diff -up ./nss/lib/freebl/ec.c.ec-derive-pubkey-check ./nss/lib/freebl/ec.c
--- ./nss/lib/freebl/ec.c.ec-derive-pubkey-check	2017-03-23 15:54:08.182526259 -0700
+++ ./nss/lib/freebl/ec.c	2017-03-23 15:59:37.407142251 -0700
@@ -565,6 +565,15 @@ ECDH_Derive(SECItem *publicValue,
         return SECFailure;
     }
 
+    /*
+     * Make sure the point is on the requested curve to avoid
+     * certain small subgroup attacks.
+     */
+    if (EC_ValidatePublicKey(ecParams, publicValue) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
     /* Perform curve specific multiplication using ECMethod */
     if (ecParams->fieldID.type == ec_field_plain) {
         const ECMethod *method;
@@ -580,10 +589,6 @@ ECDH_Derive(SECItem *publicValue,
             PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
             return SECFailure;
         }
-        if (method->validate(publicValue) != SECSuccess) {
-            PORT_SetError(SEC_ERROR_BAD_KEY);
-            return SECFailure;
-        }
         return method->mul(derivedSecret, privateValue, publicValue);
     }
 
diff -up ./nss/lib/softoken/pkcs11c.c.ec-derive-pubkey-check ./nss/lib/softoken/pkcs11c.c
--- ./nss/lib/softoken/pkcs11c.c.ec-derive-pubkey-check	2017-02-17 05:20:06.000000000 -0800
+++ ./nss/lib/softoken/pkcs11c.c	2017-03-23 15:54:08.184526293 -0700
@@ -7247,14 +7247,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
 
             if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) {
                 withCofactor = PR_TRUE;
-            } else {
-                /* When not using cofactor derivation, one should
-                 * validate the public key to avoid small subgroup
-                 * attacks.
-                 */
-                if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) != SECSuccess) {
-                    goto ec_loser;
-                }
             }
 
             rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar,