Wrong IV sizes

[lucadici]

For CBC mode, the initialization vector is the size of a block, which for AES is 16 bytes = 128 bits

static bool _cjose_jwe_set_iv_aes_cbc(cjose_jwe_t *jwe, cjose_err *err)
{
    // make sure we have an enc header
    json_t *enc_obj = json_object_get(jwe->hdr, CJOSE_HDR_ENC);
    if (NULL == enc_obj)
    {
        CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG);
        return false;
    }
    const char *enc = json_string_value(enc_obj);

    cjose_get_dealloc()(jwe->enc_iv.raw);
    jwe->enc_iv.raw_len = 0;

    if (strcmp(enc, CJOSE_HDR_ENC_A128CBC_HS256) == 0)
        jwe->enc_iv.raw_len = 16;
    if (strcmp(enc, CJOSE_HDR_ENC_A192CBC_HS384) == 0)
        jwe->enc_iv.raw_len = 16; // LDC, old = 24;
    if (strcmp(enc, CJOSE_HDR_ENC_A256CBC_HS512) == 0)
        jwe->enc_iv.raw_len = 16; // LDC, old = 32;

    if (jwe->enc_iv.raw_len == 0)
    {
        CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG);
        return false;
    }

    // generate IV as random iv_size * 8 bit value
    if (!_cjose_jwe_malloc(jwe->enc_iv.raw_len, true, &jwe->enc_iv.raw, err))
    {
        return false;
    }

    return true;
}

This avoids interop issues while decoding with:
https://github.com/latchset/jwcrypto
Checked also with:
https://dinochiesa.github.io/jwt/

[zandbelt]

the IV issue was reported before in #101 and a PR exists: #112, merged into the maintenance repo here https://github.com/OpenIDC/cjose

[cisco/cjose is abandoned since 6 years]