wolfSSL will be releasing wolfCrypt v4.0 FIPS with an expanded security boundary. We have added many algorithms to the boundary, including Key Generation.
wolfCrypt v4.0 FIPS can generate keys for use with RSA and ECDSA signing. It can also do the perform the ECDHE and DHE key agreement schemes. We have also self-affirmed wolfCrypt for HKDF as a key-derivation function.
To use wolfCrypt key generation in a FIPS approved manner, you must build wolfCrypt with the Intel RDSEED feature enabled. If you do not have RDSEED available, you may use your own seeding method but it must meet the NIST SP 800-90B requirements.
For more information about wolfCrypt v4.0 FIPS, please send a message to fips@wolfssl.com. For more information about wolfSSL in general, including TLSv1.3 support, send a message to facts@wolfssl.com.