Merge branch '2.9' into 2.10

4 files changed, 11 insertions, 0 deletions

diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index f1919660..aa8fa669 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -324,6 +324,8 @@ class PKey(object):
 
     def _read_private_key(self, tag, f, password=None):
         lines = f.readlines()
+        if not lines:
+            raise SSHException("no lines in {} private key file".format(tag))
 
         # find the BEGIN tag
         start = 0
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index d5bdadec..df438626 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
 Changelog
 =========
 
+- bug:`1637` (via :issue:`1599`) Raise `SSHException` explicitly when blank
+  private key data is loaded, instead of the natural result of ``IndexError``.
+  This should help more bits of Paramiko or Paramiko-adjacent codebases to
+  correctly handle this class of error. Credit: Nicholas Dietz.
 - :release:`2.10.5 <2022-05-16>`
 - :release:`2.9.5 <2022-05-16>`
 - :bug:`1933` Align signature verification algorithm with OpenSSH re:
diff --git a/tests/blank_rsa.key b/tests/blank_rsa.key
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/blank_rsa.key
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 3bc0459a..f8b7eb42 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -186,6 +186,11 @@ class KeyTest(unittest.TestCase):
                 with pytest.raises(SSHException, match=str(exception)):
                     RSAKey.from_private_key_file(_support("test_rsa.key"))
 
+    def test_loading_empty_keys_errors_usefully(self):
+        # #1599 - raise SSHException instead of IndexError
+        with pytest.raises(SSHException, match="no lines"):
+            RSAKey.from_private_key_file(_support("blank_rsa.key"))
+
     def test_load_rsa_password(self):
         key = RSAKey.from_private_key_file(
             _support("test_rsa_password.key"), "television"