Unusual IV for AES_CBC

[rnapier]

In jwe.c, _cjose_jwe_set_iv_aes_cbc creates different sized IVs depending on the key size. This doesn't seem correct; the CBC IV is based on the block size, which is always 16 bytes for AES, not the key size. I can't find a specific example in RFC7516 of AES256 to confirm my understanding; have I misunderstood something about the spec?

[securedimensions]

We had an issue with the Qt Cryptographic library due to the varying size of the IV for different key sizes.

This pull request uses a fixed size of 16 Byte: #112

[zandbelt]

this was merged here:
OpenIDC#11
and part of the maintenance fork here:
https://github.com/OpenIDC/cjose/tree/version-0.6.2.x