follow manual for rdrand usage for seeding when rdseed is not available

[edwintorok]

When RDSEED isn't available according to the manual using it as a random seed (as opposed to a random value) is not as simple as calling RDRAND: https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html

Processors that do not support the RDSEED instruction can leverage the reseeding guarantee of the DRBG to generate random seeds from values obtained via RDRAND.

How do we guarantee reseeding?

See https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html

Iteratively execute RDRAND beyond the DRBG upper bound by executing more than 1022 64-bit RDRANDs

Iteratively execute 32 RDRAND invocations with a 10 us wait period per iteration.

There is sample code in the manual on how to implement the 1st approach

The program below takes the first approach of guaranteed reseeding—generating 512 128-bit random numbers—and mixes the intermediate values together using the CBC-MAC mode of AES. This method of turning 512 128-bit samples from the DRNG into a 128-bit seed value is sometimes referred to as the “512:1 data reduction” and results in a random value that is fully forward and backward prediction resistant, suitable for seeding a NIST SP800-90 compliant, FIPS 140-2 certifiable, software DRBG.