MINOR: jwe: Some algorithms not supported by AWS-LC

AWS-LC does not have EVP_aes_128_wrap or EVP_aes_192_wrap so the A128KW
and A192KW algorithms will not be supported for JWE token decryption.

doc/configuration.txt

@@ -21398,7 +21398,8 @@ jwt_decrypt_secret(<secret>)
 
   This converter can be used for tokens that have an algorithm ("alg" field of
   the JOSE header) among the following: A128KW, A192KW, A256KW, A128GCMKW,
-  A192GCMKW, A256GCMKW, dir.
+  A192GCMKW, A256GCMKW, dir. Please note that the A128KW and A192KW algorithms
+  are not available on AWS-LC and decryption will not work.
 
   The JWE token must be provided base64url-encoded and the output will be
   provided "raw". If an error happens during token parsing, signature

src/jwe.c

@@ -271,14 +271,26 @@ static int decrypt_cek_aeskw(struct buffer *cek, struct buffer *decrypted_cek, s
 		goto end;
 
 	switch(crypt_alg) {
+#ifndef OPENSSL_IS_AWSLC
+	/*  AWS-LC does not support EVP_aes_128_wrap or EVP_aes_192_wrap */
 	case JWE_ALG_A128KW: cipher = EVP_aes_128_wrap(); break;
 	case JWE_ALG_A192KW: cipher = EVP_aes_192_wrap(); break;
+#endif
 	case JWE_ALG_A256KW: cipher = EVP_aes_256_wrap(); break;
 	default:
 		goto end;
 	}
 
+#ifndef OPENSSL_IS_AWSLC
+	/* Comment from AWS-LC (in include/openssl/cipher.h):
+	 * EVP_aes_256_wrap implements AES-256 in Key Wrap mode. OpenSSL 1.1.1
+	 * required |EVP_CIPHER_CTX_FLAG_WRAP_ALLOW| to be set with
+	 * |EVP_CIPHER_CTX_set_flags|, in order for |EVP_aes_256_wrap| to work.
+	 * This is not required in AWS-LC and they are no-op flags maintained
+	 * for compatibility.
+	 */
 	EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+#endif
 
 	iv_size = EVP_CIPHER_iv_length(cipher);
 	iv = alloc_trash_chunk();