Fix crash: check decrypt context before using it
This is a regression introduced when switched to the new BoringSSL API in. In the new APIs, read and write secrets are installed separately and at different times. The previous logic that checked context initialization can no longer be used. The new guard differentiates between read and write secrets.