RFC Errata
RFC 7836, "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012", March 2016
Source of RFC: INDEPENDENTSee Also: RFC 7836 w/ inline errata
Errata ID: 6197
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Billy Brumley
Date Reported: 2020-06-03
Verifier Name: Adrian Farrel
Date Verified: 2020-07-01
Section 3 says:
When a point on an elliptic curve is given to an input of a hash function, affine coordinates for short Weierstrass form are used (see Section 5): an x coordinate value is fed first, a y coordinate value is fed second, both in little-endian format.
It should say:
When a point on an elliptic curve is given to an input of a hash function, affine coordinates for short Weierstrass form are used (see Section 5): an x coordinate value is fed first, a y coordinate value is fed second, both in little-endian format. If the point to be fed to the hash function is zero point, the calculation MUST NOT be performed and an error SHOULD be reported on a protocol level.
Notes:
A new sentence added at the end of the paragraph explicitly defines the processing in case when the zero point is fed to the hash function.