Michael RoitzschApple formally verified their corecrypto library. The verification stack translates the FIPS spec into Isabelle code, for which refinement is shown to a Cryptol specification, for which refinement is shown to the C code. And all of the code and proofs are open source.
https://security.apple.com/blog/formal-verification-corecrypto/
https://security.apple.com/blog/formal-verification-corecrypto/
A blueprint for formal verification of Apple corecrypto - Apple Security Research
With the latest release of corecrypto, we’re publishing our implementations of quantum-secure ML-KEM and ML-DSA algorithms, along with the mathematical proofs we built to assure they are faithful to the FIPS 203 and FIPS 204 specifications. To advance the state of the art for assuring critical software, we're also publishing the formal verification libraries and tools that we created to achieve the strongest known correctness results for any widely-deployed production implementation of the relevant algorithms.