GnuTLS CVE-2021-20231: Use-After-Free in ECDHE Key Exchange Processing

CVE-2021-20231 is a use-after-free vulnerability in GnuTLS 3.7.0's ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) key exchange implementation during the TLS handshake. The vulnerability occurs in the memory management of ephemeral parameters when the client processes the client key exchange message. If key derivation fails during client key exchange processing, the ephemeral parameters are freed by calc_ecdh_key() but then accessed again by the caller's cleanup code, resulting in a write to freed heap memory via memset().