Why crypto in the kernel, not in user space?

I think the reason used to be some hardware crypto accelerators that require a kernel driver to access.

The more modern way of getting hardware accelerated crypto is special CPU instructions (like the ARM cryptographic extensions) which can be used from userspace too.
But a number of older SoCs have crypto accelerators implemented as memory mapped peripheral devices so you need a kernel driver there .

However such things tend to be pretty slow, especially when used from userspace with a context switch involved. Years ago I tested the i.MX53 crypto accelerator from userspace and it was actually slower at most clock frequencies than a pure software userspace implementation. It did have the advantage however of freeing the single core CPU for other things and a small power consumption advantage too.