <h2=%st(7),<x3=%st(0)
+fadd %st(7),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77:
+
+# qhasm:   h2 -= x3
+# asm 1: fsubr <x3=float80#1,<h2=float80#8
+# asm 2: fsubr <x3=%st(0),<h2=%st(7)
+fsubr %st(0),%st(7)
+# comment:fpstackfrombottom:<h2#40:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:<x3#77:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#8
+# asm 2: fxch <h2=%st(7)
+fxch %st(7)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#2
+# asm 2: faddp <h2=%st(0),<x2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#77:<h1#41:<h3#39:<h0#42:<x0#74:<x1#75:<x2#76:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#6
+# asm 2: fxch <h1=%st(5)
+fxch %st(5)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h3#39:<h0#42:<x0#74:<x1#75:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#6
+# asm 2: faddp <h3=%st(0),<x3=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<x0#74:
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#2
+# asm 2: faddp <h0=%st(0),<x0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:
+
+# qhasm:   h3 = *(float64 *) &r3
+# asm 1: fldl <r3=stack64#19
+# asm 2: fldl <r3=176(%rsp)
+fldl 176(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:
+
+# qhasm:   h3 *= x0
+# asm 1: fmul <x0=float80#2,<h3=float80#1
+# asm 2: fmul <x0=%st(1),<h3=%st(0)
+fmul %st(1),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:
+
+# qhasm:   h2 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#17
+# asm 2: fldl <r2=160(%rsp)
+fldl 160(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:
+
+# qhasm:   h2 *= x0
+# asm 1: fmul <x0=float80#3,<h2=float80#1
+# asm 2: fmul <x0=%st(2),<h2=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:
+
+# qhasm:   h1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h1 *= x0
+# asm 1: fmul <x0=float80#4,<h1=float80#1
+# asm 2: fmul <x0=%st(3),<h1=%st(0)
+fmul %st(3),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h0 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<x0#74:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   h0 *= x0
+# asm 1: fmulp <x0=float80#1,<h0=float80#5
+# asm 2: fmulp <x0=%st(0),<h0=%st(4)
+fmulp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r2x1 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#17
+# asm 2: fldl <r2=160(%rsp)
+fldl 160(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r2x1#78:
+
+# qhasm:   r2x1 *= x1
+# asm 1: fmul <x1=float80#6,<r2x1=float80#1
+# asm 2: fmul <x1=%st(5),<r2x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r2x1#78:
+
+# qhasm:   h3 += r2x1
+# asm 1: faddp <r2x1=float80#1,<h3=float80#4
+# asm 2: faddp <r2x1=%st(0),<h3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r1x1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r1x1#79:
+
+# qhasm:   r1x1 *= x1
+# asm 1: fmul <x1=float80#6,<r1x1=float80#1
+# asm 2: fmul <x1=%st(5),<r1x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r1x1#79:
+
+# qhasm:   h2 += r1x1
+# asm 1: faddp <r1x1=float80#1,<h2=float80#3
+# asm 2: faddp <r1x1=%st(0),<h2=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r0x1 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r0x1#80:
+
+# qhasm:   r0x1 *= x1
+# asm 1: fmul <x1=float80#6,<r0x1=float80#1
+# asm 2: fmul <x1=%st(5),<r0x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<r0x1#80:
+
+# qhasm:   h1 += r0x1
+# asm 1: faddp <r0x1=float80#1,<h1=float80#2
+# asm 2: faddp <r0x1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   sr3x1 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<x1#75:<h0#42:<h3#39:<h2#40:<h1#41:<sr3x1#81:
+
+# qhasm:   sr3x1 *= x1
+# asm 1: fmulp <x1=float80#1,<sr3x1=float80#6
+# asm 2: fmulp <x1=%st(0),<sr3x1=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<sr3x1#81:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm: internal stacktop sr3x1
+# asm 1: fxch <sr3x1=float80#5
+# asm 2: fxch <sr3x1=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr3x1
+# asm 1: faddp <sr3x1=float80#1,<h0=float80#4
+# asm 2: faddp <sr3x1=%st(0),<h0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm:   r1x2 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r1x2#82:
+
+# qhasm:   r1x2 *= x2
+# asm 1: fmul <x2=float80#6,<r1x2=float80#1
+# asm 2: fmul <x2=%st(5),<r1x2=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r1x2#82:
+
+# qhasm:   h3 += r1x2
+# asm 1: faddp <r1x2=float80#1,<h3=float80#3
+# asm 2: faddp <r1x2=%st(0),<h3=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm:   r0x2 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r0x2#83:
+
+# qhasm:   r0x2 *= x2
+# asm 1: fmul <x2=float80#6,<r0x2=float80#1
+# asm 2: fmul <x2=%st(5),<r0x2=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<r0x2#83:
+
+# qhasm:   h2 += r0x2
+# asm 1: faddp <r0x2=float80#1,<h2=float80#2
+# asm 2: faddp <r0x2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm:   sr3x2 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<sr3x2#84:
+
+# qhasm:   sr3x2 *= x2
+# asm 1: fmul <x2=float80#6,<sr3x2=float80#1
+# asm 2: fmul <x2=%st(5),<sr3x2=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<sr3x2#84:
+
+# qhasm:   h1 += sr3x2
+# asm 1: faddp <sr3x2=float80#1,<h1=float80#5
+# asm 2: faddp <sr3x2=%st(0),<h1=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm:   sr2x2 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#18
+# asm 2: fldl <sr2=168(%rsp)
+fldl 168(%rsp)
+# comment:fpstackfrombottom:<x3#77:<x2#76:<h1#41:<h0#42:<h3#39:<h2#40:<sr2x2#85:
+
+# qhasm:   sr2x2 *= x2
+# asm 1: fmulp <x2=float80#1,<sr2x2=float80#6
+# asm 2: fmulp <x2=%st(0),<sr2x2=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#77:<sr2x2#85:<h1#41:<h0#42:<h3#39:<h2#40:
+
+# qhasm: internal stacktop sr2x2
+# asm 1: fxch <sr2x2=float80#5
+# asm 2: fxch <sr2x2=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr2x2
+# asm 1: faddp <sr2x2=float80#1,<h0=float80#3
+# asm 2: faddp <sr2x2=%st(0),<h0=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:
+
+# qhasm:   r0x3 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<r0x3#86:
+
+# qhasm:   r0x3 *= x3
+# asm 1: fmul <x3=float80#6,<r0x3=float80#1
+# asm 2: fmul <x3=%st(5),<r0x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<r0x3#86:
+
+# qhasm:   h3 += r0x3
+# asm 1: faddp <r0x3=float80#1,<h3=float80#2
+# asm 2: faddp <r0x3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:
+
+# qhasm:   sr3x3 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr3x3#87:
+
+# qhasm:   sr3x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr3x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr3x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr3x3#87:
+
+# qhasm:   h2 += sr3x3
+# asm 1: faddp <sr3x3=float80#1,<h2=float80#5
+# asm 2: faddp <sr3x3=%st(0),<h2=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:
+
+# qhasm:   sr2x3 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#18
+# asm 2: fldl <sr2=168(%rsp)
+fldl 168(%rsp)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr2x3#88:
+
+# qhasm:   sr2x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr2x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr2x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr2x3#88:
+
+# qhasm:   h1 += sr2x3
+# asm 1: faddp <sr2x3=float80#1,<h1=float80#4
+# asm 2: faddp <sr2x3=%st(0),<h1=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:
+
+# qhasm:   sr1x3 = *(float64 *) &sr1
+# asm 1: fldl <sr1=stack64#16
+# asm 2: fldl <sr1=152(%rsp)
+fldl 152(%rsp)
+# comment:fpstackfrombottom:<x3#77:<h2#40:<h1#41:<h0#42:<h3#39:<sr1x3#89:
+
+# qhasm:   sr1x3 *= x3
+# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6
+# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<sr1x3#89:<h2#40:<h1#41:<h0#42:<h3#39:
+
+# qhasm: internal stacktop sr1x3
+# asm 1: fxch <sr1x3=float80#5
+# asm 2: fxch <sr1x3=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr1x3
+# asm 1: faddp <sr1x3=float80#1,<h0=float80#2
+# asm 2: faddp <sr1x3=%st(0),<h0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fp stack unchanged by fallthrough
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: addatmost15bytes:
+._addatmost15bytes:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:                     =? l - 0
+# asm 1: cmp  $0,<l=int64#3
+# asm 2: cmp  $0,<l=%rdx
+cmp  $0,%rdx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: goto nomorebytes if =
+je ._nomorebytes
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: stack128 lastchunk
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: int64 destination
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: int64 numbytes
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   ((uint32 *)&lastchunk)[0] = 0
+# asm 1: movl $0,>lastchunk=stack128#1
+# asm 2: movl $0,>lastchunk=0(%rsp)
+movl $0,0(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   ((uint32 *)&lastchunk)[1] = 0
+# asm 1: movl $0,4+<lastchunk=stack128#1
+# asm 2: movl $0,4+<lastchunk=0(%rsp)
+movl $0,4+0(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   ((uint32 *)&lastchunk)[2] = 0
+# asm 1: movl $0,8+<lastchunk=stack128#1
+# asm 2: movl $0,8+<lastchunk=0(%rsp)
+movl $0,8+0(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   ((uint32 *)&lastchunk)[3] = 0
+# asm 1: movl $0,12+<lastchunk=stack128#1
+# asm 2: movl $0,12+<lastchunk=0(%rsp)
+movl $0,12+0(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   destination = &lastchunk
+# asm 1: leaq <lastchunk=stack128#1,>destination=int64#1
+# asm 2: leaq <lastchunk=0(%rsp),>destination=%rdi
+leaq 0(%rsp),%rdi
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   numbytes = l
+# asm 1: mov  <l=int64#3,>numbytes=int64#4
+# asm 2: mov  <l=%rdx,>numbytes=%rcx
+mov  %rdx,%rcx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   while (numbytes) { *destination++ = *m++; --numbytes }
+rep movsb
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   *(uint8 *) (destination + 0) = 1
+# asm 1: movb   $1,0(<destination=int64#1)
+# asm 2: movb   $1,0(<destination=%rdi)
+movb   $1,0(%rdi)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m3 = ((uint32 *)&lastchunk)[3]
+# asm 1: movl 12+<lastchunk=stack128#1,>m3=int64#1d
+# asm 2: movl 12+<lastchunk=0(%rsp),>m3=%edi
+movl 12+0(%rsp),%edi
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m2 = ((uint32 *)&lastchunk)[2]
+# asm 1: movl 8+<lastchunk=stack128#1,>m2=int64#2d
+# asm 2: movl 8+<lastchunk=0(%rsp),>m2=%esi
+movl 8+0(%rsp),%esi
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m1 = ((uint32 *)&lastchunk)[1]
+# asm 1: movl 4+<lastchunk=stack128#1,>m1=int64#3d
+# asm 2: movl 4+<lastchunk=0(%rsp),>m1=%edx
+movl 4+0(%rsp),%edx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   m0 = ((uint32 *)&lastchunk)[0]
+# asm 1: movl <lastchunk=stack128#1,>m0=int64#4d
+# asm 2: movl <lastchunk=0(%rsp),>m0=%ecx
+movl 0(%rsp),%ecx
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int64#1d,<d3=stack64#13
+# asm 2: movl <m3=%edi,<d3=128(%rsp)
+movl %edi,128(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int64#2d,<d2=stack64#12
+# asm 2: movl <m2=%esi,<d2=120(%rsp)
+movl %esi,120(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int64#3d,<d1=stack64#11
+# asm 2: movl <m1=%edx,<d1=112(%rsp)
+movl %edx,112(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int64#4d,<d0=stack64#10
+# asm 2: movl <m0=%ecx,<d0=104(%rsp)
+movl %ecx,104(%rsp)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   h3 += *(float64 *) &d3
+# asm 1: faddl <d3=stack64#13
+# asm 2: faddl <d3=128(%rsp)
+faddl 128(%rsp)
+# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39:
+
+# qhasm:   h3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset3
+fsubl crypto_onetimeauth_poly1305_amd64_doffset3(%rip)
+# comment:fpstackfrombottom:<h0#42:<h2#40:<h1#41:<h3#39:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#3
+# asm 2: fxch <h2=%st(2)
+fxch %st(2)
+
+# qhasm:   h2 += *(float64 *) &d2
+# asm 1: faddl <d2=stack64#12
+# asm 2: faddl <d2=120(%rsp)
+faddl 120(%rsp)
+# comment:fpstackfrombottom:<h0#42:<h3#39:<h1#41:<h2#40:
+
+# qhasm:   h2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset2
+fsubl crypto_onetimeauth_poly1305_amd64_doffset2(%rip)
+# comment:fpstackfrombottom:<h0#42:<h3#39:<h1#41:<h2#40:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#2
+# asm 2: fxch <h1=%st(1)
+fxch %st(1)
+
+# qhasm:   h1 += *(float64 *) &d1
+# asm 1: faddl <d1=stack64#11
+# asm 2: faddl <d1=112(%rsp)
+faddl 112(%rsp)
+# comment:fpstackfrombottom:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset1
+fsubl crypto_onetimeauth_poly1305_amd64_doffset1(%rip)
+# comment:fpstackfrombottom:<h0#42:<h3#39:<h2#40:<h1#41:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#4
+# asm 2: fxch <h0=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += *(float64 *) &d0
+# asm 1: faddl <d0=stack64#10
+# asm 2: faddl <d0=104(%rsp)
+faddl 104(%rsp)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:
+
+# qhasm:   h0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_doffset0
+fsubl crypto_onetimeauth_poly1305_amd64_doffset0(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#4,<x0=float80#1
+# asm 2: fadd <h3=%st(3),<x0=%st(0)
+fadd %st(3),%st(0)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#4
+# asm 2: fsubr <x0=%st(0),<h3=%st(3)
+fsubr %st(0),%st(3)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#7,<x2=float80#1
+# asm 2: fadd <h1=%st(6),<x2=%st(0)
+fadd %st(6),%st(0)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#7
+# asm 2: fsubr <x2=%st(0),<h1=%st(6)
+fsubr %st(0),%st(6)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#6,<x3=float80#1
+# asm 2: fadd <h2=%st(5),<x3=%st(0)
+fadd %st(5),%st(0)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm:   h2 -= x3
+# asm 1: fsubr <x3=float80#1,<h2=float80#6
+# asm 2: fsubr <x3=%st(0),<h2=%st(5)
+fsubr %st(0),%st(5)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<h0#42:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#5
+# asm 2: fxch <h0=%st(4)
+fxch %st(4)
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#4
+# asm 2: faddp <h0=%st(0),<x0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h1#41:<h3#39:<h2#40:<x3#101:<x0#98:<x1#99:<x2#100:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#7
+# asm 2: fxch <h1=%st(6)
+fxch %st(6)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<h3#39:<h2#40:<x3#101:<x0#98:<x1#99:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#4
+# asm 2: fxch <h2=%st(3)
+fxch %st(3)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#6
+# asm 2: faddp <h2=%st(0),<x2=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x2#100:<h3#39:<x1#99:<x3#101:<x0#98:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#2
+# asm 2: faddp <h3=%st(0),<x3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:
+
+# qhasm:   h3 = *(float64 *) &r3
+# asm 1: fldl <r3=stack64#19
+# asm 2: fldl <r3=176(%rsp)
+fldl 176(%rsp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:
+
+# qhasm:   h3 *= x0
+# asm 1: fmul <x0=float80#4,<h3=float80#1
+# asm 2: fmul <x0=%st(3),<h3=%st(0)
+fmul %st(3),%st(0)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:
+
+# qhasm:   h2 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#17
+# asm 2: fldl <r2=160(%rsp)
+fldl 160(%rsp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:
+
+# qhasm:   h2 *= x0
+# asm 1: fmul <x0=float80#5,<h2=float80#1
+# asm 2: fmul <x0=%st(4),<h2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:
+
+# qhasm:   h1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h1 *= x0
+# asm 1: fmul <x0=float80#6,<h1=float80#1
+# asm 2: fmul <x0=%st(5),<h1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   h0 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   h0 *= x0
+# asm 1: fmulp <x0=float80#1,<h0=float80#7
+# asm 2: fmulp <x0=%st(0),<h0=%st(6)
+fmulp %st(0),%st(6)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r2x1 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#17
+# asm 2: fldl <r2=160(%rsp)
+fldl 160(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r2x1#102:
+
+# qhasm:   r2x1 *= x1
+# asm 1: fmul <x1=float80#6,<r2x1=float80#1
+# asm 2: fmul <x1=%st(5),<r2x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r2x1#102:
+
+# qhasm:   h3 += r2x1
+# asm 1: faddp <r2x1=float80#1,<h3=float80#4
+# asm 2: faddp <r2x1=%st(0),<h3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r1x1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r1x1#103:
+
+# qhasm:   r1x1 *= x1
+# asm 1: fmul <x1=float80#6,<r1x1=float80#1
+# asm 2: fmul <x1=%st(5),<r1x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r1x1#103:
+
+# qhasm:   h2 += r1x1
+# asm 1: faddp <r1x1=float80#1,<h2=float80#3
+# asm 2: faddp <r1x1=%st(0),<h2=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   r0x1 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r0x1#104:
+
+# qhasm:   r0x1 *= x1
+# asm 1: fmul <x1=float80#6,<r0x1=float80#1
+# asm 2: fmul <x1=%st(5),<r0x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<r0x1#104:
+
+# qhasm:   h1 += r0x1
+# asm 1: faddp <r0x1=float80#1,<h1=float80#2
+# asm 2: faddp <r0x1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm:   sr3x1 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<x1#99:<x3#101:<h3#39:<h2#40:<h1#41:<sr3x1#105:
+
+# qhasm:   sr3x1 *= x1
+# asm 1: fmulp <x1=float80#1,<sr3x1=float80#6
+# asm 2: fmulp <x1=%st(0),<sr3x1=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<sr3x1#105:<x3#101:<h3#39:<h2#40:<h1#41:
+
+# qhasm: internal stacktop sr3x1
+# asm 1: fxch <sr3x1=float80#5
+# asm 2: fxch <sr3x1=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr3x1
+# asm 1: faddp <sr3x1=float80#1,<h0=float80#6
+# asm 2: faddp <sr3x1=%st(0),<h0=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:
+
+# qhasm:   r1x2 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#15
+# asm 2: fldl <r1=144(%rsp)
+fldl 144(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r1x2#106:
+
+# qhasm:   r1x2 *= x2
+# asm 1: fmul <x2=float80#7,<r1x2=float80#1
+# asm 2: fmul <x2=%st(6),<r1x2=%st(0)
+fmul %st(6),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r1x2#106:
+
+# qhasm:   h3 += r1x2
+# asm 1: faddp <r1x2=float80#1,<h3=float80#3
+# asm 2: faddp <r1x2=%st(0),<h3=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:
+
+# qhasm:   r0x2 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r0x2#107:
+
+# qhasm:   r0x2 *= x2
+# asm 1: fmul <x2=float80#7,<r0x2=float80#1
+# asm 2: fmul <x2=%st(6),<r0x2=%st(0)
+fmul %st(6),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<r0x2#107:
+
+# qhasm:   h2 += r0x2
+# asm 1: faddp <r0x2=float80#1,<h2=float80#2
+# asm 2: faddp <r0x2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:
+
+# qhasm:   sr3x2 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<sr3x2#108:
+
+# qhasm:   sr3x2 *= x2
+# asm 1: fmul <x2=float80#7,<sr3x2=float80#1
+# asm 2: fmul <x2=%st(6),<sr3x2=%st(0)
+fmul %st(6),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<sr3x2#108:
+
+# qhasm:   h1 += sr3x2
+# asm 1: faddp <sr3x2=float80#1,<h1=float80#5
+# asm 2: faddp <sr3x2=%st(0),<h1=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:
+
+# qhasm:   sr2x2 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#18
+# asm 2: fldl <sr2=168(%rsp)
+fldl 168(%rsp)
+# comment:fpstackfrombottom:<x2#100:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:<sr2x2#109:
+
+# qhasm:   sr2x2 *= x2
+# asm 1: fmulp <x2=float80#1,<sr2x2=float80#7
+# asm 2: fmulp <x2=%st(0),<sr2x2=%st(6)
+fmulp %st(0),%st(6)
+# comment:fpstackfrombottom:<sr2x2#109:<h0#42:<h1#41:<x3#101:<h3#39:<h2#40:
+
+# qhasm: internal stacktop sr2x2
+# asm 1: fxch <sr2x2=float80#6
+# asm 2: fxch <sr2x2=%st(5)
+fxch %st(5)
+
+# qhasm:   h0 += sr2x2
+# asm 1: faddp <sr2x2=float80#1,<h0=float80#5
+# asm 2: faddp <sr2x2=%st(0),<h0=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:
+
+# qhasm:   r0x3 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#14
+# asm 2: fldl <r0=136(%rsp)
+fldl 136(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<r0x3#110:
+
+# qhasm:   r0x3 *= x3
+# asm 1: fmul <x3=float80#3,<r0x3=float80#1
+# asm 2: fmul <x3=%st(2),<r0x3=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<r0x3#110:
+
+# qhasm:   h3 += r0x3
+# asm 1: faddp <r0x3=float80#1,<h3=float80#2
+# asm 2: faddp <r0x3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:
+
+# qhasm:   sr3x3 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#20
+# asm 2: fldl <sr3=184(%rsp)
+fldl 184(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr3x3#111:
+
+# qhasm:   sr3x3 *= x3
+# asm 1: fmul <x3=float80#3,<sr3x3=float80#1
+# asm 2: fmul <x3=%st(2),<sr3x3=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr3x3#111:
+
+# qhasm:   h2 += sr3x3
+# asm 1: faddp <sr3x3=float80#1,<h2=float80#6
+# asm 2: faddp <sr3x3=%st(0),<h2=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:
+
+# qhasm:   sr2x3 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#18
+# asm 2: fldl <sr2=168(%rsp)
+fldl 168(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr2x3#112:
+
+# qhasm:   sr2x3 *= x3
+# asm 1: fmul <x3=float80#3,<sr2x3=float80#1
+# asm 2: fmul <x3=%st(2),<sr2x3=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr2x3#112:
+
+# qhasm:   h1 += sr2x3
+# asm 1: faddp <sr2x3=float80#1,<h1=float80#4
+# asm 2: faddp <sr2x3=%st(0),<h1=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:
+
+# qhasm:   sr1x3 = *(float64 *) &sr1
+# asm 1: fldl <sr1=stack64#16
+# asm 2: fldl <sr1=152(%rsp)
+fldl 152(%rsp)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<x3#101:<h3#39:<sr1x3#113:
+
+# qhasm:   sr1x3 *= x3
+# asm 1: fmulp <x3=float80#1,<sr1x3=float80#3
+# asm 2: fmulp <x3=%st(0),<sr1x3=%st(2)
+fmulp %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<sr1x3#113:<h3#39:
+
+# qhasm: internal stacktop sr1x3
+# asm 1: fxch <sr1x3=float80#2
+# asm 2: fxch <sr1x3=%st(1)
+fxch %st(1)
+
+# qhasm:   h0 += sr1x3
+# asm 1: faddp <sr1x3=float80#1,<h0=float80#4
+# asm 2: faddp <sr1x3=%st(0),<h0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h2#40:<h0#42:<h1#41:<h3#39:
+# comment:automatically reorganizing fp stack for fallthrough
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#4
+# asm 2: fxch <h2=%st(3)
+fxch %st(3)
+# comment:fpstackfrombottom:<h3#39:<h0#42:<h1#41:<h2#40:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#3
+# asm 2: fxch <h0=%st(2)
+fxch %st(2)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm: nomorebytes:
+._nomorebytes:
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fldl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#5,<x0=float80#1
+# asm 2: fadd <h3=%st(4),<x0=%st(0)
+fadd %st(4),%st(0)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha130
+fsubl crypto_onetimeauth_poly1305_amd64_alpha130(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#5
+# asm 2: fsubr <x0=%st(0),<h3=%st(4)
+fsubr %st(0),%st(4)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_amd64_scale
+fmull crypto_onetimeauth_poly1305_amd64_scale(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fldl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha32
+fsubl crypto_onetimeauth_poly1305_amd64_alpha32(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fldl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#5,<x2=float80#1
+# asm 2: fadd <h1=%st(4),<x2=%st(0)
+fadd %st(4),%st(0)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha64
+fsubl crypto_onetimeauth_poly1305_amd64_alpha64(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#5
+# asm 2: fsubr <x2=%st(0),<h1=%st(4)
+fsubr %st(0),%st(4)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fldl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<x3#117:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#7,<x3=float80#1
+# asm 2: fadd <h2=%st(6),<x3=%st(0)
+fadd %st(6),%st(0)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<x3#117:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_amd64_alpha96
+fsubl crypto_onetimeauth_poly1305_amd64_alpha96(%rip)
+# comment:fpstackfrombottom:<h3#39:<h2#40:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<x3#117:
+
+# qhasm:   stacktop h2
+# asm 1: fxch <h2=float80#7
+# asm 2: fxch <h2=%st(6)
+fxch %st(6)
+# comment:fpstackfrombottom:<h3#39:<x3#117:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<h2#40:
+
+# qhasm:   h2 -= x3
+# asm 1: fsub <x3=float80#7,<h2=float80#1
+# asm 2: fsub <x3=%st(6),<h2=%st(0)
+fsub %st(6),%st(0)
+# comment:fpstackfrombottom:<h3#39:<x3#117:<h1#41:<h0#42:<x0#114:<x1#115:<x2#116:<h2#40:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#5
+# asm 2: fxch <h0=%st(4)
+fxch %st(4)
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#4
+# asm 2: faddp <h0=%st(0),<x0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h3#39:<x3#117:<h1#41:<h2#40:<x0#114:<x1#115:<x2#116:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#5
+# asm 2: fxch <h1=%st(4)
+fxch %st(4)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h3#39:<x3#117:<x2#116:<h2#40:<x0#114:<x1#115:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#3
+# asm 2: fxch <h2=%st(2)
+fxch %st(2)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#4
+# asm 2: faddp <h2=%st(0),<x2=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h3#39:<x3#117:<x2#116:<x1#115:<x0#114:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#5
+# asm 2: fxch <h3=%st(4)
+fxch %st(4)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#4
+# asm 2: faddp <h3=%st(0),<x3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x0#114:<x3#117:<x2#116:<x1#115:
+
+# qhasm: internal stacktop x0
+# asm 1: fxch <x0=float80#4
+# asm 2: fxch <x0=%st(3)
+fxch %st(3)
+
+# qhasm:   x0 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset0
+faddl crypto_onetimeauth_poly1305_amd64_hoffset0(%rip)
+# comment:fpstackfrombottom:<x1#115:<x3#117:<x2#116:<x0#114:
+
+# qhasm: internal stacktop x1
+# asm 1: fxch <x1=float80#4
+# asm 2: fxch <x1=%st(3)
+fxch %st(3)
+
+# qhasm:   x1 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset1
+faddl crypto_onetimeauth_poly1305_amd64_hoffset1(%rip)
+# comment:fpstackfrombottom:<x0#114:<x3#117:<x2#116:<x1#115:
+
+# qhasm: internal stacktop x2
+# asm 1: fxch <x2=float80#2
+# asm 2: fxch <x2=%st(1)
+fxch %st(1)
+
+# qhasm:   x2 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset2
+faddl crypto_onetimeauth_poly1305_amd64_hoffset2(%rip)
+# comment:fpstackfrombottom:<x0#114:<x3#117:<x1#115:<x2#116:
+
+# qhasm: internal stacktop x3
+# asm 1: fxch <x3=float80#3
+# asm 2: fxch <x3=%st(2)
+fxch %st(2)
+
+# qhasm:   x3 += *(float64 *) &crypto_onetimeauth_poly1305_amd64_hoffset3
+faddl crypto_onetimeauth_poly1305_amd64_hoffset3(%rip)
+# comment:fpstackfrombottom:<x0#114:<x2#116:<x1#115:<x3#117:
+
+# qhasm: internal stacktop x0
+# asm 1: fxch <x0=float80#4
+# asm 2: fxch <x0=%st(3)
+fxch %st(3)
+
+# qhasm:   *(float64 *) &d0 = x0
+# asm 1: fstpl >d0=stack64#10
+# asm 2: fstpl >d0=104(%rsp)
+fstpl 104(%rsp)
+# comment:fpstackfrombottom:<x3#117:<x2#116:<x1#115:
+
+# qhasm:   *(float64 *) &d1 = x1
+# asm 1: fstpl >d1=stack64#11
+# asm 2: fstpl >d1=112(%rsp)
+fstpl 112(%rsp)
+# comment:fpstackfrombottom:<x3#117:<x2#116:
+
+# qhasm:   *(float64 *) &d2 = x2
+# asm 1: fstpl >d2=stack64#12
+# asm 2: fstpl >d2=120(%rsp)
+fstpl 120(%rsp)
+# comment:fpstackfrombottom:<x3#117:
+
+# qhasm:   *(float64 *) &d3 = x3
+# asm 1: fstpl >d3=stack64#13
+# asm 2: fstpl >d3=128(%rsp)
+fstpl 128(%rsp)
+# comment:fpstackfrombottom:
+
+# qhasm: int64 f0
+
+# qhasm: int64 f1
+
+# qhasm: int64 f2
+
+# qhasm: int64 f3
+
+# qhasm: int64 f4
+
+# qhasm: int64 g0
+
+# qhasm: int64 g1
+
+# qhasm: int64 g2
+
+# qhasm: int64 g3
+
+# qhasm: int64 f
+
+# qhasm: int64 notf
+
+# qhasm: stack64 f1_stack
+
+# qhasm: stack64 f2_stack
+
+# qhasm: stack64 f3_stack
+
+# qhasm: stack64 f4_stack
+
+# qhasm: stack64 g0_stack
+
+# qhasm: stack64 g1_stack
+
+# qhasm: stack64 g2_stack
+
+# qhasm: stack64 g3_stack
+
+# qhasm:   g0 = top d0
+# asm 1: movl <d0=stack64#10,>g0=int64#1d
+# asm 2: movl <d0=108(%rsp),>g0=%edi
+movl 108(%rsp),%edi
+
+# qhasm:   (uint32) g0 &= 63
+# asm 1: and  $63,<g0=int64#1d
+# asm 2: and  $63,<g0=%edi
+and  $63,%edi
+
+# qhasm:   g1 = top d1
+# asm 1: movl <d1=stack64#11,>g1=int64#2d
+# asm 2: movl <d1=116(%rsp),>g1=%esi
+movl 116(%rsp),%esi
+
+# qhasm:   (uint32) g1 &= 63
+# asm 1: and  $63,<g1=int64#2d
+# asm 2: and  $63,<g1=%esi
+and  $63,%esi
+
+# qhasm:   g2 = top d2
+# asm 1: movl <d2=stack64#12,>g2=int64#3d
+# asm 2: movl <d2=124(%rsp),>g2=%edx
+movl 124(%rsp),%edx
+
+# qhasm:   (uint32) g2 &= 63
+# asm 1: and  $63,<g2=int64#3d
+# asm 2: and  $63,<g2=%edx
+and  $63,%edx
+
+# qhasm:   g3 = top d3
+# asm 1: movl <d3=stack64#13,>g3=int64#4d
+# asm 2: movl <d3=132(%rsp),>g3=%ecx
+movl 132(%rsp),%ecx
+
+# qhasm:   (uint32) g3 &= 63
+# asm 1: and  $63,<g3=int64#4d
+# asm 2: and  $63,<g3=%ecx
+and  $63,%ecx
+
+# qhasm:   f1 = bottom d1
+# asm 1: movl <d1=stack64#11,>f1=int64#5d
+# asm 2: movl <d1=112(%rsp),>f1=%r8d
+movl 112(%rsp),%r8d
+
+# qhasm:   carry? (uint32) f1 += g0
+# asm 1: add <g0=int64#1d,<f1=int64#5d
+# asm 2: add <g0=%edi,<f1=%r8d
+add %edi,%r8d
+
+# qhasm:   f1_stack = f1
+# asm 1: movq <f1=int64#5,>f1_stack=stack64#11
+# asm 2: movq <f1=%r8,>f1_stack=112(%rsp)
+movq %r8,112(%rsp)
+
+# qhasm:   f2 = bottom d2
+# asm 1: movl <d2=stack64#12,>f2=int64#1d
+# asm 2: movl <d2=120(%rsp),>f2=%edi
+movl 120(%rsp),%edi
+
+# qhasm:   carry? (uint32) f2 += g1 + carry
+# asm 1: adc <g1=int64#2d,<f2=int64#1d
+# asm 2: adc <g1=%esi,<f2=%edi
+adc %esi,%edi
+
+# qhasm:   f2_stack = f2
+# asm 1: movq <f2=int64#1,>f2_stack=stack64#12
+# asm 2: movq <f2=%rdi,>f2_stack=120(%rsp)
+movq %rdi,120(%rsp)
+
+# qhasm:   f3 = bottom d3
+# asm 1: movl <d3=stack64#13,>f3=int64#1d
+# asm 2: movl <d3=128(%rsp),>f3=%edi
+movl 128(%rsp),%edi
+
+# qhasm:   carry? (uint32) f3 += g2 + carry
+# asm 1: adc <g2=int64#3d,<f3=int64#1d
+# asm 2: adc <g2=%edx,<f3=%edi
+adc %edx,%edi
+
+# qhasm:   f3_stack = f3
+# asm 1: movq <f3=int64#1,>f3_stack=stack64#13
+# asm 2: movq <f3=%rdi,>f3_stack=128(%rsp)
+movq %rdi,128(%rsp)
+
+# qhasm:   f4 = 0
+# asm 1: mov  $0,>f4=int64#1
+# asm 2: mov  $0,>f4=%rdi
+mov  $0,%rdi
+
+# qhasm:   carry? (uint32) f4 += g3 + carry
+# asm 1: adc <g3=int64#4d,<f4=int64#1d
+# asm 2: adc <g3=%ecx,<f4=%edi
+adc %ecx,%edi
+
+# qhasm:   f4_stack = f4
+# asm 1: movq <f4=int64#1,>f4_stack=stack64#14
+# asm 2: movq <f4=%rdi,>f4_stack=136(%rsp)
+movq %rdi,136(%rsp)
+
+# qhasm:   g0 = 5
+# asm 1: mov  $5,>g0=int64#1
+# asm 2: mov  $5,>g0=%rdi
+mov  $5,%rdi
+
+# qhasm:   f0 = bottom d0
+# asm 1: movl <d0=stack64#10,>f0=int64#2d
+# asm 2: movl <d0=104(%rsp),>f0=%esi
+movl 104(%rsp),%esi
+
+# qhasm:   carry? (uint32) g0 += f0
+# asm 1: add <f0=int64#2d,<g0=int64#1d
+# asm 2: add <f0=%esi,<g0=%edi
+add %esi,%edi
+
+# qhasm:   g0_stack = g0
+# asm 1: movq <g0=int64#1,>g0_stack=stack64#10
+# asm 2: movq <g0=%rdi,>g0_stack=104(%rsp)
+movq %rdi,104(%rsp)
+
+# qhasm:   g1 = 0
+# asm 1: mov  $0,>g1=int64#1
+# asm 2: mov  $0,>g1=%rdi
+mov  $0,%rdi
+
+# qhasm:   f1 = f1_stack
+# asm 1: movq <f1_stack=stack64#11,>f1=int64#3
+# asm 2: movq <f1_stack=112(%rsp),>f1=%rdx
+movq 112(%rsp),%rdx
+
+# qhasm:   carry? (uint32) g1 += f1 + carry
+# asm 1: adc <f1=int64#3d,<g1=int64#1d
+# asm 2: adc <f1=%edx,<g1=%edi
+adc %edx,%edi
+
+# qhasm:   g1_stack = g1
+# asm 1: movq <g1=int64#1,>g1_stack=stack64#11
+# asm 2: movq <g1=%rdi,>g1_stack=112(%rsp)
+movq %rdi,112(%rsp)
+
+# qhasm:   g2 = 0
+# asm 1: mov  $0,>g2=int64#1
+# asm 2: mov  $0,>g2=%rdi
+mov  $0,%rdi
+
+# qhasm:   f2 = f2_stack
+# asm 1: movq <f2_stack=stack64#12,>f2=int64#4
+# asm 2: movq <f2_stack=120(%rsp),>f2=%rcx
+movq 120(%rsp),%rcx
+
+# qhasm:   carry? (uint32) g2 += f2 + carry
+# asm 1: adc <f2=int64#4d,<g2=int64#1d
+# asm 2: adc <f2=%ecx,<g2=%edi
+adc %ecx,%edi
+
+# qhasm:   g2_stack = g2
+# asm 1: movq <g2=int64#1,>g2_stack=stack64#12
+# asm 2: movq <g2=%rdi,>g2_stack=120(%rsp)
+movq %rdi,120(%rsp)
+
+# qhasm:   g3 = 0
+# asm 1: mov  $0,>g3=int64#1
+# asm 2: mov  $0,>g3=%rdi
+mov  $0,%rdi
+
+# qhasm:   f3 = f3_stack
+# asm 1: movq <f3_stack=stack64#13,>f3=int64#5
+# asm 2: movq <f3_stack=128(%rsp),>f3=%r8
+movq 128(%rsp),%r8
+
+# qhasm:   carry? (uint32) g3 += f3 + carry
+# asm 1: adc <f3=int64#5d,<g3=int64#1d
+# asm 2: adc <f3=%r8d,<g3=%edi
+adc %r8d,%edi
+
+# qhasm:   g3_stack = g3
+# asm 1: movq <g3=int64#1,>g3_stack=stack64#13
+# asm 2: movq <g3=%rdi,>g3_stack=128(%rsp)
+movq %rdi,128(%rsp)
+
+# qhasm:   f = 0xfffffffc
+# asm 1: mov  $0xfffffffc,>f=int64#1
+# asm 2: mov  $0xfffffffc,>f=%rdi
+mov  $0xfffffffc,%rdi
+
+# qhasm:   f4 = f4_stack
+# asm 1: movq <f4_stack=stack64#14,>f4=int64#6
+# asm 2: movq <f4_stack=136(%rsp),>f4=%r9
+movq 136(%rsp),%r9
+
+# qhasm:   carry? (uint32) f += f4 + carry
+# asm 1: adc <f4=int64#6d,<f=int64#1d
+# asm 2: adc <f4=%r9d,<f=%edi
+adc %r9d,%edi
+
+# qhasm:   (int32) f >>= 16
+# asm 1: sar  $16,<f=int64#1d
+# asm 2: sar  $16,<f=%edi
+sar  $16,%edi
+
+# qhasm:   notf = f
+# asm 1: mov  <f=int64#1,>notf=int64#6
+# asm 2: mov  <f=%rdi,>notf=%r9
+mov  %rdi,%r9
+
+# qhasm:   (uint32) notf ^= 0xffffffff
+# asm 1: xor  $0xffffffff,<notf=int64#6d
+# asm 2: xor  $0xffffffff,<notf=%r9d
+xor  $0xffffffff,%r9d
+
+# qhasm:   f0 &= f
+# asm 1: and  <f=int64#1,<f0=int64#2
+# asm 2: and  <f=%rdi,<f0=%rsi
+and  %rdi,%rsi
+
+# qhasm:   g0 = g0_stack
+# asm 1: movq <g0_stack=stack64#10,>g0=int64#7
+# asm 2: movq <g0_stack=104(%rsp),>g0=%rax
+movq 104(%rsp),%rax
+
+# qhasm:   g0 &= notf
+# asm 1: and  <notf=int64#6,<g0=int64#7
+# asm 2: and  <notf=%r9,<g0=%rax
+and  %r9,%rax
+
+# qhasm:   f0 |= g0
+# asm 1: or   <g0=int64#7,<f0=int64#2
+# asm 2: or   <g0=%rax,<f0=%rsi
+or   %rax,%rsi
+
+# qhasm:   f1 &= f
+# asm 1: and  <f=int64#1,<f1=int64#3
+# asm 2: and  <f=%rdi,<f1=%rdx
+and  %rdi,%rdx
+
+# qhasm:   g1 = g1_stack
+# asm 1: movq <g1_stack=stack64#11,>g1=int64#7
+# asm 2: movq <g1_stack=112(%rsp),>g1=%rax
+movq 112(%rsp),%rax
+
+# qhasm:   g1 &= notf
+# asm 1: and  <notf=int64#6,<g1=int64#7
+# asm 2: and  <notf=%r9,<g1=%rax
+and  %r9,%rax
+
+# qhasm:   f1 |= g1
+# asm 1: or   <g1=int64#7,<f1=int64#3
+# asm 2: or   <g1=%rax,<f1=%rdx
+or   %rax,%rdx
+
+# qhasm:   f2 &= f
+# asm 1: and  <f=int64#1,<f2=int64#4
+# asm 2: and  <f=%rdi,<f2=%rcx
+and  %rdi,%rcx
+
+# qhasm:   g2 = g2_stack
+# asm 1: movq <g2_stack=stack64#12,>g2=int64#7
+# asm 2: movq <g2_stack=120(%rsp),>g2=%rax
+movq 120(%rsp),%rax
+
+# qhasm:   g2 &= notf
+# asm 1: and  <notf=int64#6,<g2=int64#7
+# asm 2: and  <notf=%r9,<g2=%rax
+and  %r9,%rax
+
+# qhasm:   f2 |= g2
+# asm 1: or   <g2=int64#7,<f2=int64#4
+# asm 2: or   <g2=%rax,<f2=%rcx
+or   %rax,%rcx
+
+# qhasm:   f3 &= f
+# asm 1: and  <f=int64#1,<f3=int64#5
+# asm 2: and  <f=%rdi,<f3=%r8
+and  %rdi,%r8
+
+# qhasm:   g3 = g3_stack
+# asm 1: movq <g3_stack=stack64#13,>g3=int64#1
+# asm 2: movq <g3_stack=128(%rsp),>g3=%rdi
+movq 128(%rsp),%rdi
+
+# qhasm:   g3 &= notf
+# asm 1: and  <notf=int64#6,<g3=int64#1
+# asm 2: and  <notf=%r9,<g3=%rdi
+and  %r9,%rdi
+
+# qhasm:   f3 |= g3
+# asm 1: or   <g3=int64#1,<f3=int64#5
+# asm 2: or   <g3=%rdi,<f3=%r8
+or   %rdi,%r8
+
+# qhasm:   out = out_stack
+# asm 1: movq <out_stack=stack64#8,>out=int64#1
+# asm 2: movq <out_stack=88(%rsp),>out=%rdi
+movq 88(%rsp),%rdi
+
+# qhasm:   k = k_stack
+# asm 1: movq <k_stack=stack64#9,>k=int64#6
+# asm 2: movq <k_stack=96(%rsp),>k=%r9
+movq 96(%rsp),%r9
+
+# qhasm:   carry? (uint32) f0 += *(uint32 *) (k + 16)
+# asm 1: addl 16(<k=int64#6),<f0=int64#2d
+# asm 2: addl 16(<k=%r9),<f0=%esi
+addl 16(%r9),%esi
+
+# qhasm:   carry? (uint32) f1 += *(uint32 *) (k + 20) + carry
+# asm 1: adcl 20(<k=int64#6),<f1=int64#3d
+# asm 2: adcl 20(<k=%r9),<f1=%edx
+adcl 20(%r9),%edx
+
+# qhasm:   carry? (uint32) f2 += *(uint32 *) (k + 24) + carry
+# asm 1: adcl 24(<k=int64#6),<f2=int64#4d
+# asm 2: adcl 24(<k=%r9),<f2=%ecx
+adcl 24(%r9),%ecx
+
+# qhasm:   carry? (uint32) f3 += *(uint32 *) (k + 28) + carry
+# asm 1: adcl 28(<k=int64#6),<f3=int64#5d
+# asm 2: adcl 28(<k=%r9),<f3=%r8d
+adcl 28(%r9),%r8d
+
+# qhasm:   *(uint32 *) (out + 0) = f0
+# asm 1: movl   <f0=int64#2d,0(<out=int64#1)
+# asm 2: movl   <f0=%esi,0(<out=%rdi)
+movl   %esi,0(%rdi)
+
+# qhasm:   *(uint32 *) (out + 4) = f1
+# asm 1: movl   <f1=int64#3d,4(<out=int64#1)
+# asm 2: movl   <f1=%edx,4(<out=%rdi)
+movl   %edx,4(%rdi)
+
+# qhasm:   *(uint32 *) (out + 8) = f2
+# asm 1: movl   <f2=int64#4d,8(<out=int64#1)
+# asm 2: movl   <f2=%ecx,8(<out=%rdi)
+movl   %ecx,8(%rdi)
+
+# qhasm:   *(uint32 *) (out + 12) = f3
+# asm 1: movl   <f3=int64#5d,12(<out=int64#1)
+# asm 2: movl   <f3=%r8d,12(<out=%rdi)
+movl   %r8d,12(%rdi)
+
+# qhasm: r11_caller = r11_stack
+# asm 1: movq <r11_stack=stack64#1,>r11_caller=int64#9
+# asm 2: movq <r11_stack=32(%rsp),>r11_caller=%r11
+movq 32(%rsp),%r11
+
+# qhasm: r12_caller = r12_stack
+# asm 1: movq <r12_stack=stack64#2,>r12_caller=int64#10
+# asm 2: movq <r12_stack=40(%rsp),>r12_caller=%r12
+movq 40(%rsp),%r12
+
+# qhasm: r13_caller = r13_stack
+# asm 1: movq <r13_stack=stack64#3,>r13_caller=int64#11
+# asm 2: movq <r13_stack=48(%rsp),>r13_caller=%r13
+movq 48(%rsp),%r13
+
+# qhasm: r14_caller = r14_stack
+# asm 1: movq <r14_stack=stack64#4,>r14_caller=int64#12
+# asm 2: movq <r14_stack=56(%rsp),>r14_caller=%r14
+movq 56(%rsp),%r14
+
+# qhasm: r15_caller = r15_stack
+# asm 1: movq <r15_stack=stack64#5,>r15_caller=int64#13
+# asm 2: movq <r15_stack=64(%rsp),>r15_caller=%r15
+movq 64(%rsp),%r15
+
+# qhasm: rbx_caller = rbx_stack
+# asm 1: movq <rbx_stack=stack64#6,>rbx_caller=int64#14
+# asm 2: movq <rbx_stack=72(%rsp),>rbx_caller=%rbx
+movq 72(%rsp),%rbx
+
+# qhasm: rbp_caller = rbp_stack
+# asm 1: movq <rbp_stack=stack64#7,>rbp_caller=int64#15
+# asm 2: movq <rbp_stack=80(%rsp),>rbp_caller=%rbp
+movq 80(%rsp),%rbp
+
+# qhasm: leave
+add %r11,%rsp
+xor %rax,%rax
+xor %rdx,%rdx
+ret
diff --git a/nacl/crypto_onetimeauth/poly1305/amd64/constants.s b/nacl/crypto_onetimeauth/poly1305/amd64/constants.s
new file mode 100644
index 00000000..1bfb0be9
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/amd64/constants.s
@@ -0,0 +1,85 @@
+# version 20080913
+# D. J. Bernstein
+# Public domain.
+
+.data
+.section .rodata
+.p2align 5
+
+.globl _crypto_onetimeauth_poly1305_amd64_constants
+.globl crypto_onetimeauth_poly1305_amd64_constants
+.globl crypto_onetimeauth_poly1305_amd64_scale
+.globl crypto_onetimeauth_poly1305_amd64_two32
+.globl crypto_onetimeauth_poly1305_amd64_two64
+.globl crypto_onetimeauth_poly1305_amd64_two96
+.globl crypto_onetimeauth_poly1305_amd64_alpha32
+.globl crypto_onetimeauth_poly1305_amd64_alpha64
+.globl crypto_onetimeauth_poly1305_amd64_alpha96
+.globl crypto_onetimeauth_poly1305_amd64_alpha130
+.globl crypto_onetimeauth_poly1305_amd64_doffset0
+.globl crypto_onetimeauth_poly1305_amd64_doffset1
+.globl crypto_onetimeauth_poly1305_amd64_doffset2
+.globl crypto_onetimeauth_poly1305_amd64_doffset3
+.globl crypto_onetimeauth_poly1305_amd64_doffset3minustwo128
+.globl crypto_onetimeauth_poly1305_amd64_hoffset0
+.globl crypto_onetimeauth_poly1305_amd64_hoffset1
+.globl crypto_onetimeauth_poly1305_amd64_hoffset2
+.globl crypto_onetimeauth_poly1305_amd64_hoffset3
+.globl crypto_onetimeauth_poly1305_amd64_rounding
+
+_crypto_onetimeauth_poly1305_amd64_constants:
+crypto_onetimeauth_poly1305_amd64_constants:
+crypto_onetimeauth_poly1305_amd64_scale:
+.long 0x0,0x37f40000
+
+crypto_onetimeauth_poly1305_amd64_two32:
+.long 0x0,0x41f00000
+
+crypto_onetimeauth_poly1305_amd64_two64:
+.long 0x0,0x43f00000
+
+crypto_onetimeauth_poly1305_amd64_two96:
+.long 0x0,0x45f00000
+
+crypto_onetimeauth_poly1305_amd64_alpha32:
+.long 0x0,0x45e80000
+
+crypto_onetimeauth_poly1305_amd64_alpha64:
+.long 0x0,0x47e80000
+
+crypto_onetimeauth_poly1305_amd64_alpha96:
+.long 0x0,0x49e80000
+
+crypto_onetimeauth_poly1305_amd64_alpha130:
+.long 0x0,0x4c080000
+
+crypto_onetimeauth_poly1305_amd64_doffset0:
+.long 0x0,0x43300000
+
+crypto_onetimeauth_poly1305_amd64_doffset1:
+.long 0x0,0x45300000
+
+crypto_onetimeauth_poly1305_amd64_doffset2:
+.long 0x0,0x47300000
+
+crypto_onetimeauth_poly1305_amd64_doffset3:
+.long 0x0,0x49300000
+
+crypto_onetimeauth_poly1305_amd64_doffset3minustwo128:
+.long 0x0,0x492ffffe
+
+crypto_onetimeauth_poly1305_amd64_hoffset0:
+.long 0xfffffffb,0x43300001
+
+crypto_onetimeauth_poly1305_amd64_hoffset1:
+.long 0xfffffffe,0x45300001
+
+crypto_onetimeauth_poly1305_amd64_hoffset2:
+.long 0xfffffffe,0x47300001
+
+crypto_onetimeauth_poly1305_amd64_hoffset3:
+.long 0xfffffffe,0x49300003
+
+crypto_onetimeauth_poly1305_amd64_rounding:
+.byte 0x7f
+.byte 0x13
diff --git a/nacl/crypto_onetimeauth/poly1305/amd64/verify.c b/nacl/crypto_onetimeauth/poly1305/amd64/verify.c
new file mode 100644
index 00000000..c7e063f1
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/amd64/verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}
diff --git a/nacl/crypto_onetimeauth/poly1305/checksum b/nacl/crypto_onetimeauth/poly1305/checksum
new file mode 100644
index 00000000..a713ea40
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/checksum
@@ -0,0 +1 @@
+e836d5ca58cf673fca2b4910f23f3990
diff --git a/nacl/crypto_onetimeauth/poly1305/ref/api.h b/nacl/crypto_onetimeauth/poly1305/ref/api.h
new file mode 100644
index 00000000..acc133ed
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/ref/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32
diff --git a/nacl/crypto_onetimeauth/poly1305/ref/auth.c b/nacl/crypto_onetimeauth/poly1305/ref/auth.c
new file mode 100644
index 00000000..06cf115d
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/ref/auth.c
@@ -0,0 +1,104 @@
+/*
+20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_onetimeauth.h"
+
+static void add(unsigned int h[17],const unsigned int c[17])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; }
+}
+
+static void squeeze(unsigned int h[17])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+  u += h[16]; h[16] = u & 3;
+  u = 5 * (u >> 2);
+  for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+  u += h[16]; h[16] = u;
+}
+
+static const unsigned int minusp[17] = {
+  5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252
+} ;
+
+static void freeze(unsigned int h[17])
+{
+  unsigned int horig[17];
+  unsigned int j;
+  unsigned int negative;
+  for (j = 0;j < 17;++j) horig[j] = h[j];
+  add(h,minusp);
+  negative = -(h[16] >> 7);
+  for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]);
+}
+
+static void mulmod(unsigned int h[17],const unsigned int r[17])
+{
+  unsigned int hr[17];
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 17;++i) {
+    u = 0;
+    for (j = 0;j <= i;++j) u += h[j] * r[i - j];
+    for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j];
+    hr[i] = u;
+  }
+  for (i = 0;i < 17;++i) h[i] = hr[i];
+  squeeze(h);
+}
+
+int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned int j;
+  unsigned int r[17];
+  unsigned int h[17];
+  unsigned int c[17];
+
+  r[0] = k[0];
+  r[1] = k[1];
+  r[2] = k[2];
+  r[3] = k[3] & 15;
+  r[4] = k[4] & 252;
+  r[5] = k[5];
+  r[6] = k[6];
+  r[7] = k[7] & 15;
+  r[8] = k[8] & 252;
+  r[9] = k[9];
+  r[10] = k[10];
+  r[11] = k[11] & 15;
+  r[12] = k[12] & 252;
+  r[13] = k[13];
+  r[14] = k[14];
+  r[15] = k[15] & 15;
+  r[16] = 0;
+
+  for (j = 0;j < 17;++j) h[j] = 0;
+
+  while (inlen > 0) {
+    for (j = 0;j < 17;++j) c[j] = 0;
+    for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j];
+    c[j] = 1;
+    in += j; inlen -= j;
+    add(h,c);
+    mulmod(h,r);
+  }
+
+  freeze(h);
+
+  for (j = 0;j < 16;++j) c[j] = k[j + 16];
+  c[16] = 0;
+  add(h,c);
+  for (j = 0;j < 16;++j) out[j] = h[j];
+  return 0;
+}
diff --git a/nacl/crypto_onetimeauth/poly1305/ref/verify.c b/nacl/crypto_onetimeauth/poly1305/ref/verify.c
new file mode 100644
index 00000000..c7e063f1
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/ref/verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}
diff --git a/nacl/crypto_onetimeauth/poly1305/selected b/nacl/crypto_onetimeauth/poly1305/selected
new file mode 100644
index 00000000..e69de29b
diff --git a/nacl/crypto_onetimeauth/poly1305/used b/nacl/crypto_onetimeauth/poly1305/used
new file mode 100644
index 00000000..e69de29b
diff --git a/nacl/crypto_onetimeauth/poly1305/x86/api.h b/nacl/crypto_onetimeauth/poly1305/x86/api.h
new file mode 100644
index 00000000..acc133ed
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/x86/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32
diff --git a/nacl/crypto_onetimeauth/poly1305/x86/auth.s b/nacl/crypto_onetimeauth/poly1305/x86/auth.s
new file mode 100644
index 00000000..acb8c51c
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/x86/auth.s
@@ -0,0 +1,2779 @@
+
+# qhasm: stack32 arg_out
+
+# qhasm: stack32 arg_m
+
+# qhasm: stack32 arg_l
+
+# qhasm: stack32 arg_ltop
+
+# qhasm: stack32 arg_k
+
+# qhasm: input arg_out
+
+# qhasm: input arg_m
+
+# qhasm: input arg_l
+
+# qhasm: input arg_ltop
+
+# qhasm: input arg_k
+
+# qhasm: int32 eax
+
+# qhasm: int32 ebx
+
+# qhasm: int32 esi
+
+# qhasm: int32 edi
+
+# qhasm: int32 ebp
+
+# qhasm: caller eax
+
+# qhasm: caller ebx
+
+# qhasm: caller esi
+
+# qhasm: caller edi
+
+# qhasm: caller ebp
+
+# qhasm: stack32 eax_stack
+
+# qhasm: stack32 ebx_stack
+
+# qhasm: stack32 esi_stack
+
+# qhasm: stack32 edi_stack
+
+# qhasm: stack32 ebp_stack
+
+# qhasm: int32 out
+
+# qhasm: stack32 out_stack
+
+# qhasm: int32 k
+
+# qhasm: stack32 k_stack
+
+# qhasm: int32 m
+
+# qhasm: int32 l
+
+# qhasm: int32 m0
+
+# qhasm: int32 m1
+
+# qhasm: int32 m2
+
+# qhasm: int32 m3
+
+# qhasm: float80 a0
+
+# qhasm: float80 a1
+
+# qhasm: float80 a2
+
+# qhasm: float80 a3
+
+# qhasm: float80 h0
+
+# qhasm: float80 h1
+
+# qhasm: float80 h2
+
+# qhasm: float80 h3
+
+# qhasm: float80 x0
+
+# qhasm: float80 x1
+
+# qhasm: float80 x2
+
+# qhasm: float80 x3
+
+# qhasm: float80 y0
+
+# qhasm: float80 y1
+
+# qhasm: float80 y2
+
+# qhasm: float80 y3
+
+# qhasm: float80 r0x0
+
+# qhasm: float80 r1x0
+
+# qhasm: float80 r2x0
+
+# qhasm: float80 r3x0
+
+# qhasm: float80 r0x1
+
+# qhasm: float80 r1x1
+
+# qhasm: float80 r2x1
+
+# qhasm: float80 sr3x1
+
+# qhasm: float80 r0x2
+
+# qhasm: float80 r1x2
+
+# qhasm: float80 sr2x2
+
+# qhasm: float80 sr3x2
+
+# qhasm: float80 r0x3
+
+# qhasm: float80 sr1x3
+
+# qhasm: float80 sr2x3
+
+# qhasm: float80 sr3x3
+
+# qhasm: stack64 d0
+
+# qhasm: stack64 d1
+
+# qhasm: stack64 d2
+
+# qhasm: stack64 d3
+
+# qhasm: stack64 r0
+
+# qhasm: stack64 r1
+
+# qhasm: stack64 r2
+
+# qhasm: stack64 r3
+
+# qhasm: stack64 sr1
+
+# qhasm: stack64 sr2
+
+# qhasm: stack64 sr3
+
+# qhasm: enter crypto_onetimeauth_poly1305_x86 stackaligned4096 crypto_onetimeauth_poly1305_x86_constants
+.text
+.p2align 5
+.globl _crypto_onetimeauth_poly1305_x86
+.globl crypto_onetimeauth_poly1305_x86
+_crypto_onetimeauth_poly1305_x86:
+crypto_onetimeauth_poly1305_x86:
+mov %esp,%eax
+sub $crypto_onetimeauth_poly1305_x86_constants,%eax
+and $4095,%eax
+add $192,%eax
+sub %eax,%esp
+
+# qhasm: eax_stack = eax
+# asm 1: movl <eax=int32#1,>eax_stack=stack32#1
+# asm 2: movl <eax=%eax,>eax_stack=0(%esp)
+movl %eax,0(%esp)
+
+# qhasm: ebx_stack = ebx
+# asm 1: movl <ebx=int32#4,>ebx_stack=stack32#2
+# asm 2: movl <ebx=%ebx,>ebx_stack=4(%esp)
+movl %ebx,4(%esp)
+
+# qhasm: esi_stack = esi
+# asm 1: movl <esi=int32#5,>esi_stack=stack32#3
+# asm 2: movl <esi=%esi,>esi_stack=8(%esp)
+movl %esi,8(%esp)
+
+# qhasm: edi_stack = edi
+# asm 1: movl <edi=int32#6,>edi_stack=stack32#4
+# asm 2: movl <edi=%edi,>edi_stack=12(%esp)
+movl %edi,12(%esp)
+
+# qhasm: ebp_stack = ebp
+# asm 1: movl <ebp=int32#7,>ebp_stack=stack32#5
+# asm 2: movl <ebp=%ebp,>ebp_stack=16(%esp)
+movl %ebp,16(%esp)
+
+# qhasm:   round *(uint16 *) &crypto_onetimeauth_poly1305_x86_rounding
+fldcw crypto_onetimeauth_poly1305_x86_rounding
+
+# qhasm:   k = arg_k
+# asm 1: movl <arg_k=stack32#-5,>k=int32#3
+# asm 2: movl <arg_k=20(%esp,%eax),>k=%edx
+movl 20(%esp,%eax),%edx
+
+# qhasm:   m0 = *(uint32 *) (k + 0)
+# asm 1: movl 0(<k=int32#3),>m0=int32#2
+# asm 2: movl 0(<k=%edx),>m0=%ecx
+movl 0(%edx),%ecx
+
+# qhasm:   m1 = *(uint32 *) (k + 4)
+# asm 1: movl 4(<k=int32#3),>m1=int32#4
+# asm 2: movl 4(<k=%edx),>m1=%ebx
+movl 4(%edx),%ebx
+
+# qhasm:   m2 = *(uint32 *) (k + 8)
+# asm 1: movl 8(<k=int32#3),>m2=int32#5
+# asm 2: movl 8(<k=%edx),>m2=%esi
+movl 8(%edx),%esi
+
+# qhasm:   m3 = *(uint32 *) (k + 12)
+# asm 1: movl 12(<k=int32#3),>m3=int32#6
+# asm 2: movl 12(<k=%edx),>m3=%edi
+movl 12(%edx),%edi
+
+# qhasm:   d0 top = 0x43300000
+# asm 1: movl  $0x43300000,>d0=stack64#1
+# asm 2: movl  $0x43300000,>d0=100(%esp)
+movl  $0x43300000,100(%esp)
+
+# qhasm:   d1 top = 0x45300000
+# asm 1: movl  $0x45300000,>d1=stack64#2
+# asm 2: movl  $0x45300000,>d1=108(%esp)
+movl  $0x45300000,108(%esp)
+
+# qhasm:   d2 top = 0x47300000
+# asm 1: movl  $0x47300000,>d2=stack64#3
+# asm 2: movl  $0x47300000,>d2=116(%esp)
+movl  $0x47300000,116(%esp)
+
+# qhasm:   d3 top = 0x49300000
+# asm 1: movl  $0x49300000,>d3=stack64#4
+# asm 2: movl  $0x49300000,>d3=124(%esp)
+movl  $0x49300000,124(%esp)
+
+# qhasm:   m0 &= 0x0fffffff
+# asm 1: and  $0x0fffffff,<m0=int32#2
+# asm 2: and  $0x0fffffff,<m0=%ecx
+and  $0x0fffffff,%ecx
+
+# qhasm:   m1 &= 0x0ffffffc
+# asm 1: and  $0x0ffffffc,<m1=int32#4
+# asm 2: and  $0x0ffffffc,<m1=%ebx
+and  $0x0ffffffc,%ebx
+
+# qhasm:   m2 &= 0x0ffffffc
+# asm 1: and  $0x0ffffffc,<m2=int32#5
+# asm 2: and  $0x0ffffffc,<m2=%esi
+and  $0x0ffffffc,%esi
+
+# qhasm:   m3 &= 0x0ffffffc
+# asm 1: and  $0x0ffffffc,<m3=int32#6
+# asm 2: and  $0x0ffffffc,<m3=%edi
+and  $0x0ffffffc,%edi
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int32#2,<d0=stack64#1
+# asm 2: movl <m0=%ecx,<d0=96(%esp)
+movl %ecx,96(%esp)
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int32#4,<d1=stack64#2
+# asm 2: movl <m1=%ebx,<d1=104(%esp)
+movl %ebx,104(%esp)
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int32#5,<d2=stack64#3
+# asm 2: movl <m2=%esi,<d2=112(%esp)
+movl %esi,112(%esp)
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int32#6,<d3=stack64#4
+# asm 2: movl <m3=%edi,<d3=120(%esp)
+movl %edi,120(%esp)
+
+# qhasm:   a0 = *(float64 *) &d0
+# asm 1: fldl <d0=stack64#1
+# asm 2: fldl <d0=96(%esp)
+fldl 96(%esp)
+# comment:fpstackfrombottom:<a0#24:
+
+# qhasm:   a0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0
+fsubl crypto_onetimeauth_poly1305_x86_doffset0
+# comment:fpstackfrombottom:<a0#24:
+
+# qhasm:   a1 = *(float64 *) &d1
+# asm 1: fldl <d1=stack64#2
+# asm 2: fldl <d1=104(%esp)
+fldl 104(%esp)
+# comment:fpstackfrombottom:<a0#24:<a1#25:
+
+# qhasm:   a1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1
+fsubl crypto_onetimeauth_poly1305_x86_doffset1
+# comment:fpstackfrombottom:<a0#24:<a1#25:
+
+# qhasm:   a2 = *(float64 *) &d2
+# asm 1: fldl <d2=stack64#3
+# asm 2: fldl <d2=112(%esp)
+fldl 112(%esp)
+# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26:
+
+# qhasm:   a2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2
+fsubl crypto_onetimeauth_poly1305_x86_doffset2
+# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26:
+
+# qhasm:   a3 = *(float64 *) &d3
+# asm 1: fldl <d3=stack64#4
+# asm 2: fldl <d3=120(%esp)
+fldl 120(%esp)
+# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26:<a3#27:
+
+# qhasm:   a3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3
+fsubl crypto_onetimeauth_poly1305_x86_doffset3
+# comment:fpstackfrombottom:<a0#24:<a1#25:<a2#26:<a3#27:
+
+# qhasm: internal stacktop a0
+# asm 1: fxch <a0=float80#4
+# asm 2: fxch <a0=%st(3)
+fxch %st(3)
+
+# qhasm:   *(float64 *) &r0 = a0
+# asm 1: fstpl >r0=stack64#5
+# asm 2: fstpl >r0=128(%esp)
+fstpl 128(%esp)
+# comment:fpstackfrombottom:<a3#27:<a1#25:<a2#26:
+
+# qhasm: internal stacktop a1
+# asm 1: fxch <a1=float80#2
+# asm 2: fxch <a1=%st(1)
+fxch %st(1)
+
+# qhasm:   *(float64 *) &r1 = a1
+# asm 1: fstl >r1=stack64#6
+# asm 2: fstl >r1=136(%esp)
+fstl 136(%esp)
+# comment:fpstackfrombottom:<a3#27:<a2#26:<a1#25:
+
+# qhasm:   a1 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<a3#27:<a2#26:<a1#25:
+
+# qhasm:   *(float64 *) &sr1 = a1
+# asm 1: fstpl >sr1=stack64#7
+# asm 2: fstpl >sr1=144(%esp)
+fstpl 144(%esp)
+# comment:fpstackfrombottom:<a3#27:<a2#26:
+
+# qhasm:   *(float64 *) &r2 = a2
+# asm 1: fstl >r2=stack64#8
+# asm 2: fstl >r2=152(%esp)
+fstl 152(%esp)
+# comment:fpstackfrombottom:<a3#27:<a2#26:
+
+# qhasm:   a2 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<a3#27:<a2#26:
+
+# qhasm:   *(float64 *) &sr2 = a2
+# asm 1: fstpl >sr2=stack64#9
+# asm 2: fstpl >sr2=160(%esp)
+fstpl 160(%esp)
+# comment:fpstackfrombottom:<a3#27:
+
+# qhasm:   *(float64 *) &r3 = a3
+# asm 1: fstl >r3=stack64#10
+# asm 2: fstl >r3=168(%esp)
+fstl 168(%esp)
+# comment:fpstackfrombottom:<a3#27:
+
+# qhasm:   a3 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<a3#27:
+
+# qhasm:   *(float64 *) &sr3 = a3
+# asm 1: fstpl >sr3=stack64#11
+# asm 2: fstpl >sr3=176(%esp)
+fstpl 176(%esp)
+# comment:fpstackfrombottom:
+
+# qhasm:   out = arg_out
+# asm 1: movl <arg_out=stack32#-1,>out=int32#4
+# asm 2: movl <arg_out=4(%esp,%eax),>out=%ebx
+movl 4(%esp,%eax),%ebx
+
+# qhasm:   m = arg_m
+# asm 1: movl <arg_m=stack32#-2,>m=int32#5
+# asm 2: movl <arg_m=8(%esp,%eax),>m=%esi
+movl 8(%esp,%eax),%esi
+
+# qhasm:   l = arg_l
+# asm 1: movl <arg_l=stack32#-3,>l=int32#2
+# asm 2: movl <arg_l=12(%esp,%eax),>l=%ecx
+movl 12(%esp,%eax),%ecx
+
+# qhasm:   h3 = 0
+fldz
+# comment:fpstackfrombottom:<h3#38:
+
+# qhasm:   h2 = 0
+fldz
+# comment:fpstackfrombottom:<h3#38:<h2#39:
+
+# qhasm:   h1 = 0
+fldz
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h0 = 0
+fldz
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   k_stack = k
+# asm 1: movl <k=int32#3,>k_stack=stack32#6
+# asm 2: movl <k=%edx,>k_stack=20(%esp)
+movl %edx,20(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   out_stack = out
+# asm 1: movl <out=int32#4,>out_stack=stack32#7
+# asm 2: movl <out=%ebx,>out_stack=24(%esp)
+movl %ebx,24(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:                          unsigned<? l - 16
+# asm 1: cmp  $16,<l=int32#2
+# asm 2: cmp  $16,<l=%ecx
+cmp  $16,%ecx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: goto addatmost15bytes if unsigned<
+jb ._addatmost15bytes
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: initialatleast16bytes:
+._initialatleast16bytes:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m3 = *(uint32 *) (m + 12)
+# asm 1: movl 12(<m=int32#5),>m3=int32#1
+# asm 2: movl 12(<m=%esi),>m3=%eax
+movl 12(%esi),%eax
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m2 = *(uint32 *) (m + 8)
+# asm 1: movl 8(<m=int32#5),>m2=int32#3
+# asm 2: movl 8(<m=%esi),>m2=%edx
+movl 8(%esi),%edx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m1 = *(uint32 *) (m + 4)
+# asm 1: movl 4(<m=int32#5),>m1=int32#4
+# asm 2: movl 4(<m=%esi),>m1=%ebx
+movl 4(%esi),%ebx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m0 = *(uint32 *) (m + 0)
+# asm 1: movl 0(<m=int32#5),>m0=int32#6
+# asm 2: movl 0(<m=%esi),>m0=%edi
+movl 0(%esi),%edi
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int32#1,<d3=stack64#4
+# asm 2: movl <m3=%eax,<d3=120(%esp)
+movl %eax,120(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int32#3,<d2=stack64#3
+# asm 2: movl <m2=%edx,<d2=112(%esp)
+movl %edx,112(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int32#4,<d1=stack64#2
+# asm 2: movl <m1=%ebx,<d1=104(%esp)
+movl %ebx,104(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int32#6,<d0=stack64#1
+# asm 2: movl <m0=%edi,<d0=96(%esp)
+movl %edi,96(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m += 16
+# asm 1: add  $16,<m=int32#5
+# asm 2: add  $16,<m=%esi
+add  $16,%esi
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   l -= 16
+# asm 1: sub  $16,<l=int32#2
+# asm 2: sub  $16,<l=%ecx
+sub  $16,%ecx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   h3 += *(float64 *) &d3
+# asm 1: faddl <d3=stack64#4
+# asm 2: faddl <d3=120(%esp)
+faddl 120(%esp)
+# comment:fpstackfrombottom:<h0#41:<h2#39:<h1#40:<h3#38:
+
+# qhasm:   h3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3minustwo128
+fsubl crypto_onetimeauth_poly1305_x86_doffset3minustwo128
+# comment:fpstackfrombottom:<h0#41:<h2#39:<h1#40:<h3#38:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#2
+# asm 2: fxch <h1=%st(1)
+fxch %st(1)
+
+# qhasm:   h1 += *(float64 *) &d1
+# asm 1: faddl <d1=stack64#2
+# asm 2: faddl <d1=104(%esp)
+faddl 104(%esp)
+# comment:fpstackfrombottom:<h0#41:<h2#39:<h3#38:<h1#40:
+
+# qhasm:   h1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1
+fsubl crypto_onetimeauth_poly1305_x86_doffset1
+# comment:fpstackfrombottom:<h0#41:<h2#39:<h3#38:<h1#40:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#3
+# asm 2: fxch <h2=%st(2)
+fxch %st(2)
+
+# qhasm:   h2 += *(float64 *) &d2
+# asm 1: faddl <d2=stack64#3
+# asm 2: faddl <d2=112(%esp)
+faddl 112(%esp)
+# comment:fpstackfrombottom:<h0#41:<h1#40:<h3#38:<h2#39:
+
+# qhasm:   h2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2
+fsubl crypto_onetimeauth_poly1305_x86_doffset2
+# comment:fpstackfrombottom:<h0#41:<h1#40:<h3#38:<h2#39:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#4
+# asm 2: fxch <h0=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += *(float64 *) &d0
+# asm 1: faddl <d0=stack64#1
+# asm 2: faddl <d0=96(%esp)
+faddl 96(%esp)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   h0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0
+fsubl crypto_onetimeauth_poly1305_x86_doffset0
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:                                  unsigned<? l - 16
+# asm 1: cmp  $16,<l=int32#2
+# asm 2: cmp  $16,<l=%ecx
+cmp  $16,%ecx
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm: goto multiplyaddatmost15bytes if unsigned<
+jb ._multiplyaddatmost15bytes
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm: multiplyaddatleast16bytes:
+._multiplyaddatleast16bytes:
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   m3 = *(uint32 *) (m + 12)
+# asm 1: movl 12(<m=int32#5),>m3=int32#1
+# asm 2: movl 12(<m=%esi),>m3=%eax
+movl 12(%esi),%eax
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   m2 = *(uint32 *) (m + 8)
+# asm 1: movl 8(<m=int32#5),>m2=int32#3
+# asm 2: movl 8(<m=%esi),>m2=%edx
+movl 8(%esi),%edx
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   m1 = *(uint32 *) (m + 4)
+# asm 1: movl 4(<m=int32#5),>m1=int32#4
+# asm 2: movl 4(<m=%esi),>m1=%ebx
+movl 4(%esi),%ebx
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   m0 = *(uint32 *) (m + 0)
+# asm 1: movl 0(<m=int32#5),>m0=int32#6
+# asm 2: movl 0(<m=%esi),>m0=%edi
+movl 0(%esi),%edi
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int32#1,<d3=stack64#4
+# asm 2: movl <m3=%eax,<d3=120(%esp)
+movl %eax,120(%esp)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int32#3,<d2=stack64#3
+# asm 2: movl <m2=%edx,<d2=112(%esp)
+movl %edx,112(%esp)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int32#4,<d1=stack64#2
+# asm 2: movl <m1=%ebx,<d1=104(%esp)
+movl %ebx,104(%esp)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int32#6,<d0=stack64#1
+# asm 2: movl <m0=%edi,<d0=96(%esp)
+movl %edi,96(%esp)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   m += 16
+# asm 1: add  $16,<m=int32#5
+# asm 2: add  $16,<m=%esi
+add  $16,%esi
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   l -= 16
+# asm 1: sub  $16,<l=int32#2
+# asm 2: sub  $16,<l=%ecx
+sub  $16,%ecx
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fldl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#3,<x0=float80#1
+# asm 2: fadd <h3=%st(2),<x0=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fsubl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#3
+# asm 2: fsubr <x0=%st(0),<h3=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fldl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fsubl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#54:<x1#55:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#3
+# asm 2: fxch <h0=%st(2)
+fxch %st(2)
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#2
+# asm 2: faddp <h0=%st(0),<x0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fldl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#5,<x2=float80#1
+# asm 2: fadd <h1=%st(4),<x2=%st(0)
+fadd %st(4),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fsubl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#5
+# asm 2: fsubr <x2=%st(0),<h1=%st(4)
+fsubr %st(0),%st(4)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fldl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#7,<x3=float80#1
+# asm 2: fadd <h2=%st(6),<x3=%st(0)
+fadd %st(6),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fsubl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57:
+
+# qhasm:   h2 -= x3
+# asm 1: fsubr <x3=float80#1,<h2=float80#7
+# asm 2: fsubr <x3=%st(0),<h2=%st(6)
+fsubr %st(0),%st(6)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:<x3#57:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#7
+# asm 2: fxch <h2=%st(6)
+fxch %st(6)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#2
+# asm 2: faddp <h2=%st(0),<x2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#57:<h1#40:<h3#38:<x1#55:<x0#54:<x2#56:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#6
+# asm 2: faddp <h3=%st(0),<x3=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#57:<h1#40:<x2#56:<x1#55:<x0#54:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#4
+# asm 2: fxch <h1=%st(3)
+fxch %st(3)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:
+
+# qhasm:   h3 = *(float64 *) &r3
+# asm 1: fldl <r3=stack64#10
+# asm 2: fldl <r3=168(%esp)
+fldl 168(%esp)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:
+
+# qhasm:   h3 *= x0
+# asm 1: fmul <x0=float80#4,<h3=float80#1
+# asm 2: fmul <x0=%st(3),<h3=%st(0)
+fmul %st(3),%st(0)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:
+
+# qhasm:   h2 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#8
+# asm 2: fldl <r2=152(%esp)
+fldl 152(%esp)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:
+
+# qhasm:   h2 *= x0
+# asm 1: fmul <x0=float80#5,<h2=float80#1
+# asm 2: fmul <x0=%st(4),<h2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:
+
+# qhasm:   h1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h1 *= x0
+# asm 1: fmul <x0=float80#6,<h1=float80#1
+# asm 2: fmul <x0=%st(5),<h1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h0 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#57:<x0#54:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   h0 *= x0
+# asm 1: fmulp <x0=float80#1,<h0=float80#7
+# asm 2: fmulp <x0=%st(0),<h0=%st(6)
+fmulp %st(0),%st(6)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r2x1 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#8
+# asm 2: fldl <r2=152(%esp)
+fldl 152(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r2x1#58:
+
+# qhasm:   r2x1 *= x1
+# asm 1: fmul <x1=float80#5,<r2x1=float80#1
+# asm 2: fmul <x1=%st(4),<r2x1=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r2x1#58:
+
+# qhasm:   h3 += r2x1
+# asm 1: faddp <r2x1=float80#1,<h3=float80#4
+# asm 2: faddp <r2x1=%st(0),<h3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r1x1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r1x1#59:
+
+# qhasm:   r1x1 *= x1
+# asm 1: fmul <x1=float80#5,<r1x1=float80#1
+# asm 2: fmul <x1=%st(4),<r1x1=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r1x1#59:
+
+# qhasm:   h2 += r1x1
+# asm 1: faddp <r1x1=float80#1,<h2=float80#3
+# asm 2: faddp <r1x1=%st(0),<h2=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r0x1 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r0x1#60:
+
+# qhasm:   r0x1 *= x1
+# asm 1: fmul <x1=float80#5,<r0x1=float80#1
+# asm 2: fmul <x1=%st(4),<r0x1=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<r0x1#60:
+
+# qhasm:   h1 += r0x1
+# asm 1: faddp <r0x1=float80#1,<h1=float80#2
+# asm 2: faddp <r0x1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   sr3x1 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<x1#55:<h3#38:<h2#39:<h1#40:<sr3x1#61:
+
+# qhasm:   sr3x1 *= x1
+# asm 1: fmulp <x1=float80#1,<sr3x1=float80#5
+# asm 2: fmulp <x1=%st(0),<sr3x1=%st(4)
+fmulp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<sr3x1#61:<h3#38:<h2#39:<h1#40:
+
+# qhasm: internal stacktop sr3x1
+# asm 1: fxch <sr3x1=float80#4
+# asm 2: fxch <sr3x1=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += sr3x1
+# asm 1: faddp <sr3x1=float80#1,<h0=float80#6
+# asm 2: faddp <sr3x1=%st(0),<h0=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:
+
+# qhasm:   r1x2 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r1x2#62:
+
+# qhasm:   r1x2 *= x2
+# asm 1: fmul <x2=float80#5,<r1x2=float80#1
+# asm 2: fmul <x2=%st(4),<r1x2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r1x2#62:
+
+# qhasm:   h3 += r1x2
+# asm 1: faddp <r1x2=float80#1,<h3=float80#3
+# asm 2: faddp <r1x2=%st(0),<h3=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:
+
+# qhasm:   r0x2 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r0x2#63:
+
+# qhasm:   r0x2 *= x2
+# asm 1: fmul <x2=float80#5,<r0x2=float80#1
+# asm 2: fmul <x2=%st(4),<r0x2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<r0x2#63:
+
+# qhasm:   h2 += r0x2
+# asm 1: faddp <r0x2=float80#1,<h2=float80#2
+# asm 2: faddp <r0x2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:
+
+# qhasm:   sr3x2 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<sr3x2#64:
+
+# qhasm:   sr3x2 *= x2
+# asm 1: fmul <x2=float80#5,<sr3x2=float80#1
+# asm 2: fmul <x2=%st(4),<sr3x2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<sr3x2#64:
+
+# qhasm:   h1 += sr3x2
+# asm 1: faddp <sr3x2=float80#1,<h1=float80#4
+# asm 2: faddp <sr3x2=%st(0),<h1=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:
+
+# qhasm:   sr2x2 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#9
+# asm 2: fldl <sr2=160(%esp)
+fldl 160(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<x2#56:<h1#40:<h3#38:<h2#39:<sr2x2#65:
+
+# qhasm:   sr2x2 *= x2
+# asm 1: fmulp <x2=float80#1,<sr2x2=float80#5
+# asm 2: fmulp <x2=%st(0),<sr2x2=%st(4)
+fmulp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<sr2x2#65:<h1#40:<h3#38:<h2#39:
+
+# qhasm: internal stacktop sr2x2
+# asm 1: fxch <sr2x2=float80#4
+# asm 2: fxch <sr2x2=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += sr2x2
+# asm 1: faddp <sr2x2=float80#1,<h0=float80#5
+# asm 2: faddp <sr2x2=%st(0),<h0=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38:
+
+# qhasm:   r0x3 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38:<r0x3#66:
+
+# qhasm:   r0x3 *= x3
+# asm 1: fmul <x3=float80#6,<r0x3=float80#1
+# asm 2: fmul <x3=%st(5),<r0x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38:<r0x3#66:
+
+# qhasm:   h3 += r0x3
+# asm 1: faddp <r0x3=float80#1,<h3=float80#2
+# asm 2: faddp <r0x3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#57:<h0#41:<h2#39:<h1#40:<h3#38:
+
+# qhasm:   stacktop h0
+# asm 1: fxch <h0=float80#4
+# asm 2: fxch <h0=%st(3)
+fxch %st(3)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   sr3x3 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41:<sr3x3#67:
+
+# qhasm:   sr3x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr3x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr3x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41:<sr3x3#67:
+
+# qhasm:   h2 += sr3x3
+# asm 1: faddp <sr3x3=float80#1,<h2=float80#4
+# asm 2: faddp <sr3x3=%st(0),<h2=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   stacktop h1
+# asm 1: fxch <h1=float80#2
+# asm 2: fxch <h1=%st(1)
+fxch %st(1)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:
+
+# qhasm:   sr2x3 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#9
+# asm 2: fldl <sr2=160(%esp)
+fldl 160(%esp)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:<sr2x3#68:
+
+# qhasm:   sr2x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr2x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr2x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:<sr2x3#68:
+
+# qhasm:   h1 += sr2x3
+# asm 1: faddp <sr2x3=float80#1,<h1=float80#2
+# asm 2: faddp <sr2x3=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:
+
+# qhasm:   sr1x3 = *(float64 *) &sr1
+# asm 1: fldl <sr1=stack64#7
+# asm 2: fldl <sr1=144(%esp)
+fldl 144(%esp)
+# comment:fpstackfrombottom:<x3#57:<h3#38:<h2#39:<h0#41:<h1#40:<sr1x3#69:
+
+# qhasm:   sr1x3 *= x3
+# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6
+# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<sr1x3#69:<h3#38:<h2#39:<h0#41:<h1#40:
+
+# qhasm: internal stacktop sr1x3
+# asm 1: fxch <sr1x3=float80#5
+# asm 2: fxch <sr1x3=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr1x3
+# asm 1: faddp <sr1x3=float80#1,<h0=float80#2
+# asm 2: faddp <sr1x3=%st(0),<h0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:
+
+# qhasm:                                    unsigned<? l - 16
+# asm 1: cmp  $16,<l=int32#2
+# asm 2: cmp  $16,<l=%ecx
+cmp  $16,%ecx
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:
+
+# qhasm:   stacktop h3
+# asm 1: fxch <h3=float80#3
+# asm 2: fxch <h3=%st(2)
+fxch %st(2)
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38:
+
+# qhasm:   y3 = *(float64 *) &d3
+# asm 1: fldl <d3=stack64#4
+# asm 2: fldl <d3=120(%esp)
+fldl 120(%esp)
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38:<y3#71:
+
+# qhasm:   y3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3minustwo128
+fsubl crypto_onetimeauth_poly1305_x86_doffset3minustwo128
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38:<y3#71:
+
+# qhasm:   h3 += y3
+# asm 1: faddp <y3=float80#1,<h3=float80#2
+# asm 2: faddp <y3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h2#39:<h3#38:
+
+# qhasm:   stacktop h2
+# asm 1: fxch <h2=float80#2
+# asm 2: fxch <h2=%st(1)
+fxch %st(1)
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm:   y2 = *(float64 *) &d2
+# asm 1: fldl <d2=stack64#3
+# asm 2: fldl <d2=112(%esp)
+fldl 112(%esp)
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39:<y2#72:
+
+# qhasm:   y2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2
+fsubl crypto_onetimeauth_poly1305_x86_doffset2
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39:<y2#72:
+
+# qhasm:   h2 += y2
+# asm 1: faddp <y2=float80#1,<h2=float80#2
+# asm 2: faddp <y2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm:   stacktop h1
+# asm 1: fxch <h1=float80#4
+# asm 2: fxch <h1=%st(3)
+fxch %st(3)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40:
+
+# qhasm:   y1 = *(float64 *) &d1
+# asm 1: fldl <d1=stack64#2
+# asm 2: fldl <d1=104(%esp)
+fldl 104(%esp)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40:<y1#73:
+
+# qhasm:   y1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1
+fsubl crypto_onetimeauth_poly1305_x86_doffset1
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40:<y1#73:
+
+# qhasm:   h1 += y1
+# asm 1: faddp <y1=float80#1,<h1=float80#2
+# asm 2: faddp <y1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h3#38:<h1#40:
+
+# qhasm:   stacktop h0
+# asm 1: fxch <h0=float80#3
+# asm 2: fxch <h0=%st(2)
+fxch %st(2)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   y0 = *(float64 *) &d0
+# asm 1: fldl <d0=stack64#1
+# asm 2: fldl <d0=96(%esp)
+fldl 96(%esp)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<y0#74:
+
+# qhasm:   y0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0
+fsubl crypto_onetimeauth_poly1305_x86_doffset0
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<y0#74:
+
+# qhasm:   h0 += y0
+# asm 1: faddp <y0=float80#1,<h0=float80#2
+# asm 2: faddp <y0=%st(0),<h0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm: goto multiplyaddatleast16bytes if !unsigned<
+jae ._multiplyaddatleast16bytes
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+# comment:fp stack unchanged by fallthrough
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm: multiplyaddatmost15bytes:
+._multiplyaddatmost15bytes:
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fldl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#3,<x0=float80#1
+# asm 2: fadd <h3=%st(2),<x0=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fsubl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#3
+# asm 2: fsubr <x0=%st(0),<h3=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fldl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fsubl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fldl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#6,<x2=float80#1
+# asm 2: fadd <h1=%st(5),<x2=%st(0)
+fadd %st(5),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fsubl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#6
+# asm 2: fsubr <x2=%st(0),<h1=%st(5)
+fsubr %st(0),%st(5)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fldl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#8,<x3=float80#1
+# asm 2: fadd <h2=%st(7),<x3=%st(0)
+fadd %st(7),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fsubl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78:
+
+# qhasm:   h2 -= x3
+# asm 1: fsubr <x3=float80#1,<h2=float80#8
+# asm 2: fsubr <x3=%st(0),<h2=%st(7)
+fsubr %st(0),%st(7)
+# comment:fpstackfrombottom:<h2#39:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:<x3#78:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#8
+# asm 2: fxch <h2=%st(7)
+fxch %st(7)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#2
+# asm 2: faddp <h2=%st(0),<x2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#78:<h1#40:<h3#38:<h0#41:<x0#75:<x1#76:<x2#77:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#6
+# asm 2: fxch <h1=%st(5)
+fxch %st(5)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h3#38:<h0#41:<x0#75:<x1#76:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#6
+# asm 2: faddp <h3=%st(0),<x3=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<x0#75:
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#2
+# asm 2: faddp <h0=%st(0),<x0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:
+
+# qhasm:   h3 = *(float64 *) &r3
+# asm 1: fldl <r3=stack64#10
+# asm 2: fldl <r3=168(%esp)
+fldl 168(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:
+
+# qhasm:   h3 *= x0
+# asm 1: fmul <x0=float80#2,<h3=float80#1
+# asm 2: fmul <x0=%st(1),<h3=%st(0)
+fmul %st(1),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:
+
+# qhasm:   h2 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#8
+# asm 2: fldl <r2=152(%esp)
+fldl 152(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:
+
+# qhasm:   h2 *= x0
+# asm 1: fmul <x0=float80#3,<h2=float80#1
+# asm 2: fmul <x0=%st(2),<h2=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:
+
+# qhasm:   h1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h1 *= x0
+# asm 1: fmul <x0=float80#4,<h1=float80#1
+# asm 2: fmul <x0=%st(3),<h1=%st(0)
+fmul %st(3),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h0 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<x0#75:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   h0 *= x0
+# asm 1: fmulp <x0=float80#1,<h0=float80#5
+# asm 2: fmulp <x0=%st(0),<h0=%st(4)
+fmulp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r2x1 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#8
+# asm 2: fldl <r2=152(%esp)
+fldl 152(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r2x1#79:
+
+# qhasm:   r2x1 *= x1
+# asm 1: fmul <x1=float80#6,<r2x1=float80#1
+# asm 2: fmul <x1=%st(5),<r2x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r2x1#79:
+
+# qhasm:   h3 += r2x1
+# asm 1: faddp <r2x1=float80#1,<h3=float80#4
+# asm 2: faddp <r2x1=%st(0),<h3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r1x1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r1x1#80:
+
+# qhasm:   r1x1 *= x1
+# asm 1: fmul <x1=float80#6,<r1x1=float80#1
+# asm 2: fmul <x1=%st(5),<r1x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r1x1#80:
+
+# qhasm:   h2 += r1x1
+# asm 1: faddp <r1x1=float80#1,<h2=float80#3
+# asm 2: faddp <r1x1=%st(0),<h2=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r0x1 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r0x1#81:
+
+# qhasm:   r0x1 *= x1
+# asm 1: fmul <x1=float80#6,<r0x1=float80#1
+# asm 2: fmul <x1=%st(5),<r0x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<r0x1#81:
+
+# qhasm:   h1 += r0x1
+# asm 1: faddp <r0x1=float80#1,<h1=float80#2
+# asm 2: faddp <r0x1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   sr3x1 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<x1#76:<h0#41:<h3#38:<h2#39:<h1#40:<sr3x1#82:
+
+# qhasm:   sr3x1 *= x1
+# asm 1: fmulp <x1=float80#1,<sr3x1=float80#6
+# asm 2: fmulp <x1=%st(0),<sr3x1=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<sr3x1#82:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm: internal stacktop sr3x1
+# asm 1: fxch <sr3x1=float80#5
+# asm 2: fxch <sr3x1=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr3x1
+# asm 1: faddp <sr3x1=float80#1,<h0=float80#4
+# asm 2: faddp <sr3x1=%st(0),<h0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm:   r1x2 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<r1x2#83:
+
+# qhasm:   r1x2 *= x2
+# asm 1: fmul <x2=float80#6,<r1x2=float80#1
+# asm 2: fmul <x2=%st(5),<r1x2=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<r1x2#83:
+
+# qhasm:   h3 += r1x2
+# asm 1: faddp <r1x2=float80#1,<h3=float80#3
+# asm 2: faddp <r1x2=%st(0),<h3=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm:   r0x2 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<r0x2#84:
+
+# qhasm:   r0x2 *= x2
+# asm 1: fmul <x2=float80#6,<r0x2=float80#1
+# asm 2: fmul <x2=%st(5),<r0x2=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<r0x2#84:
+
+# qhasm:   h2 += r0x2
+# asm 1: faddp <r0x2=float80#1,<h2=float80#2
+# asm 2: faddp <r0x2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm:   sr3x2 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<sr3x2#85:
+
+# qhasm:   sr3x2 *= x2
+# asm 1: fmul <x2=float80#6,<sr3x2=float80#1
+# asm 2: fmul <x2=%st(5),<sr3x2=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<sr3x2#85:
+
+# qhasm:   h1 += sr3x2
+# asm 1: faddp <sr3x2=float80#1,<h1=float80#5
+# asm 2: faddp <sr3x2=%st(0),<h1=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm:   sr2x2 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#9
+# asm 2: fldl <sr2=160(%esp)
+fldl 160(%esp)
+# comment:fpstackfrombottom:<x3#78:<x2#77:<h1#40:<h0#41:<h3#38:<h2#39:<sr2x2#86:
+
+# qhasm:   sr2x2 *= x2
+# asm 1: fmulp <x2=float80#1,<sr2x2=float80#6
+# asm 2: fmulp <x2=%st(0),<sr2x2=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<x3#78:<sr2x2#86:<h1#40:<h0#41:<h3#38:<h2#39:
+
+# qhasm: internal stacktop sr2x2
+# asm 1: fxch <sr2x2=float80#5
+# asm 2: fxch <sr2x2=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr2x2
+# asm 1: faddp <sr2x2=float80#1,<h0=float80#3
+# asm 2: faddp <sr2x2=%st(0),<h0=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:
+
+# qhasm:   r0x3 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<r0x3#87:
+
+# qhasm:   r0x3 *= x3
+# asm 1: fmul <x3=float80#6,<r0x3=float80#1
+# asm 2: fmul <x3=%st(5),<r0x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<r0x3#87:
+
+# qhasm:   h3 += r0x3
+# asm 1: faddp <r0x3=float80#1,<h3=float80#2
+# asm 2: faddp <r0x3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:
+
+# qhasm:   sr3x3 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<sr3x3#88:
+
+# qhasm:   sr3x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr3x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr3x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<sr3x3#88:
+
+# qhasm:   h2 += sr3x3
+# asm 1: faddp <sr3x3=float80#1,<h2=float80#5
+# asm 2: faddp <sr3x3=%st(0),<h2=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:
+
+# qhasm:   sr2x3 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#9
+# asm 2: fldl <sr2=160(%esp)
+fldl 160(%esp)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<sr2x3#89:
+
+# qhasm:   sr2x3 *= x3
+# asm 1: fmul <x3=float80#6,<sr2x3=float80#1
+# asm 2: fmul <x3=%st(5),<sr2x3=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<sr2x3#89:
+
+# qhasm:   h1 += sr2x3
+# asm 1: faddp <sr2x3=float80#1,<h1=float80#4
+# asm 2: faddp <sr2x3=%st(0),<h1=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:
+
+# qhasm:   sr1x3 = *(float64 *) &sr1
+# asm 1: fldl <sr1=stack64#7
+# asm 2: fldl <sr1=144(%esp)
+fldl 144(%esp)
+# comment:fpstackfrombottom:<x3#78:<h2#39:<h1#40:<h0#41:<h3#38:<sr1x3#90:
+
+# qhasm:   sr1x3 *= x3
+# asm 1: fmulp <x3=float80#1,<sr1x3=float80#6
+# asm 2: fmulp <x3=%st(0),<sr1x3=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<sr1x3#90:<h2#39:<h1#40:<h0#41:<h3#38:
+
+# qhasm: internal stacktop sr1x3
+# asm 1: fxch <sr1x3=float80#5
+# asm 2: fxch <sr1x3=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr1x3
+# asm 1: faddp <sr1x3=float80#1,<h0=float80#2
+# asm 2: faddp <sr1x3=%st(0),<h0=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fp stack unchanged by fallthrough
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: addatmost15bytes:
+._addatmost15bytes:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:                     =? l - 0
+# asm 1: cmp  $0,<l=int32#2
+# asm 2: cmp  $0,<l=%ecx
+cmp  $0,%ecx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fp stack unchanged by jump
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: goto nomorebytes if =
+je ._nomorebytes
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: stack128 lastchunk
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: int32 destination
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   ((uint32 *)&lastchunk)[0] = 0
+# asm 1: movl $0,>lastchunk=stack128#1
+# asm 2: movl $0,>lastchunk=64(%esp)
+movl $0,64(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   ((uint32 *)&lastchunk)[1] = 0
+# asm 1: movl $0,4+<lastchunk=stack128#1
+# asm 2: movl $0,4+<lastchunk=64(%esp)
+movl $0,4+64(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   ((uint32 *)&lastchunk)[2] = 0
+# asm 1: movl $0,8+<lastchunk=stack128#1
+# asm 2: movl $0,8+<lastchunk=64(%esp)
+movl $0,8+64(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   ((uint32 *)&lastchunk)[3] = 0
+# asm 1: movl $0,12+<lastchunk=stack128#1
+# asm 2: movl $0,12+<lastchunk=64(%esp)
+movl $0,12+64(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   destination = &lastchunk
+# asm 1: leal <lastchunk=stack128#1,>destination=int32#6
+# asm 2: leal <lastchunk=64(%esp),>destination=%edi
+leal 64(%esp),%edi
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   while (l) { *destination++ = *m++; --l }
+rep movsb
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   *(uint8 *) (destination + 0) = 1
+# asm 1: movb $1,0(<destination=int32#6)
+# asm 2: movb $1,0(<destination=%edi)
+movb $1,0(%edi)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m3 = ((uint32 *)&lastchunk)[3]
+# asm 1: movl 12+<lastchunk=stack128#1,>m3=int32#1
+# asm 2: movl 12+<lastchunk=64(%esp),>m3=%eax
+movl 12+64(%esp),%eax
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m2 = ((uint32 *)&lastchunk)[2]
+# asm 1: movl 8+<lastchunk=stack128#1,>m2=int32#2
+# asm 2: movl 8+<lastchunk=64(%esp),>m2=%ecx
+movl 8+64(%esp),%ecx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m1 = ((uint32 *)&lastchunk)[1]
+# asm 1: movl 4+<lastchunk=stack128#1,>m1=int32#3
+# asm 2: movl 4+<lastchunk=64(%esp),>m1=%edx
+movl 4+64(%esp),%edx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   m0 = ((uint32 *)&lastchunk)[0]
+# asm 1: movl <lastchunk=stack128#1,>m0=int32#4
+# asm 2: movl <lastchunk=64(%esp),>m0=%ebx
+movl 64(%esp),%ebx
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d3 bottom = m3
+# asm 1: movl <m3=int32#1,<d3=stack64#4
+# asm 2: movl <m3=%eax,<d3=120(%esp)
+movl %eax,120(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d2 bottom = m2
+# asm 1: movl <m2=int32#2,<d2=stack64#3
+# asm 2: movl <m2=%ecx,<d2=112(%esp)
+movl %ecx,112(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d1 bottom = m1
+# asm 1: movl <m1=int32#3,<d1=stack64#2
+# asm 2: movl <m1=%edx,<d1=104(%esp)
+movl %edx,104(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   inplace d0 bottom = m0
+# asm 1: movl <m0=int32#4,<d0=stack64#1
+# asm 2: movl <m0=%ebx,<d0=96(%esp)
+movl %ebx,96(%esp)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   h3 += *(float64 *) &d3
+# asm 1: faddl <d3=stack64#4
+# asm 2: faddl <d3=120(%esp)
+faddl 120(%esp)
+# comment:fpstackfrombottom:<h0#41:<h2#39:<h1#40:<h3#38:
+
+# qhasm:   h3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset3
+fsubl crypto_onetimeauth_poly1305_x86_doffset3
+# comment:fpstackfrombottom:<h0#41:<h2#39:<h1#40:<h3#38:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#3
+# asm 2: fxch <h2=%st(2)
+fxch %st(2)
+
+# qhasm:   h2 += *(float64 *) &d2
+# asm 1: faddl <d2=stack64#3
+# asm 2: faddl <d2=112(%esp)
+faddl 112(%esp)
+# comment:fpstackfrombottom:<h0#41:<h3#38:<h1#40:<h2#39:
+
+# qhasm:   h2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset2
+fsubl crypto_onetimeauth_poly1305_x86_doffset2
+# comment:fpstackfrombottom:<h0#41:<h3#38:<h1#40:<h2#39:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#2
+# asm 2: fxch <h1=%st(1)
+fxch %st(1)
+
+# qhasm:   h1 += *(float64 *) &d1
+# asm 1: faddl <d1=stack64#2
+# asm 2: faddl <d1=104(%esp)
+faddl 104(%esp)
+# comment:fpstackfrombottom:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset1
+fsubl crypto_onetimeauth_poly1305_x86_doffset1
+# comment:fpstackfrombottom:<h0#41:<h3#38:<h2#39:<h1#40:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#4
+# asm 2: fxch <h0=%st(3)
+fxch %st(3)
+
+# qhasm:   h0 += *(float64 *) &d0
+# asm 1: faddl <d0=stack64#1
+# asm 2: faddl <d0=96(%esp)
+faddl 96(%esp)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:
+
+# qhasm:   h0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_doffset0
+fsubl crypto_onetimeauth_poly1305_x86_doffset0
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fldl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#4,<x0=float80#1
+# asm 2: fadd <h3=%st(3),<x0=%st(0)
+fadd %st(3),%st(0)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fsubl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#4
+# asm 2: fsubr <x0=%st(0),<h3=%st(3)
+fsubr %st(0),%st(3)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fldl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fsubl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fldl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#7,<x2=float80#1
+# asm 2: fadd <h1=%st(6),<x2=%st(0)
+fadd %st(6),%st(0)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fsubl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#7
+# asm 2: fsubr <x2=%st(0),<h1=%st(6)
+fsubr %st(0),%st(6)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fldl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#6,<x3=float80#1
+# asm 2: fadd <h2=%st(5),<x3=%st(0)
+fadd %st(5),%st(0)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fsubl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm:   h2 -= x3
+# asm 1: fsubr <x3=float80#1,<h2=float80#6
+# asm 2: fsubr <x3=%st(0),<h2=%st(5)
+fsubr %st(0),%st(5)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<h0#41:<x0#98:<x1#99:<x2#100:<x3#101:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#5
+# asm 2: fxch <h0=%st(4)
+fxch %st(4)
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#4
+# asm 2: faddp <h0=%st(0),<x0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h1#40:<h3#38:<h2#39:<x3#101:<x0#98:<x1#99:<x2#100:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#7
+# asm 2: fxch <h1=%st(6)
+fxch %st(6)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<h3#38:<h2#39:<x3#101:<x0#98:<x1#99:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#4
+# asm 2: fxch <h2=%st(3)
+fxch %st(3)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#6
+# asm 2: faddp <h2=%st(0),<x2=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x2#100:<h3#38:<x1#99:<x3#101:<x0#98:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#4
+# asm 2: fxch <h3=%st(3)
+fxch %st(3)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#2
+# asm 2: faddp <h3=%st(0),<x3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:
+
+# qhasm:   h3 = *(float64 *) &r3
+# asm 1: fldl <r3=stack64#10
+# asm 2: fldl <r3=168(%esp)
+fldl 168(%esp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:
+
+# qhasm:   h3 *= x0
+# asm 1: fmul <x0=float80#4,<h3=float80#1
+# asm 2: fmul <x0=%st(3),<h3=%st(0)
+fmul %st(3),%st(0)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:
+
+# qhasm:   h2 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#8
+# asm 2: fldl <r2=152(%esp)
+fldl 152(%esp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:<h2#39:
+
+# qhasm:   h2 *= x0
+# asm 1: fmul <x0=float80#5,<h2=float80#1
+# asm 2: fmul <x0=%st(4),<h2=%st(0)
+fmul %st(4),%st(0)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:<h2#39:
+
+# qhasm:   h1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h1 *= x0
+# asm 1: fmul <x0=float80#6,<h1=float80#1
+# asm 2: fmul <x0=%st(5),<h1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   h0 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x2#100:<x0#98:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   h0 *= x0
+# asm 1: fmulp <x0=float80#1,<h0=float80#7
+# asm 2: fmulp <x0=%st(0),<h0=%st(6)
+fmulp %st(0),%st(6)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r2x1 = *(float64 *) &r2
+# asm 1: fldl <r2=stack64#8
+# asm 2: fldl <r2=152(%esp)
+fldl 152(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<r2x1#102:
+
+# qhasm:   r2x1 *= x1
+# asm 1: fmul <x1=float80#6,<r2x1=float80#1
+# asm 2: fmul <x1=%st(5),<r2x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<r2x1#102:
+
+# qhasm:   h3 += r2x1
+# asm 1: faddp <r2x1=float80#1,<h3=float80#4
+# asm 2: faddp <r2x1=%st(0),<h3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r1x1 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<r1x1#103:
+
+# qhasm:   r1x1 *= x1
+# asm 1: fmul <x1=float80#6,<r1x1=float80#1
+# asm 2: fmul <x1=%st(5),<r1x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<r1x1#103:
+
+# qhasm:   h2 += r1x1
+# asm 1: faddp <r1x1=float80#1,<h2=float80#3
+# asm 2: faddp <r1x1=%st(0),<h2=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   r0x1 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<r0x1#104:
+
+# qhasm:   r0x1 *= x1
+# asm 1: fmul <x1=float80#6,<r0x1=float80#1
+# asm 2: fmul <x1=%st(5),<r0x1=%st(0)
+fmul %st(5),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<r0x1#104:
+
+# qhasm:   h1 += r0x1
+# asm 1: faddp <r0x1=float80#1,<h1=float80#2
+# asm 2: faddp <r0x1=%st(0),<h1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm:   sr3x1 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<x1#99:<x3#101:<h3#38:<h2#39:<h1#40:<sr3x1#105:
+
+# qhasm:   sr3x1 *= x1
+# asm 1: fmulp <x1=float80#1,<sr3x1=float80#6
+# asm 2: fmulp <x1=%st(0),<sr3x1=%st(5)
+fmulp %st(0),%st(5)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<sr3x1#105:<x3#101:<h3#38:<h2#39:<h1#40:
+
+# qhasm: internal stacktop sr3x1
+# asm 1: fxch <sr3x1=float80#5
+# asm 2: fxch <sr3x1=%st(4)
+fxch %st(4)
+
+# qhasm:   h0 += sr3x1
+# asm 1: faddp <sr3x1=float80#1,<h0=float80#6
+# asm 2: faddp <sr3x1=%st(0),<h0=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:
+
+# qhasm:   r1x2 = *(float64 *) &r1
+# asm 1: fldl <r1=stack64#6
+# asm 2: fldl <r1=136(%esp)
+fldl 136(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<r1x2#106:
+
+# qhasm:   r1x2 *= x2
+# asm 1: fmul <x2=float80#7,<r1x2=float80#1
+# asm 2: fmul <x2=%st(6),<r1x2=%st(0)
+fmul %st(6),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<r1x2#106:
+
+# qhasm:   h3 += r1x2
+# asm 1: faddp <r1x2=float80#1,<h3=float80#3
+# asm 2: faddp <r1x2=%st(0),<h3=%st(2)
+faddp %st(0),%st(2)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:
+
+# qhasm:   r0x2 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<r0x2#107:
+
+# qhasm:   r0x2 *= x2
+# asm 1: fmul <x2=float80#7,<r0x2=float80#1
+# asm 2: fmul <x2=%st(6),<r0x2=%st(0)
+fmul %st(6),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<r0x2#107:
+
+# qhasm:   h2 += r0x2
+# asm 1: faddp <r0x2=float80#1,<h2=float80#2
+# asm 2: faddp <r0x2=%st(0),<h2=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:
+
+# qhasm:   sr3x2 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<sr3x2#108:
+
+# qhasm:   sr3x2 *= x2
+# asm 1: fmul <x2=float80#7,<sr3x2=float80#1
+# asm 2: fmul <x2=%st(6),<sr3x2=%st(0)
+fmul %st(6),%st(0)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<sr3x2#108:
+
+# qhasm:   h1 += sr3x2
+# asm 1: faddp <sr3x2=float80#1,<h1=float80#5
+# asm 2: faddp <sr3x2=%st(0),<h1=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:
+
+# qhasm:   sr2x2 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#9
+# asm 2: fldl <sr2=160(%esp)
+fldl 160(%esp)
+# comment:fpstackfrombottom:<x2#100:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:<sr2x2#109:
+
+# qhasm:   sr2x2 *= x2
+# asm 1: fmulp <x2=float80#1,<sr2x2=float80#7
+# asm 2: fmulp <x2=%st(0),<sr2x2=%st(6)
+fmulp %st(0),%st(6)
+# comment:fpstackfrombottom:<sr2x2#109:<h0#41:<h1#40:<x3#101:<h3#38:<h2#39:
+
+# qhasm: internal stacktop sr2x2
+# asm 1: fxch <sr2x2=float80#6
+# asm 2: fxch <sr2x2=%st(5)
+fxch %st(5)
+
+# qhasm:   h0 += sr2x2
+# asm 1: faddp <sr2x2=float80#1,<h0=float80#5
+# asm 2: faddp <sr2x2=%st(0),<h0=%st(4)
+faddp %st(0),%st(4)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:
+
+# qhasm:   r0x3 = *(float64 *) &r0
+# asm 1: fldl <r0=stack64#5
+# asm 2: fldl <r0=128(%esp)
+fldl 128(%esp)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<r0x3#110:
+
+# qhasm:   r0x3 *= x3
+# asm 1: fmul <x3=float80#3,<r0x3=float80#1
+# asm 2: fmul <x3=%st(2),<r0x3=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<r0x3#110:
+
+# qhasm:   h3 += r0x3
+# asm 1: faddp <r0x3=float80#1,<h3=float80#2
+# asm 2: faddp <r0x3=%st(0),<h3=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:
+
+# qhasm:   sr3x3 = *(float64 *) &sr3
+# asm 1: fldl <sr3=stack64#11
+# asm 2: fldl <sr3=176(%esp)
+fldl 176(%esp)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<sr3x3#111:
+
+# qhasm:   sr3x3 *= x3
+# asm 1: fmul <x3=float80#3,<sr3x3=float80#1
+# asm 2: fmul <x3=%st(2),<sr3x3=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<sr3x3#111:
+
+# qhasm:   h2 += sr3x3
+# asm 1: faddp <sr3x3=float80#1,<h2=float80#6
+# asm 2: faddp <sr3x3=%st(0),<h2=%st(5)
+faddp %st(0),%st(5)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:
+
+# qhasm:   sr2x3 = *(float64 *) &sr2
+# asm 1: fldl <sr2=stack64#9
+# asm 2: fldl <sr2=160(%esp)
+fldl 160(%esp)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<sr2x3#112:
+
+# qhasm:   sr2x3 *= x3
+# asm 1: fmul <x3=float80#3,<sr2x3=float80#1
+# asm 2: fmul <x3=%st(2),<sr2x3=%st(0)
+fmul %st(2),%st(0)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<sr2x3#112:
+
+# qhasm:   h1 += sr2x3
+# asm 1: faddp <sr2x3=float80#1,<h1=float80#4
+# asm 2: faddp <sr2x3=%st(0),<h1=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:
+
+# qhasm:   sr1x3 = *(float64 *) &sr1
+# asm 1: fldl <sr1=stack64#7
+# asm 2: fldl <sr1=144(%esp)
+fldl 144(%esp)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<x3#101:<h3#38:<sr1x3#113:
+
+# qhasm:   sr1x3 *= x3
+# asm 1: fmulp <x3=float80#1,<sr1x3=float80#3
+# asm 2: fmulp <x3=%st(0),<sr1x3=%st(2)
+fmulp %st(0),%st(2)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<sr1x3#113:<h3#38:
+
+# qhasm: internal stacktop sr1x3
+# asm 1: fxch <sr1x3=float80#2
+# asm 2: fxch <sr1x3=%st(1)
+fxch %st(1)
+
+# qhasm:   h0 += sr1x3
+# asm 1: faddp <sr1x3=float80#1,<h0=float80#4
+# asm 2: faddp <sr1x3=%st(0),<h0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h2#39:<h0#41:<h1#40:<h3#38:
+# comment:automatically reorganizing fp stack for fallthrough
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#4
+# asm 2: fxch <h2=%st(3)
+fxch %st(3)
+# comment:fpstackfrombottom:<h3#38:<h0#41:<h1#40:<h2#39:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#3
+# asm 2: fxch <h0=%st(2)
+fxch %st(2)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm: nomorebytes:
+._nomorebytes:
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:
+
+# qhasm:   x0 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fldl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:
+
+# qhasm:   x0 += h3
+# asm 1: fadd <h3=float80#5,<x0=float80#1
+# asm 2: fadd <h3=%st(4),<x0=%st(0)
+fadd %st(4),%st(0)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:
+
+# qhasm:   x0 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha130
+fsubl crypto_onetimeauth_poly1305_x86_alpha130
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:
+
+# qhasm:   h3 -= x0
+# asm 1: fsubr <x0=float80#1,<h3=float80#5
+# asm 2: fsubr <x0=%st(0),<h3=%st(4)
+fsubr %st(0),%st(4)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:
+
+# qhasm:   x0 *= *(float64 *) &crypto_onetimeauth_poly1305_x86_scale
+fmull crypto_onetimeauth_poly1305_x86_scale
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:
+
+# qhasm:   x1 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fldl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:
+
+# qhasm:   x1 += h0
+# asm 1: fadd <h0=float80#3,<x1=float80#1
+# asm 2: fadd <h0=%st(2),<x1=%st(0)
+fadd %st(2),%st(0)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:
+
+# qhasm:   x1 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha32
+fsubl crypto_onetimeauth_poly1305_x86_alpha32
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:
+
+# qhasm:   h0 -= x1
+# asm 1: fsubr <x1=float80#1,<h0=float80#3
+# asm 2: fsubr <x1=%st(0),<h0=%st(2)
+fsubr %st(0),%st(2)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:
+
+# qhasm:   x2 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fldl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   x2 += h1
+# asm 1: fadd <h1=float80#5,<x2=float80#1
+# asm 2: fadd <h1=%st(4),<x2=%st(0)
+fadd %st(4),%st(0)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   x2 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha64
+fsubl crypto_onetimeauth_poly1305_x86_alpha64
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   h1 -= x2
+# asm 1: fsubr <x2=float80#1,<h1=float80#5
+# asm 2: fsubr <x2=%st(0),<h1=%st(4)
+fsubr %st(0),%st(4)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:
+
+# qhasm:   x3 = *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fldl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:<x3#117:
+
+# qhasm:   x3 += h2
+# asm 1: fadd <h2=float80#7,<x3=float80#1
+# asm 2: fadd <h2=%st(6),<x3=%st(0)
+fadd %st(6),%st(0)
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:<x3#117:
+
+# qhasm:   x3 -= *(float64 *) &crypto_onetimeauth_poly1305_x86_alpha96
+fsubl crypto_onetimeauth_poly1305_x86_alpha96
+# comment:fpstackfrombottom:<h3#38:<h2#39:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:<x3#117:
+
+# qhasm:   stacktop h2
+# asm 1: fxch <h2=float80#7
+# asm 2: fxch <h2=%st(6)
+fxch %st(6)
+# comment:fpstackfrombottom:<h3#38:<x3#117:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:<h2#39:
+
+# qhasm:   h2 -= x3
+# asm 1: fsub <x3=float80#7,<h2=float80#1
+# asm 2: fsub <x3=%st(6),<h2=%st(0)
+fsub %st(6),%st(0)
+# comment:fpstackfrombottom:<h3#38:<x3#117:<h1#40:<h0#41:<x0#114:<x1#115:<x2#116:<h2#39:
+
+# qhasm: internal stacktop h0
+# asm 1: fxch <h0=float80#5
+# asm 2: fxch <h0=%st(4)
+fxch %st(4)
+
+# qhasm:   x0 += h0
+# asm 1: faddp <h0=float80#1,<x0=float80#4
+# asm 2: faddp <h0=%st(0),<x0=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h3#38:<x3#117:<h1#40:<h2#39:<x0#114:<x1#115:<x2#116:
+
+# qhasm: internal stacktop h1
+# asm 1: fxch <h1=float80#5
+# asm 2: fxch <h1=%st(4)
+fxch %st(4)
+
+# qhasm:   x1 += h1
+# asm 1: faddp <h1=float80#1,<x1=float80#2
+# asm 2: faddp <h1=%st(0),<x1=%st(1)
+faddp %st(0),%st(1)
+# comment:fpstackfrombottom:<h3#38:<x3#117:<x2#116:<h2#39:<x0#114:<x1#115:
+
+# qhasm: internal stacktop h2
+# asm 1: fxch <h2=float80#3
+# asm 2: fxch <h2=%st(2)
+fxch %st(2)
+
+# qhasm:   x2 += h2
+# asm 1: faddp <h2=float80#1,<x2=float80#4
+# asm 2: faddp <h2=%st(0),<x2=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<h3#38:<x3#117:<x2#116:<x1#115:<x0#114:
+
+# qhasm: internal stacktop h3
+# asm 1: fxch <h3=float80#5
+# asm 2: fxch <h3=%st(4)
+fxch %st(4)
+
+# qhasm:   x3 += h3
+# asm 1: faddp <h3=float80#1,<x3=float80#4
+# asm 2: faddp <h3=%st(0),<x3=%st(3)
+faddp %st(0),%st(3)
+# comment:fpstackfrombottom:<x0#114:<x3#117:<x2#116:<x1#115:
+
+# qhasm: internal stacktop x0
+# asm 1: fxch <x0=float80#4
+# asm 2: fxch <x0=%st(3)
+fxch %st(3)
+
+# qhasm:   x0 += *(float64 *) &crypto_onetimeauth_poly1305_x86_hoffset0
+faddl crypto_onetimeauth_poly1305_x86_hoffset0
+# comment:fpstackfrombottom:<x1#115:<x3#117:<x2#116:<x0#114:
+
+# qhasm: internal stacktop x1
+# asm 1: fxch <x1=float80#4
+# asm 2: fxch <x1=%st(3)
+fxch %st(3)
+
+# qhasm:   x1 += *(float64 *) &crypto_onetimeauth_poly1305_x86_hoffset1
+faddl crypto_onetimeauth_poly1305_x86_hoffset1
+# comment:fpstackfrombottom:<x0#114:<x3#117:<x2#116:<x1#115:
+
+# qhasm: internal stacktop x2
+# asm 1: fxch <x2=float80#2
+# asm 2: fxch <x2=%st(1)
+fxch %st(1)
+
+# qhasm:   x2 += *(float64 *) &crypto_onetimeauth_poly1305_x86_hoffset2
+faddl crypto_onetimeauth_poly1305_x86_hoffset2
+# comment:fpstackfrombottom:<x0#114:<x3#117:<x1#115:<x2#116:
+
+# qhasm: internal stacktop x3
+# asm 1: fxch <x3=float80#3
+# asm 2: fxch <x3=%st(2)
+fxch %st(2)
+
+# qhasm:   x3 += *(float64 *) &crypto_onetimeauth_poly1305_x86_hoffset3
+faddl crypto_onetimeauth_poly1305_x86_hoffset3
+# comment:fpstackfrombottom:<x0#114:<x2#116:<x1#115:<x3#117:
+
+# qhasm: internal stacktop x0
+# asm 1: fxch <x0=float80#4
+# asm 2: fxch <x0=%st(3)
+fxch %st(3)
+
+# qhasm:   *(float64 *) &d0 = x0
+# asm 1: fstpl >d0=stack64#1
+# asm 2: fstpl >d0=96(%esp)
+fstpl 96(%esp)
+# comment:fpstackfrombottom:<x3#117:<x2#116:<x1#115:
+
+# qhasm:   *(float64 *) &d1 = x1
+# asm 1: fstpl >d1=stack64#2
+# asm 2: fstpl >d1=104(%esp)
+fstpl 104(%esp)
+# comment:fpstackfrombottom:<x3#117:<x2#116:
+
+# qhasm:   *(float64 *) &d2 = x2
+# asm 1: fstpl >d2=stack64#3
+# asm 2: fstpl >d2=112(%esp)
+fstpl 112(%esp)
+# comment:fpstackfrombottom:<x3#117:
+
+# qhasm:   *(float64 *) &d3 = x3
+# asm 1: fstpl >d3=stack64#4
+# asm 2: fstpl >d3=120(%esp)
+fstpl 120(%esp)
+# comment:fpstackfrombottom:
+
+# qhasm: int32 f0
+
+# qhasm: int32 f1
+
+# qhasm: int32 f2
+
+# qhasm: int32 f3
+
+# qhasm: int32 f4
+
+# qhasm: int32 g0
+
+# qhasm: int32 g1
+
+# qhasm: int32 g2
+
+# qhasm: int32 g3
+
+# qhasm: int32 f
+
+# qhasm: int32 notf
+
+# qhasm: stack32 f1_stack
+
+# qhasm: stack32 f2_stack
+
+# qhasm: stack32 f3_stack
+
+# qhasm: stack32 f4_stack
+
+# qhasm: stack32 g0_stack
+
+# qhasm: stack32 g1_stack
+
+# qhasm: stack32 g2_stack
+
+# qhasm: stack32 g3_stack
+
+# qhasm:   g0 = top d0
+# asm 1: movl <d0=stack64#1,>g0=int32#1
+# asm 2: movl <d0=100(%esp),>g0=%eax
+movl 100(%esp),%eax
+
+# qhasm:   g0 &= 63
+# asm 1: and  $63,<g0=int32#1
+# asm 2: and  $63,<g0=%eax
+and  $63,%eax
+
+# qhasm:   g1 = top d1
+# asm 1: movl <d1=stack64#2,>g1=int32#2
+# asm 2: movl <d1=108(%esp),>g1=%ecx
+movl 108(%esp),%ecx
+
+# qhasm:   g1 &= 63
+# asm 1: and  $63,<g1=int32#2
+# asm 2: and  $63,<g1=%ecx
+and  $63,%ecx
+
+# qhasm:   g2 = top d2
+# asm 1: movl <d2=stack64#3,>g2=int32#3
+# asm 2: movl <d2=116(%esp),>g2=%edx
+movl 116(%esp),%edx
+
+# qhasm:   g2 &= 63
+# asm 1: and  $63,<g2=int32#3
+# asm 2: and  $63,<g2=%edx
+and  $63,%edx
+
+# qhasm:   g3 = top d3
+# asm 1: movl <d3=stack64#4,>g3=int32#4
+# asm 2: movl <d3=124(%esp),>g3=%ebx
+movl 124(%esp),%ebx
+
+# qhasm:   g3 &= 63
+# asm 1: and  $63,<g3=int32#4
+# asm 2: and  $63,<g3=%ebx
+and  $63,%ebx
+
+# qhasm:   f1 = bottom d1
+# asm 1: movl <d1=stack64#2,>f1=int32#5
+# asm 2: movl <d1=104(%esp),>f1=%esi
+movl 104(%esp),%esi
+
+# qhasm:   carry? f1 += g0
+# asm 1: addl <g0=int32#1,<f1=int32#5
+# asm 2: addl <g0=%eax,<f1=%esi
+addl %eax,%esi
+
+# qhasm:   f1_stack = f1
+# asm 1: movl <f1=int32#5,>f1_stack=stack32#8
+# asm 2: movl <f1=%esi,>f1_stack=28(%esp)
+movl %esi,28(%esp)
+
+# qhasm:   f2 = bottom d2
+# asm 1: movl <d2=stack64#3,>f2=int32#1
+# asm 2: movl <d2=112(%esp),>f2=%eax
+movl 112(%esp),%eax
+
+# qhasm:   carry? f2 += g1 + carry
+# asm 1: adcl <g1=int32#2,<f2=int32#1
+# asm 2: adcl <g1=%ecx,<f2=%eax
+adcl %ecx,%eax
+
+# qhasm:   f2_stack = f2
+# asm 1: movl <f2=int32#1,>f2_stack=stack32#9
+# asm 2: movl <f2=%eax,>f2_stack=32(%esp)
+movl %eax,32(%esp)
+
+# qhasm:   f3 = bottom d3
+# asm 1: movl <d3=stack64#4,>f3=int32#1
+# asm 2: movl <d3=120(%esp),>f3=%eax
+movl 120(%esp),%eax
+
+# qhasm:   carry? f3 += g2 + carry
+# asm 1: adcl <g2=int32#3,<f3=int32#1
+# asm 2: adcl <g2=%edx,<f3=%eax
+adcl %edx,%eax
+
+# qhasm:   f3_stack = f3
+# asm 1: movl <f3=int32#1,>f3_stack=stack32#10
+# asm 2: movl <f3=%eax,>f3_stack=36(%esp)
+movl %eax,36(%esp)
+
+# qhasm:   f4 = 0
+# asm 1: mov  $0,>f4=int32#1
+# asm 2: mov  $0,>f4=%eax
+mov  $0,%eax
+
+# qhasm:   carry? f4 += g3 + carry
+# asm 1: adcl <g3=int32#4,<f4=int32#1
+# asm 2: adcl <g3=%ebx,<f4=%eax
+adcl %ebx,%eax
+
+# qhasm:   f4_stack = f4
+# asm 1: movl <f4=int32#1,>f4_stack=stack32#11
+# asm 2: movl <f4=%eax,>f4_stack=40(%esp)
+movl %eax,40(%esp)
+
+# qhasm:   g0 = 5
+# asm 1: mov  $5,>g0=int32#1
+# asm 2: mov  $5,>g0=%eax
+mov  $5,%eax
+
+# qhasm:   f0 = bottom d0
+# asm 1: movl <d0=stack64#1,>f0=int32#2
+# asm 2: movl <d0=96(%esp),>f0=%ecx
+movl 96(%esp),%ecx
+
+# qhasm:   carry? g0 += f0
+# asm 1: addl <f0=int32#2,<g0=int32#1
+# asm 2: addl <f0=%ecx,<g0=%eax
+addl %ecx,%eax
+
+# qhasm:   g0_stack = g0
+# asm 1: movl <g0=int32#1,>g0_stack=stack32#12
+# asm 2: movl <g0=%eax,>g0_stack=44(%esp)
+movl %eax,44(%esp)
+
+# qhasm:   g1 = 0
+# asm 1: mov  $0,>g1=int32#1
+# asm 2: mov  $0,>g1=%eax
+mov  $0,%eax
+
+# qhasm:   f1 = f1_stack
+# asm 1: movl <f1_stack=stack32#8,>f1=int32#3
+# asm 2: movl <f1_stack=28(%esp),>f1=%edx
+movl 28(%esp),%edx
+
+# qhasm:   carry? g1 += f1 + carry
+# asm 1: adcl <f1=int32#3,<g1=int32#1
+# asm 2: adcl <f1=%edx,<g1=%eax
+adcl %edx,%eax
+
+# qhasm:   g1_stack = g1
+# asm 1: movl <g1=int32#1,>g1_stack=stack32#8
+# asm 2: movl <g1=%eax,>g1_stack=28(%esp)
+movl %eax,28(%esp)
+
+# qhasm:   g2 = 0
+# asm 1: mov  $0,>g2=int32#1
+# asm 2: mov  $0,>g2=%eax
+mov  $0,%eax
+
+# qhasm:   f2 = f2_stack
+# asm 1: movl <f2_stack=stack32#9,>f2=int32#4
+# asm 2: movl <f2_stack=32(%esp),>f2=%ebx
+movl 32(%esp),%ebx
+
+# qhasm:   carry? g2 += f2 + carry
+# asm 1: adcl <f2=int32#4,<g2=int32#1
+# asm 2: adcl <f2=%ebx,<g2=%eax
+adcl %ebx,%eax
+
+# qhasm:   g2_stack = g2
+# asm 1: movl <g2=int32#1,>g2_stack=stack32#9
+# asm 2: movl <g2=%eax,>g2_stack=32(%esp)
+movl %eax,32(%esp)
+
+# qhasm:   g3 = 0
+# asm 1: mov  $0,>g3=int32#1
+# asm 2: mov  $0,>g3=%eax
+mov  $0,%eax
+
+# qhasm:   f3 = f3_stack
+# asm 1: movl <f3_stack=stack32#10,>f3=int32#5
+# asm 2: movl <f3_stack=36(%esp),>f3=%esi
+movl 36(%esp),%esi
+
+# qhasm:   carry? g3 += f3 + carry
+# asm 1: adcl <f3=int32#5,<g3=int32#1
+# asm 2: adcl <f3=%esi,<g3=%eax
+adcl %esi,%eax
+
+# qhasm:   g3_stack = g3
+# asm 1: movl <g3=int32#1,>g3_stack=stack32#10
+# asm 2: movl <g3=%eax,>g3_stack=36(%esp)
+movl %eax,36(%esp)
+
+# qhasm:   f = 0xfffffffc
+# asm 1: mov  $0xfffffffc,>f=int32#1
+# asm 2: mov  $0xfffffffc,>f=%eax
+mov  $0xfffffffc,%eax
+
+# qhasm:   f4 = f4_stack
+# asm 1: movl <f4_stack=stack32#11,>f4=int32#6
+# asm 2: movl <f4_stack=40(%esp),>f4=%edi
+movl 40(%esp),%edi
+
+# qhasm:   carry? f += f4 + carry
+# asm 1: adcl <f4=int32#6,<f=int32#1
+# asm 2: adcl <f4=%edi,<f=%eax
+adcl %edi,%eax
+
+# qhasm:   (int32) f >>= 16
+# asm 1: sar  $16,<f=int32#1
+# asm 2: sar  $16,<f=%eax
+sar  $16,%eax
+
+# qhasm:   notf = f
+# asm 1: mov  <f=int32#1,>notf=int32#6
+# asm 2: mov  <f=%eax,>notf=%edi
+mov  %eax,%edi
+
+# qhasm:   notf ^= 0xffffffff
+# asm 1: xor  $0xffffffff,<notf=int32#6
+# asm 2: xor  $0xffffffff,<notf=%edi
+xor  $0xffffffff,%edi
+
+# qhasm:   f0 &= f
+# asm 1: andl <f=int32#1,<f0=int32#2
+# asm 2: andl <f=%eax,<f0=%ecx
+andl %eax,%ecx
+
+# qhasm:   g0 = g0_stack
+# asm 1: movl <g0_stack=stack32#12,>g0=int32#7
+# asm 2: movl <g0_stack=44(%esp),>g0=%ebp
+movl 44(%esp),%ebp
+
+# qhasm:   g0 &= notf
+# asm 1: andl <notf=int32#6,<g0=int32#7
+# asm 2: andl <notf=%edi,<g0=%ebp
+andl %edi,%ebp
+
+# qhasm:   f0 |= g0
+# asm 1: orl  <g0=int32#7,<f0=int32#2
+# asm 2: orl  <g0=%ebp,<f0=%ecx
+orl  %ebp,%ecx
+
+# qhasm:   f1 &= f
+# asm 1: andl <f=int32#1,<f1=int32#3
+# asm 2: andl <f=%eax,<f1=%edx
+andl %eax,%edx
+
+# qhasm:   g1 = g1_stack
+# asm 1: movl <g1_stack=stack32#8,>g1=int32#7
+# asm 2: movl <g1_stack=28(%esp),>g1=%ebp
+movl 28(%esp),%ebp
+
+# qhasm:   g1 &= notf
+# asm 1: andl <notf=int32#6,<g1=int32#7
+# asm 2: andl <notf=%edi,<g1=%ebp
+andl %edi,%ebp
+
+# qhasm:   f1 |= g1
+# asm 1: orl  <g1=int32#7,<f1=int32#3
+# asm 2: orl  <g1=%ebp,<f1=%edx
+orl  %ebp,%edx
+
+# qhasm:   f2 &= f
+# asm 1: andl <f=int32#1,<f2=int32#4
+# asm 2: andl <f=%eax,<f2=%ebx
+andl %eax,%ebx
+
+# qhasm:   g2 = g2_stack
+# asm 1: movl <g2_stack=stack32#9,>g2=int32#7
+# asm 2: movl <g2_stack=32(%esp),>g2=%ebp
+movl 32(%esp),%ebp
+
+# qhasm:   g2 &= notf
+# asm 1: andl <notf=int32#6,<g2=int32#7
+# asm 2: andl <notf=%edi,<g2=%ebp
+andl %edi,%ebp
+
+# qhasm:   f2 |= g2
+# asm 1: orl  <g2=int32#7,<f2=int32#4
+# asm 2: orl  <g2=%ebp,<f2=%ebx
+orl  %ebp,%ebx
+
+# qhasm:   f3 &= f
+# asm 1: andl <f=int32#1,<f3=int32#5
+# asm 2: andl <f=%eax,<f3=%esi
+andl %eax,%esi
+
+# qhasm:   g3 = g3_stack
+# asm 1: movl <g3_stack=stack32#10,>g3=int32#1
+# asm 2: movl <g3_stack=36(%esp),>g3=%eax
+movl 36(%esp),%eax
+
+# qhasm:   g3 &= notf
+# asm 1: andl <notf=int32#6,<g3=int32#1
+# asm 2: andl <notf=%edi,<g3=%eax
+andl %edi,%eax
+
+# qhasm:   f3 |= g3
+# asm 1: orl  <g3=int32#1,<f3=int32#5
+# asm 2: orl  <g3=%eax,<f3=%esi
+orl  %eax,%esi
+
+# qhasm:   k = k_stack
+# asm 1: movl <k_stack=stack32#6,>k=int32#1
+# asm 2: movl <k_stack=20(%esp),>k=%eax
+movl 20(%esp),%eax
+
+# qhasm:   carry? f0 += *(uint32 *) (k + 16)
+# asm 1: addl 16(<k=int32#1),<f0=int32#2
+# asm 2: addl 16(<k=%eax),<f0=%ecx
+addl 16(%eax),%ecx
+
+# qhasm:   carry? f1 += *(uint32 *) (k + 20) + carry
+# asm 1: adcl 20(<k=int32#1),<f1=int32#3
+# asm 2: adcl 20(<k=%eax),<f1=%edx
+adcl 20(%eax),%edx
+
+# qhasm:   carry? f2 += *(uint32 *) (k + 24) + carry
+# asm 1: adcl 24(<k=int32#1),<f2=int32#4
+# asm 2: adcl 24(<k=%eax),<f2=%ebx
+adcl 24(%eax),%ebx
+
+# qhasm:   carry? f3 += *(uint32 *) (k + 28) + carry
+# asm 1: adcl 28(<k=int32#1),<f3=int32#5
+# asm 2: adcl 28(<k=%eax),<f3=%esi
+adcl 28(%eax),%esi
+
+# qhasm:   out = out_stack
+# asm 1: movl <out_stack=stack32#7,>out=int32#1
+# asm 2: movl <out_stack=24(%esp),>out=%eax
+movl 24(%esp),%eax
+
+# qhasm:   *(uint32 *) (out + 0) = f0
+# asm 1: movl <f0=int32#2,0(<out=int32#1)
+# asm 2: movl <f0=%ecx,0(<out=%eax)
+movl %ecx,0(%eax)
+
+# qhasm:   *(uint32 *) (out + 4) = f1
+# asm 1: movl <f1=int32#3,4(<out=int32#1)
+# asm 2: movl <f1=%edx,4(<out=%eax)
+movl %edx,4(%eax)
+
+# qhasm:   *(uint32 *) (out + 8) = f2
+# asm 1: movl <f2=int32#4,8(<out=int32#1)
+# asm 2: movl <f2=%ebx,8(<out=%eax)
+movl %ebx,8(%eax)
+
+# qhasm:   *(uint32 *) (out + 12) = f3
+# asm 1: movl <f3=int32#5,12(<out=int32#1)
+# asm 2: movl <f3=%esi,12(<out=%eax)
+movl %esi,12(%eax)
+
+# qhasm: eax = eax_stack
+# asm 1: movl <eax_stack=stack32#1,>eax=int32#1
+# asm 2: movl <eax_stack=0(%esp),>eax=%eax
+movl 0(%esp),%eax
+
+# qhasm: ebx = ebx_stack
+# asm 1: movl <ebx_stack=stack32#2,>ebx=int32#4
+# asm 2: movl <ebx_stack=4(%esp),>ebx=%ebx
+movl 4(%esp),%ebx
+
+# qhasm: esi = esi_stack
+# asm 1: movl <esi_stack=stack32#3,>esi=int32#5
+# asm 2: movl <esi_stack=8(%esp),>esi=%esi
+movl 8(%esp),%esi
+
+# qhasm: edi = edi_stack
+# asm 1: movl <edi_stack=stack32#4,>edi=int32#6
+# asm 2: movl <edi_stack=12(%esp),>edi=%edi
+movl 12(%esp),%edi
+
+# qhasm: ebp = ebp_stack
+# asm 1: movl <ebp_stack=stack32#5,>ebp=int32#7
+# asm 2: movl <ebp_stack=16(%esp),>ebp=%ebp
+movl 16(%esp),%ebp
+
+# qhasm: leave
+add %eax,%esp
+xor %eax,%eax
+ret
diff --git a/nacl/crypto_onetimeauth/poly1305/x86/constants.s b/nacl/crypto_onetimeauth/poly1305/x86/constants.s
new file mode 100644
index 00000000..ab2456c3
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/x86/constants.s
@@ -0,0 +1,85 @@
+# version 20080912
+# D. J. Bernstein
+# Public domain.
+
+.data
+.section .rodata
+.p2align 5
+
+.globl _crypto_onetimeauth_poly1305_x86_constants
+.globl crypto_onetimeauth_poly1305_x86_constants
+.globl crypto_onetimeauth_poly1305_x86_scale
+.globl crypto_onetimeauth_poly1305_x86_two32
+.globl crypto_onetimeauth_poly1305_x86_two64
+.globl crypto_onetimeauth_poly1305_x86_two96
+.globl crypto_onetimeauth_poly1305_x86_alpha32
+.globl crypto_onetimeauth_poly1305_x86_alpha64
+.globl crypto_onetimeauth_poly1305_x86_alpha96
+.globl crypto_onetimeauth_poly1305_x86_alpha130
+.globl crypto_onetimeauth_poly1305_x86_doffset0
+.globl crypto_onetimeauth_poly1305_x86_doffset1
+.globl crypto_onetimeauth_poly1305_x86_doffset2
+.globl crypto_onetimeauth_poly1305_x86_doffset3
+.globl crypto_onetimeauth_poly1305_x86_doffset3minustwo128
+.globl crypto_onetimeauth_poly1305_x86_hoffset0
+.globl crypto_onetimeauth_poly1305_x86_hoffset1
+.globl crypto_onetimeauth_poly1305_x86_hoffset2
+.globl crypto_onetimeauth_poly1305_x86_hoffset3
+.globl crypto_onetimeauth_poly1305_x86_rounding
+
+_crypto_onetimeauth_poly1305_x86_constants:
+crypto_onetimeauth_poly1305_x86_constants:
+crypto_onetimeauth_poly1305_x86_scale:
+.long 0x0,0x37f40000
+
+crypto_onetimeauth_poly1305_x86_two32:
+.long 0x0,0x41f00000
+
+crypto_onetimeauth_poly1305_x86_two64:
+.long 0x0,0x43f00000
+
+crypto_onetimeauth_poly1305_x86_two96:
+.long 0x0,0x45f00000
+
+crypto_onetimeauth_poly1305_x86_alpha32:
+.long 0x0,0x45e80000
+
+crypto_onetimeauth_poly1305_x86_alpha64:
+.long 0x0,0x47e80000
+
+crypto_onetimeauth_poly1305_x86_alpha96:
+.long 0x0,0x49e80000
+
+crypto_onetimeauth_poly1305_x86_alpha130:
+.long 0x0,0x4c080000
+
+crypto_onetimeauth_poly1305_x86_doffset0:
+.long 0x0,0x43300000
+
+crypto_onetimeauth_poly1305_x86_doffset1:
+.long 0x0,0x45300000
+
+crypto_onetimeauth_poly1305_x86_doffset2:
+.long 0x0,0x47300000
+
+crypto_onetimeauth_poly1305_x86_doffset3:
+.long 0x0,0x49300000
+
+crypto_onetimeauth_poly1305_x86_doffset3minustwo128:
+.long 0x0,0x492ffffe
+
+crypto_onetimeauth_poly1305_x86_hoffset0:
+.long 0xfffffffb,0x43300001
+
+crypto_onetimeauth_poly1305_x86_hoffset1:
+.long 0xfffffffe,0x45300001
+
+crypto_onetimeauth_poly1305_x86_hoffset2:
+.long 0xfffffffe,0x47300001
+
+crypto_onetimeauth_poly1305_x86_hoffset3:
+.long 0xfffffffe,0x49300003
+
+crypto_onetimeauth_poly1305_x86_rounding:
+.byte 0x7f
+.byte 0x13
diff --git a/nacl/crypto_onetimeauth/poly1305/x86/verify.c b/nacl/crypto_onetimeauth/poly1305/x86/verify.c
new file mode 100644
index 00000000..c7e063f1
--- /dev/null
+++ b/nacl/crypto_onetimeauth/poly1305/x86/verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}
diff --git a/nacl/crypto_onetimeauth/try.c b/nacl/crypto_onetimeauth/try.c
new file mode 100644
index 00000000..54f4396d
--- /dev/null
+++ b/nacl/crypto_onetimeauth/try.c
@@ -0,0 +1,119 @@
+/*
+ * crypto_onetimeauth/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include "crypto_hash_sha256.h"
+#include "crypto_onetimeauth.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
+
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *h;
+static unsigned char *m;
+static unsigned char *k;
+static unsigned char *h2;
+static unsigned char *m2;
+static unsigned char *k2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(crypto_onetimeauth_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
+  h2 = alignedcalloc(crypto_onetimeauth_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES);
+  k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_onetimeauth(h,m,TUNE_BYTES,k);
+  crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
+}
+
+char checksum[crypto_onetimeauth_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i;
+    long long klen = crypto_onetimeauth_KEYBYTES;
+    long long hlen = crypto_onetimeauth_BYTES;
+
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+
+    if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
+    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
+
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+
+    if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
+    for (j = 0;j < hlen;++j) m2[j] = m[j];
+    if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
+    for (j = 0;j < hlen;++j) k2[j] = k[j];
+
+    if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+
+    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
+
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
+    if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+    
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
+    m[mlen] = h2[0];
+  }
+  if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
+  if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+
+  for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}
diff --git a/nacl/crypto_onetimeauth/wrapper-auth.cpp b/nacl/crypto_onetimeauth/wrapper-auth.cpp
new file mode 100644
index 00000000..f4279607
--- /dev/null
+++ b/nacl/crypto_onetimeauth/wrapper-auth.cpp
@@ -0,0 +1,11 @@
+#include <string>
+using std::string;
+#include "crypto_onetimeauth.h"
+
+string crypto_onetimeauth(const string &m,const string &k)
+{
+  if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length";
+  unsigned char a[crypto_onetimeauth_BYTES];
+  crypto_onetimeauth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str());
+  return string((char *) a,crypto_onetimeauth_BYTES);
+}
diff --git a/nacl/crypto_onetimeauth/wrapper-verify.cpp b/nacl/crypto_onetimeauth/wrapper-verify.cpp
new file mode 100644
index 00000000..248239ee
--- /dev/null
+++ b/nacl/crypto_onetimeauth/wrapper-verify.cpp
@@ -0,0 +1,14 @@
+#include <string>
+using std::string;
+#include "crypto_onetimeauth.h"
+
+void crypto_onetimeauth_verify(const string &a,const string &m,const string &k)
+{
+  if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length";
+  if (a.size() != crypto_onetimeauth_BYTES) throw "incorrect authenticator length";
+  if (crypto_onetimeauth_verify(
+       (const unsigned char *) a.c_str(),
+       (const unsigned char *) m.c_str(),m.size(),
+       (const unsigned char *) k.c_str()) == 0) return;
+  throw "invalid authenticator";
+}
-- 
cgit v1.2.3