Correct base64 validation regexp so that valid signature with == split

between two lines are not incorrectly evaluated as invalid (LP:
      #2002295) - Thanks to <https://launchpad.net/~obadz> for the report and
      the proposed fix

ChangeLog

@@ -19,6 +19,10 @@ Version 1.1.0
       along with timeout error from dnspython (LP: #1873449)
     - Invalid Authentication-Results header fields are ignored for ARC signing
       (LP: #1884044)
+    - Correct base64 validation regexp so that valid signature with == split
+      between two lines are not incorrectly evaluated as invalid (LP:
+      #2002295) - Thanks to <https://launchpad.net/~obadz> for the report and
+      the proposed fix
 
 2019-12-31 Version 1.0.2
     - dknewkey: On posix operating systems set file permissions to 600 for

dkim/__init__.py

@@ -284,13 +284,13 @@ def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b'
         raise ValidationError("unknown signature algorithm: %s" % sig[b'a'])
 
     if b'b' in sig:
-        if re.match(br"[\s0-9A-Za-z+/]+=*$", sig[b'b']) is None:
+        if re.match(br"[\s0-9A-Za-z+/]+[\s=]*$", sig[b'b']) is None:
             raise ValidationError("b= value is not valid base64 (%s)" % sig[b'b'])
         if len(re.sub(br"\s+", b"", sig[b'b'])) % 4 != 0:
             raise ValidationError("b= value is not valid base64 (%s)" % sig[b'b'])
 
     if b'bh' in sig:
-        if re.match(br"[\s0-9A-Za-z+/]+=*$", sig[b'bh']) is None:
+        if re.match(br"[\s0-9A-Za-z+/]+[\s=]*$", sig[b'b']) is None:
             raise ValidationError("bh= value is not valid base64 (%s)" % sig[b'bh'])
         if len(re.sub(br"\s+", b"", sig[b'bh'])) % 4 != 0:
             raise ValidationError("bh= value is not valid base64 (%s)" % sig[b'bh'])