On Thu May 22 12:41:19 2025 +0000, Dmitry Timoshkov wrote:

I was mentioning the part about using SECBUFFER_STREAM in DecryptMessage(). It was my guess that EncryptMessage() is supposed to support the mirroring logic of using SECBUFFER_DATA as input and SECBUFFER_STREAM as output buffers.

That was my first guess too :) Perhaps I'm missing something but this appears to encrypt in-place. It seems to me that you would need to pass a separate SECBUFFER_STREAM buffer that is large enough to hold data + token.