crypto: add NULL checks for OpenSSL allocation functions

Replace CHECK() assertions with graceful error handling for
EVP_CIPHER_CTX_new() allocations that could fail under memory
pressure:

- crypto_aes.cc (AES_Cipher): return FAILED status
- crypto_cipher.cc (CommonInit): throw JS error via ThrowCryptoError

Fixes #62774

Author: armorbreak001

src/crypto/crypto_aes.cc

@@ -48,7 +48,9 @@ WebCryptoCipherStatus AES_Cipher(Environment* env,
   CHECK_EQ(key_data.GetKeyType(), kKeyTypeSecret);
 
   auto ctx = CipherCtxPointer::New();
-  CHECK(ctx);
+  if (!ctx) {
+    return WebCryptoCipherStatus::FAILED;
+  }
 
   if (params.cipher.isWrapMode()) {
     ctx.setAllowWrap();

src/crypto/crypto_cipher.cc

@@ -338,7 +338,9 @@ void CipherBase::CommonInit(const char* cipher_type,
   MarkPopErrorOnReturn mark_pop_error_on_return;
   CHECK(!ctx_);
   ctx_ = CipherCtxPointer::New();
-  CHECK(ctx_);
+  if (!ctx_) {
+    return ThrowCryptoError(env(), ERR_get_error(), "Failed to allocate cipher context");
+  }
 
   if (cipher.isWrapMode()) {
     ctx_.setAllowWrap();