tests/encrypt: fix flaky test_encrypt_decrypt_base64 bad-password check

AES-CBC with EVP_BytesToKey has no MAC, so wolfssl enc -d detects a wrong
password only by validating PKCS#7 padding of the garbage plaintext. With
a random salt, the last byte(s) may satisfy valid padding by chance
(measured ~0.4% / ~1 in 256 over 2000 trials), causing rc==0 and the
assertNotEqual(rc, 0) check to fire.

Also verify the output file does not match the original plaintext: random
garbage will not collide with the source, so the assertion is deterministic
regardless of padding luck. Verified stable over 2000 trials (0 false
passes) vs 5/2000 with the old assertion.

Author: julek-wolfssl

tests/encrypt/enc-test.py

@@ -81,11 +81,18 @@ def test_encrypt_decrypt_base64(self):
                      password="test password")
         self.assertEqual(r.returncode, 0, r.stderr)
 
-        # Bad password should fail
+        # Bad password: AES-CBC with EVP_BytesToKey (no MAC) detects a wrong
+        # password only via PKCS#7 padding validation of the garbage plaintext.
+        # Random salt makes that check probabilistic (~1/256 false accept), so
+        # also verify the output does not match the original.
         r = run_enc("enc", "-base64", "-d", "-aes-256-cbc",
                      "-in", enc, "-out", dec,
                      password="bad password")
-        self.assertNotEqual(r.returncode, 0)
+        bad_recovered = (r.returncode == 0
+                         and os.path.exists(dec)
+                         and filecmp.cmp(orig, dec, shallow=False))
+        self.assertFalse(bad_recovered,
+                         "bad password must not recover original plaintext")
 
         r = run_enc("enc", "-base64", "-d", "-aes-256-cbc",
                      "-in", enc, "-out", dec,