In jwe.c, _cjose_jwe_set_iv_aes_cbc creates different sized IVs depending on the key size. This doesn't seem correct; the CBC IV is based on the block size, which is always 16 bytes for AES, not the key size. I can't find a specific example in RFC7516 of AES256 to confirm my understanding; have I misunderstood something about the spec?
In jwe.c,
_cjose_jwe_set_iv_aes_cbccreates different sized IVs depending on the key size. This doesn't seem correct; the CBC IV is based on the block size, which is always 16 bytes for AES, not the key size. I can't find a specific example in RFC7516 of AES256 to confirm my understanding; have I misunderstood something about the spec?