Since revision 7493, function hsm_get_key_size_ecdsa contains a possible integer overflow.
The bits variable is calculated by multiplying by 4 (8/2) the value_len returned by hsm_get_key_ecdsa_value. If the HSM cannot be trusted, this value cannot be trusted either.
This means that an adversarial HSM could return a very large value_len, thus causing the multiplication by 4 to overflow, resulting in a incorrect returned value.
Although, I have not found any potential vulnerability relying on this overflow, a integer overflow check should be performed as the return value of this function could very well be used, someday, to do something more complex than just displaying the (wrong) result.
A quick and very dirty fix can be found in attachment.