CVE-2022-0778: Infinite loop in BN_mod_sqrt Tonelli-Shanks algorithm

CVE-2022-0778 is a logic bug in OpenSSL's BN_mod_sqrt function that implements the Tonelli-Shanks algorithm for computing modular square roots. The vulnerability allows an attacker to cause an infinite loop by providing a specially crafted certificate with invalid elliptic curve parameters (specifically, invalid or composite primes instead of actual primes). The outer while loop (line 286) in the Tonelli-Shanks implementation has no maximum iteration bound, and the algorithm's termination condition may never be satisfied with malformed inputs, causing the process to hang indefinitely.