From aba18bac71155d3e34d7dab5749bfb2cfa9662ec Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Tue, 13 Jan 2026 11:51:00 +0100 Subject: [PATCH] MINOR: jwe: Some algorithms not supported by AWS-LC AWS-LC does not have EVP_aes_128_wrap or EVP_aes_192_wrap so the A128KW and A192KW algorithms will not be supported for JWE token decryption. --- doc/configuration.txt | 3 ++- src/jwe.c | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 88b09fdc1..fd6a68ad7 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -21398,7 +21398,8 @@ jwt_decrypt_secret() This converter can be used for tokens that have an algorithm ("alg" field of the JOSE header) among the following: A128KW, A192KW, A256KW, A128GCMKW, - A192GCMKW, A256GCMKW, dir. + A192GCMKW, A256GCMKW, dir. Please note that the A128KW and A192KW algorithms + are not available on AWS-LC and decryption will not work. The JWE token must be provided base64url-encoded and the output will be provided "raw". If an error happens during token parsing, signature diff --git a/src/jwe.c b/src/jwe.c index 095181ecd..2ebf2ebe2 100644 --- a/src/jwe.c +++ b/src/jwe.c @@ -271,14 +271,26 @@ static int decrypt_cek_aeskw(struct buffer *cek, struct buffer *decrypted_cek, s goto end; switch(crypt_alg) { +#ifndef OPENSSL_IS_AWSLC + /* AWS-LC does not support EVP_aes_128_wrap or EVP_aes_192_wrap */ case JWE_ALG_A128KW: cipher = EVP_aes_128_wrap(); break; case JWE_ALG_A192KW: cipher = EVP_aes_192_wrap(); break; +#endif case JWE_ALG_A256KW: cipher = EVP_aes_256_wrap(); break; default: goto end; } +#ifndef OPENSSL_IS_AWSLC + /* Comment from AWS-LC (in include/openssl/cipher.h): + * EVP_aes_256_wrap implements AES-256 in Key Wrap mode. OpenSSL 1.1.1 + * required |EVP_CIPHER_CTX_FLAG_WRAP_ALLOW| to be set with + * |EVP_CIPHER_CTX_set_flags|, in order for |EVP_aes_256_wrap| to work. + * This is not required in AWS-LC and they are no-op flags maintained + * for compatibility. + */ EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); +#endif iv_size = EVP_CIPHER_iv_length(cipher); iv = alloc_trash_chunk();