crypto: replace CHECK with NULL checks for EVP_CIPHER_CTX_new allocations

Replace CHECK() assertions with proper NULL checks and error returns
for EVP_CIPHER_CTX_new() allocations. CHECK() causes an abort()
on failure, which is not appropriate for recoverable allocation failures.
Instead, return a failure status or throw a proper crypto error.

Fixes: #62774

Author: RoomWithOutRoof

src/crypto/crypto_aes.cc

@@ -48,7 +48,9 @@ WebCryptoCipherStatus AES_Cipher(Environment* env,
   CHECK_EQ(key_data.GetKeyType(), kKeyTypeSecret);
 
   auto ctx = CipherCtxPointer::New();
-  CHECK(ctx);
+  if (!ctx) {
+    return WebCryptoCipherStatus::FAILED;
+  }
 
   if (params.cipher.isWrapMode()) {
     ctx.setAllowWrap();

src/crypto/crypto_cipher.cc

@@ -338,7 +338,11 @@ void CipherBase::CommonInit(const char* cipher_type,
   MarkPopErrorOnReturn mark_pop_error_on_return;
   CHECK(!ctx_);
   ctx_ = CipherCtxPointer::New();
-  CHECK(ctx_);
+  if (!ctx_) {
+    return ThrowCryptoError(env(),
+                            mark_pop_error_on_return.peekError(),
+                            "EVP_CIPHER_CTX_new");
+  }
 
   if (cipher.isWrapMode()) {
     ctx_.setAllowWrap();