You should take a look at the library written by the author of this post (and the rest of my team), Tink [1]. It's written so that we can do security reviews at Google more easily, by making sure that the crypto library is fairly hard to misuse, in particular that the crypto library integrates well with key management.

[1] https://github.com/google/tink