I also suffered from the same problem.
If SEC_I_RENEGOTIATE is received when using TLS1.3
1.Prepare OutSecBuff and InSecBuff and pass the received data to InitializeSecurityContext.
2-1 If SEC_E_OK and there is no SECBUFFER_EXTRA buffer in OutSecBuff, receive the next packet and call Decryptmessage.
2-2 If SEC_E_OK and OutSecBuff has a SECBUFFER_EXTRA buffer, pass the SECBUFFER_EXTRA buffer to Decryptmessage.
If you are still looking for this information, please let me know your results.
Regards,
poca256