CVE-2022-0778: OpenSSL BN_mod_sqrt infinite loop via non-prime modulus in Tonelli-Shanks

CVE-2022-0778: A crafted certificate with explicit elliptic curve parameters (non-prime field prime p) causes BN_mod_sqrt() in OpenSSL to loop infinitely, enabling a denial-of-service attack. Affects OpenSSL 1.0.2, 1.1.1 (up to 1.1.1m), 3.0 (up to 3.0.1). Both TLS clients and servers that parse peer certificates are vulnerable.