crypto,quic: add NULL checks for OpenSSL allocation functions

Replace CHECK() assertions with graceful error handling for
EVP_CIPHER_CTX_new() allocation failures.

- src/crypto/crypto_aes.cc: In AES_Cipher(), replace CHECK(ctx)
  with early return of WebCryptoCipherStatus::FAILED, matching
  the pattern already used in AES_CTR_Cipher2() in the same file.

- src/crypto/crypto_cipher.cc: In CipherBase::CommonInit(),
  replace CHECK(ctx_) with ThrowCryptoError(), matching the error
  handling pattern used elsewhere in the function.

Note: The other locations mentioned in #62774 (AES_CTR_Cipher2,
TLSSession::Initialize, and ECKeyExportTraits::DoExport) already
have proper NULL checks in the current codebase or have been
refactored such that the relevant code no longer exists.

Fixes: #62774

Author: armorbreak001

src/crypto/crypto_aes.cc

@@ -48,7 +48,9 @@ WebCryptoCipherStatus AES_Cipher(Environment* env,
   CHECK_EQ(key_data.GetKeyType(), kKeyTypeSecret);
 
   auto ctx = CipherCtxPointer::New();
-  CHECK(ctx);
+  if (!ctx) {
+    return WebCryptoCipherStatus::FAILED;
+  }
 
   if (params.cipher.isWrapMode()) {
     ctx.setAllowWrap();

src/crypto/crypto_cipher.cc

@@ -338,7 +338,11 @@ void CipherBase::CommonInit(const char* cipher_type,
   MarkPopErrorOnReturn mark_pop_error_on_return;
   CHECK(!ctx_);
   ctx_ = CipherCtxPointer::New();
-  CHECK(ctx_);
+  if (!ctx_) {
+    return ThrowCryptoError(env(),
+                            mark_pop_error_on_return.peekError(),
+                            "Failed to allocate cipher context");
+  }
 
   if (cipher.isWrapMode()) {
     ctx_.setAllowWrap();