rdrand: Fix the RDRAND data reduction

The RDRAND data reduction function was not correct.  Specifically:

1. When using AESni, in order to guarantee at least one reseed event
   per reduction stripe we need to process the data in a different
   order.  This means writing it out all the data to a buffer before
   processing it, and then process it in much larger stripes.

2. When using gcrypt, we are only performing one reduction at a time,
   so only process enough input for one reduction and only generate
   that amount of output.

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2 files changed