RFC 7836, "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012", March 2016

Errata ID: 6197
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Billy Brumley
Date Reported: 2020-06-03
Verifier Name: Adrian Farrel
Date Verified: 2020-07-01

Section 3 says:

When a point on an elliptic curve is given to an input of a hash
function, affine coordinates for short Weierstrass form are used (see
Section 5): an x coordinate value is fed first, a y coordinate value
is fed second, both in little-endian format.

It should say:

When a point on an elliptic curve is given to an input of a hash
function, affine coordinates for short Weierstrass form are used (see
Section 5): an x coordinate value is fed first, a y coordinate value
is fed second, both in little-endian format. If the point to be fed
to the hash function is zero point, the calculation MUST NOT be performed
and an error SHOULD be reported on a protocol level.

Notes:

A new sentence added at the end of the paragraph explicitly defines the processing in case when the zero point is fed to the hash function.

Report New Errata