diff --git a/sm/decrypt.c b/sm/decrypt.c
index c9b50632c..93f2783af 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -1074,6 +1074,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
   int recp;
   estream_t in_fp = NULL;
   struct decrypt_filter_parm_s dfparm;
+  char *curve = NULL;
 
   memset (&dfparm, 0, sizeof dfparm);
 
@@ -1318,14 +1319,15 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
 
                   pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
                   pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
-                  pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
+                  xfree (curve);
+                  pk_algo = gpgsm_get_key_algo_info (cert, &nbits, &curve);
                   if (!opt.quiet)
                     log_info (_("encrypted to %s key %s\n"), pkalgostr, pkfpr);
 
                   /* Check compliance.  */
                   if (!gnupg_pk_is_allowed (opt.compliance,
                                             PK_USE_DECRYPTION,
-                                            pk_algo, 0, NULL, nbits, NULL))
+                                            pk_algo, 0, NULL, nbits, curve))
                     {
                       char  kidstr[10+1];
 
@@ -1343,7 +1345,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                   dfparm.is_de_vs =
                     (dfparm.is_de_vs
                      && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0,
-                                               NULL, nbits, NULL));
+                                               NULL, nbits, curve));
 
                 oops:
                   if (rc)
@@ -1521,6 +1523,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
       log_error ("message decryption failed: %s <%s>\n",
                  gpg_strerror (rc), gpg_strsource (rc));
     }
+  xfree (curve);
   ksba_cms_release (cms);
   gnupg_ksba_destroy_reader (b64reader);
   gnupg_ksba_destroy_writer (b64writer);
diff --git a/sm/encrypt.c b/sm/encrypt.c
index fc104db1d..b9e8c92c8 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -777,11 +777,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
       unsigned char *encval;
       unsigned int nbits;
       int pk_algo;
+      char *curve = NULL;
 
       /* Check compliance.  */
-      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
+      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits, &curve);
       if (!gnupg_pk_is_compliant (opt.compliance, pk_algo, 0,
-                                  NULL, nbits, NULL))
+                                  NULL, nbits, curve))
         {
           char  kidstr[10+1];
 
@@ -796,9 +797,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
       /* Fixme: When adding ECC we need to provide the curvename and
        * the key to gnupg_pk_is_compliant.  */
       if (compliant
-          && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0, NULL, nbits, NULL))
+          && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0, NULL, nbits, curve))
         compliant = 0;
 
+      xfree (curve);
+      curve = NULL;
+
       rc = encrypt_dek (dek, cl->cert, pk_algo, &encval);
       if (rc)
         {
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index ce0830e29..ab898fdec 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -223,7 +223,7 @@ gpgsm_get_keygrip_hexstring (ksba_cert_t cert)
  * algorithm is used the name or OID of the curve is stored there; the
  * caller needs to free this value.  */
 int
-gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
+gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
 {
   gcry_sexp_t s_pkey;
   int rc;
@@ -300,18 +300,11 @@ gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
 }
 
 
-int
-gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
-{
-  return gpgsm_get_key_algo_info2 (cert, nbits, NULL);
-}
-
-
 /* Return true if CERT is an ECC key.  */
 int
 gpgsm_is_ecc_key (ksba_cert_t cert)
 {
-  return GCRY_PK_ECC == gpgsm_get_key_algo_info2 (cert, NULL, NULL);
+  return GCRY_PK_ECC == gpgsm_get_key_algo_info (cert, NULL, NULL);
 }
 
 
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 7038e0ea8..4140c9709 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -295,9 +295,8 @@ unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
                                            unsigned long *r_high);
 unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
 char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
-int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
-int  gpgsm_get_key_algo_info2 (ksba_cert_t cert, unsigned int *nbits,
-                               char **r_curve);
+int  gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits,
+                              char **r_curve);
 int   gpgsm_is_ecc_key (ksba_cert_t cert);
 char *gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid);
 char *gpgsm_get_certid (ksba_cert_t cert);
diff --git a/sm/keylist.c b/sm/keylist.c
index e49215376..bac973984 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -502,7 +502,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   if (*truststring)
     es_fputs (truststring, fp);
 
-  algo = gpgsm_get_key_algo_info2 (cert, &nbits, &curve);
+  algo = gpgsm_get_key_algo_info (cert, &nbits, &curve);
   es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);
 
   ksba_cert_get_validity (cert, 0, t);
diff --git a/sm/sign.c b/sm/sign.c
index 83d44ebba..013f4b87c 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -543,6 +543,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
   certlist_t cl;
   int release_signerlist = 0;
   int binary_detached = detached && !ctrl->create_pem && !ctrl->create_base64;
+  char *curve = NULL;
 
   audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN);
 
@@ -676,7 +677,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
       unsigned int nbits;
       int pk_algo;
 
-      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
+      xfree (curve);
+      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits, &curve);
       cl->pk_algo = pk_algo;
 
       if (opt.forced_digest_algo)
@@ -736,7 +738,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
         }
 
       if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo, 0,
-                                NULL, nbits, NULL))
+                                NULL, nbits, curve))
         {
           char  kidstr[10+1];
 
@@ -1092,6 +1094,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
                gpg_strerror (rc), gpg_strsource (rc) );
   if (release_signerlist)
     gpgsm_release_certlist (signerlist);
+  xfree (curve);
   ksba_cms_release (cms);
   gnupg_ksba_destroy_writer (b64writer);
   keydb_release (kh);
diff --git a/sm/verify.c b/sm/verify.c
index b092b90da..db3ff5bf0 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -469,7 +469,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
       pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
       pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
-      pkalgo = gpgsm_get_key_algo_info2 (cert, &nbits, &pkcurve);
+      pkalgo = gpgsm_get_key_algo_info (cert, &nbits, &pkcurve);
       /* Remap the ECC algo to the algo we use.  Note that EdDSA has
        * already been mapped.  */
       if (pkalgo == GCRY_PK_ECC)
@@ -504,7 +504,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
       /* Check compliance.  */
       if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
-                                 pkalgo, pkalgoflags, NULL, nbits, NULL))
+                                 pkalgo, pkalgoflags, NULL, nbits, pkcurve))
         {
           char  kidstr[10+1];