The RDRAND data reduction function was not correct. Specifically:
1. When using AESni, in order to guarantee at least one reseed event
per reduction stripe we need to process the data in a different
order. This means writing it out all the data to a buffer before
processing it, and then process it in much larger stripes.
2. When using gcrypt, we are only performing one reduction at a time,
so only process enough input for one reduction and only generate
that amount of output.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>