OpenSSL is the kitchen sink for relatively well validated, fast crypto primitives, yet every project that uses one of those has to include the other couple megs of libcrypto (most of that is in ASN1 and X509 implementations, which are libcrypto and not libssl). Certainly seems to me like there's room for a librealcrypto (ought to fit in well under a meg) and a libitutils (all that X509 stuff).

OpenSSL is historically also the kitchen sink for TLS features and extensions, with rather mixed results.