CVE-2022-0778 OpenSSL BN_mod_sqrt Infinite Loop in Tonelli-Shanks

OpenSSL's BN_mod_sqrt function in crypto/bn/bn_sqrt.c contains an infinite loop vulnerability when processing a maliciously crafted prime. The Tonelli-Shanks algorithm implementation has a critical bug in computing the power-of-2 factorization of p-1. An attacker can craft an EC certificate with specially chosen curve parameters to trigger this vulnerability during certificate validation, causing a Denial of Service.