Bug 1366584 - Add initial [must_use] properties to PSM IDL files. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Thu, 25 May 2017 21:56:04 +0800
changeset 395954 a184b592cfa3de4c151181b769f900b054885194
parent 395924 c2ff59dd31bce41bc9108939e86618017943b88d
child 395955 041c347260bc3a38d38055bb0b879f6f49732d96
push idunknown
push userunknown
push dateunknown
reviewerskeeler
bugs1366584
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1366584 - Add initial [must_use] properties to PSM IDL files. r=keeler The [must_use] property on XPIDL methods and attributes is useful for making sure errors are properly handled. As a first step, this patch adds the property to PSM methods and attributes that are already correctly checked everywhere. MozReview-Commit-ID: KyGxwUK3x0X
security/manager/pki/nsIASN1Tree.idl
security/manager/ssl/nsIASN1PrintableItem.idl
security/manager/ssl/nsICertBlocklist.idl
security/manager/ssl/nsICertOverrideService.idl
security/manager/ssl/nsICertTree.idl
security/manager/ssl/nsICertificateDialogs.idl
security/manager/ssl/nsIClientAuthDialogs.idl
security/manager/ssl/nsIContentSignatureVerifier.idl
security/manager/ssl/nsICryptoHMAC.idl
security/manager/ssl/nsICryptoHash.idl
security/manager/ssl/nsIDataSignatureVerifier.idl
security/manager/ssl/nsIGenKeypairInfoDlg.idl
security/manager/ssl/nsIKeyModule.idl
security/manager/ssl/nsIKeygenThread.idl
security/manager/ssl/nsILocalCertService.idl
security/manager/ssl/nsINSSErrorsService.idl
security/manager/ssl/nsINSSVersion.idl
security/manager/ssl/nsIPK11Token.idl
security/manager/ssl/nsIPK11TokenDB.idl
security/manager/ssl/nsIPKCS11.idl
security/manager/ssl/nsIPKCS11Module.idl
security/manager/ssl/nsIPKCS11ModuleDB.idl
security/manager/ssl/nsIPKCS11Slot.idl
security/manager/ssl/nsIProtectedAuthThread.idl
security/manager/ssl/nsISSLStatus.idl
security/manager/ssl/nsISecretDecoderRing.idl
security/manager/ssl/nsISiteSecurityService.idl
security/manager/ssl/nsITokenDialogs.idl
security/manager/ssl/nsITokenPasswordDialogs.idl
security/manager/ssl/nsIU2FToken.idl
security/manager/ssl/nsIX509Cert.idl
security/manager/ssl/nsIX509CertDB.idl
security/manager/ssl/nsIX509CertList.idl
security/manager/ssl/nsIX509CertValidity.idl
--- a/security/manager/pki/nsIASN1Tree.idl
+++ b/security/manager/pki/nsIASN1Tree.idl
@@ -5,21 +5,20 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 #include "nsITreeView.idl"
 #include "nsIX509Cert.idl"
 
 [scriptable, uuid(de142307-7b88-4e0a-b232-250f310e25d8)]
 interface nsIASN1Tree : nsITreeView {
-
+  [must_use]
   void loadASN1Structure(in nsIASN1Object asn1Object);
 
+  [must_use]
   AString getDisplayData(in unsigned long index);
-
 };
 
 %{C++
 
 #define NS_ASN1TREE_CONTRACTID "@mozilla.org/security/nsASN1Tree;1"
 
 %}
-
--- a/security/manager/ssl/nsIASN1PrintableItem.idl
+++ b/security/manager/ssl/nsIASN1PrintableItem.idl
@@ -5,11 +5,10 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 #include "nsIASN1Object.idl"
 
 [scriptable, uuid(114e1142-1dd2-11b2-ac26-b6db19d9184a)]
 interface nsIASN1PrintableItem : nsIASN1Object {
   [noscript] void setData(in charPtr data, in unsigned long len);
-  [noscript] void getData(out charPtr data, out unsigned long len);
+  [noscript, must_use] void getData(out charPtr data, out unsigned long len);
 };
-
--- a/security/manager/ssl/nsICertBlocklist.idl
+++ b/security/manager/ssl/nsICertBlocklist.idl
@@ -15,49 +15,54 @@ interface nsIX509Cert;
  * Represents a service to add certificates as explicitly blocked/distrusted.
  */
 [scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)]
 interface nsICertBlocklist : nsISupports {
   /**
    * Add details of a revoked certificate :
    * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
    */
-   void revokeCertByIssuerAndSerial(in ACString issuer,
-                                    in ACString serialNumber);
+  [must_use]
+  void revokeCertByIssuerAndSerial(in ACString issuer,
+                                   in ACString serialNumber);
 
   /**
    * Add details of a revoked certificate :
    * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
    * sha-256 hash of the public key).
    */
-   void revokeCertBySubjectAndPubKey(in ACString subject,
-                                     in ACString pubKeyHash);
+  [must_use]
+  void revokeCertBySubjectAndPubKey(in ACString subject,
+                                    in ACString pubKeyHash);
 
   /**
    * Persist (fresh) blocklist entries to the profile (if a profile directory is
    * available). Note: calling this will result in synchronous I/O.
    */
-   void saveEntries();
+  [must_use]
+  void saveEntries();
 
   /**
    * Check if a certificate is blocked.
-   * isser - issuer name, DER encoded
+   * issuer - issuer name, DER encoded
    * serial - serial number, DER encoded
    * subject - subject name, DER encoded
    * pubkey - public key, DER encoded
    */
-   boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
-                          in unsigned long issuer_length,
-                          [const, array, size_is(serial_length)] in octet serial,
-                          in unsigned long serial_length,
-                          [const, array, size_is(subject_length)] in octet subject,
-                          in unsigned long subject_length,
-                          [const, array, size_is(pubkey_length)] in octet pubkey,
-                          in unsigned long pubkey_length);
+  [must_use]
+  boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
+                        in unsigned long issuer_length,
+                        [const, array, size_is(serial_length)] in octet serial,
+                        in unsigned long serial_length,
+                        [const, array, size_is(subject_length)] in octet subject,
+                        in unsigned long subject_length,
+                        [const, array, size_is(pubkey_length)] in octet pubkey,
+                        in unsigned long pubkey_length);
 
    /**
     * Check that the blocklist data is current. Specifically, that the current
     * time is no more than security.onecrl.maximum_staleness_in_seconds seconds
     * after the last blocklist update (as stored in the
     * app.update.lastUpdateTime.blocklist-background-update-timer pref)
     */
-   boolean isBlocklistFresh();
+  [must_use]
+  boolean isBlocklistFresh();
 };
--- a/security/manager/ssl/nsICertOverrideService.idl
+++ b/security/manager/ssl/nsICertOverrideService.idl
@@ -48,16 +48,17 @@ interface nsICertOverrideService : nsISu
    *  which only exhibit some subset of errors.
    *
    *  @param aHostName The host (punycode) this mapping belongs to
    *  @param aPort The port this mapping belongs to, if it is -1 then it
    *          is internaly treated as 443
    *  @param aCert The cert that should always be accepted
    *  @param aOverrideBits The precise set of errors we want to be overriden
    */
+  [must_use]
   void rememberValidityOverride(in ACString aHostName,
                                 in int32_t aPort,
                                 in nsIX509Cert aCert,
                                 in uint32_t aOverrideBits,
                                 in boolean aTemporary);
 
   /**
    *  Certs with the given fingerprint should always be accepted for the
@@ -67,16 +68,17 @@ interface nsICertOverrideService : nsISu
    *
    *  @param aHostName The host (punycode) this mapping belongs to
    *  @param aPort The port this mapping belongs to, if it is -1 then it
    *          is internaly treated as 443
    *  @param aCertFingerprint The cert fingerprint that should be accepted, in
    *          the format 'AA:BB:...' (colon-separated upper-case hex bytes).
    *  @param aOverrideBits The errors we want to be overriden
    */
+  [must_use]
   void rememberTemporaryValidityOverrideUsingFingerprint(
       in ACString aHostName,
       in int32_t aPort,
       in ACString aCertFingerprint,
       in uint32_t aOverrideBits);
 
   /**
    *  Return whether this host, port, cert triple has a stored override.
@@ -88,16 +90,17 @@ interface nsICertOverrideService : nsISu
    *  @param aPort The port this mapping belongs to, if it is -1 then it
    *         is internally treated as 443
    *  @param aCert The certificate this mapping belongs to
    *  @param aOverrideBits The errors that are currently overridden
    *  @param aIsTemporary Whether the stored override is session-only,
    *         or permanent
    *  @return Whether an override has been stored for this host+port+cert
    */
+  [must_use]
   boolean hasMatchingOverride(in ACString aHostName,
                               in int32_t aPort,
                               in nsIX509Cert aCert,
                               out uint32_t aOverrideBits,
                               out boolean aIsTemporary);
 
   /**
    *  Retrieve the stored override for the given hostname:port.
@@ -107,16 +110,17 @@ interface nsICertOverrideService : nsISu
    *          is internaly treated as 443
    *  @param aHashAlg On return value True, the fingerprint hash algorithm
    *                  as an OID value in dotted notation.
    *  @param aFingerprint On return value True, the stored fingerprint
    *  @param aOverrideBits The errors that are currently overriden
    *  @return whether a matching override entry for aHostNameWithPort
    *          and aFingerprint is currently on file
    */
+  [must_use]
   boolean getValidityOverride(in ACString aHostName,
                               in int32_t aPort,
                               out ACString aHashAlg,
                               out ACString aFingerprint,
                               out uint32_t aOverrideBits,
                               out boolean aIsTemporary);
 
   /**
@@ -133,12 +137,13 @@ interface nsICertOverrideService : nsISu
 
   /**
    *  Is the given cert used in rules?
    *
    *  @param aCert The cert we're looking for
    *  @return how many override entries are currently on file
    *          for the given certificate
    */
+  [must_use]
   uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
                                   in boolean aCheckTemporaries,
                                   in boolean aCheckPermanents);
 };
--- a/security/manager/ssl/nsICertTree.idl
+++ b/security/manager/ssl/nsICertTree.idl
@@ -7,28 +7,35 @@
 #include "nsISupports.idl"
 #include "nsITreeView.idl"
 
 interface nsIX509Cert;
 interface nsIX509CertList;
 
 [scriptable, uuid(d0180863-606e-49e6-8324-cf45ed4dd891)]
 interface nsICertTreeItem : nsISupports {
+  [must_use]
   readonly attribute nsIX509Cert cert;
+  [must_use]
   readonly attribute AString hostPort;
 };
 
 [scriptable, uuid(55d5ad6b-5572-47fe-941c-f01fe723659e)]
 interface nsICertTree : nsITreeView {
+  [must_use]
   void loadCerts(in unsigned long type);
+  [must_use]
   void loadCertsFromCache(in nsIX509CertList cache, in unsigned long type);
 
+  [must_use]
   nsIX509Cert getCert(in unsigned long index);
+  [must_use]
   nsICertTreeItem getTreeItem(in unsigned long index);
 
+  [must_use]
   void deleteEntryObject(in unsigned long index);
 };
 
 %{C++
 
 #define NS_CERTTREE_CID { 0x4ea60761, 0x31d6, 0x491d, \
                          { 0x9e, 0x34, 0x4b, 0x53, 0xa2, 0x6c, 0x41, 0x6c } }
 
--- a/security/manager/ssl/nsICertificateDialogs.idl
+++ b/security/manager/ssl/nsICertificateDialogs.idl
@@ -15,63 +15,65 @@ interface nsICertificateDialogs : nsISup
 {
   /**
    *  UI shown when a user is asked to download a new CA cert.
    *  Provides user with ability to choose trust settings for the cert.
    *  Asks the user to grant permission to import the certificate.
    *
    *  @param ctx A user interface context.
    *  @param cert The certificate that is about to get installed.
-   *  @param trust a bit mask of trust flags, 
-   *               see nsIX509CertDB for possible values.
+   *  @param trust A bit mask of trust flags.
+   *               See nsIX509CertDB for possible values.
    *
    *  @return true if the user allows to import the certificate.
    */
+  [must_use]
   boolean confirmDownloadCACert(in nsIInterfaceRequestor ctx,
                                 in nsIX509Cert cert,
                                 out unsigned long trust);
 
   /**
    *  UI shown when a user's personal certificate is going to be
    *  exported to a backup file.
-   *  The implementation of this dialog should make sure 
-   *  to prompt the user to type the password twice in order to
-   *  confirm correct input.
-   *  The wording in the dialog should also motivate the user 
-   *  to enter a strong password.
+   *  The implementation of this dialog should make sure to prompt the user to
+   *  type the password twice in order to confirm correct input.
+   *  The wording in the dialog should also motivate the user to enter a strong
+   *  password.
    *
    *  @param ctx A user interface context.
    *  @param password The password provided by the user.
    *
    *  @return false if the user requests to cancel.
    */
-  boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx, 
+  [must_use]
+  boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx,
                                 out AString password);
 
   /**
    *  UI shown when a user is about to restore a personal
    *  certificate from a backup file.
    *  The user is requested to enter the password
    *  that was used in the past to protect that backup file.
    *
    *  @param ctx A user interface context.
    *  @param password The password provided by the user.
    *
    *  @return false if the user requests to cancel.
    */
-  boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx, 
+  [must_use]
+  boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx,
                                 out AString password);
 
   /**
    *  UI shown when a certificate needs to be shown to the user.
    *  The implementation should try to display as many attributes
    *  as possible.
    *
    *  @param ctx A user interface context.
    *  @param cert The certificate to be shown to the user.
    */
-  void viewCert(in nsIInterfaceRequestor ctx, 
-                in nsIX509Cert cert);
+  [must_use]
+  void viewCert(in nsIInterfaceRequestor ctx, in nsIX509Cert cert);
 };
 
 %{C++
 #define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1"
 %}
--- a/security/manager/ssl/nsIClientAuthDialogs.idl
+++ b/security/manager/ssl/nsIClientAuthDialogs.idl
@@ -22,16 +22,17 @@ interface nsIClientAuthDialogs : nsISupp
    * @param port Port of the server.
    * @param organization Organization field of the server cert.
    * @param issuerOrg Organization field of the issuer cert of the server cert.
    * @param certList List of certificates the user can choose from.
    * @param selectedIndex Index of the cert in |certList| that the user chose.
    *                      Ignored if the return value is false.
    * @return true if a certificate was chosen. false if the user canceled.
    */
+  [must_use]
   boolean chooseCertificate(in nsIInterfaceRequestor ctx,
                             in AUTF8String hostname,
                             in long port,
                             in AUTF8String organization,
                             in AUTF8String issuerOrg,
                             in nsIArray certList,
                             out unsigned long selectedIndex);
 };
--- a/security/manager/ssl/nsIContentSignatureVerifier.idl
+++ b/security/manager/ssl/nsIContentSignatureVerifier.idl
@@ -35,16 +35,17 @@ interface nsIContentSignatureVerifier : 
    *                                url-safe base64 encoded.
    * @param aCertificateChain       The certificate chain to use for verification.
    *                                PEM encoded string.
    * @param aName                   The (host)name for which the end entity must
                                     be valid.
    * @returns true if the signature matches the data and aCertificateChain is
    *          valid within aContext, false if not.
    */
+  [must_use]
   boolean verifyContentSignature(in ACString aData,
                                  in ACString aContentSignatureHeader,
                                  in ACString aCertificateChain,
                                  in ACString aName);
 
   /**
    * Creates a context to verify a content signature against data that is added
    * later with update calls.
@@ -52,16 +53,17 @@ interface nsIContentSignatureVerifier : 
    * @param aData                   The first chunk of data to be tested.
    * @param aContentSignatureHeader The signature of the data, url-safe base64
    *                                encoded.
    * @param aCertificateChain       The certificate chain to use for
    *                                verification. PEM encoded string.
    * @param aName                   The (host)name for which the end entity must
                                     be valid.
    */
+  [must_use]
   void createContext(in ACString aData, in ACString aContentSignatureHeader,
                      in ACString aCertificateChain, in ACString aName);
 
   /**
    * Creates a context to verify a content signature against data that is added
    * later with update calls.
    * This does not require the caller to download the certificate chain. It's
    * done internally.
@@ -72,34 +74,37 @@ interface nsIContentSignatureVerifier : 
    *
    * @param aCallback               Callback that's invoked when the cert chain
    *                                got fetched.
    * @param aContentSignatureHeader The signature of the data, url-safe base64
    *                                encoded, and the x5u value.
    * @param aName                   The (host)name for which the end entity must
                                     be valid.
    */
+  [must_use]
   void createContextWithoutCertChain(in nsIContentSignatureReceiverCallback aCallback,
                                      in ACString aContentSignatureHeader,
                                      in ACString aName);
 
   /**
    * Adds data to the context that was used to generate the signature.
    *
    * @param aData        More data to be tested.
    */
+  [must_use]
   void update(in ACString aData);
 
   /**
    * Finalises the signature and returns the result of the signature
    * verification.
    *
    * @returns true if the signature matches the data added with createContext
    *          and update, false if not.
    */
+  [must_use]
   boolean end();
 };
 
 /**
  * Callback for nsIContentSignatureVerifier.
  * { 0x1eb90707, 0xdf59, 0x48b7, \
  *   { 0x9d, 0x42, 0xd8, 0xbf, 0x63, 0x0a, 0xe7, 0x44 } }
  */
--- a/security/manager/ssl/nsICryptoHMAC.idl
+++ b/security/manager/ssl/nsICryptoHMAC.idl
@@ -41,67 +41,66 @@ interface nsICryptoHMAC : nsISupports
      *            .getService(Components.interfaces.nsIKeyObjectFactory)
      *              .keyFromString(Components.interfaces.nsIKeyObject.HMAC, rawKeyData);
      *
      * WARNING: This approach is not FIPS compliant.
      *
      * @throws NS_ERROR_INVALID_ARG if an unsupported algorithm
      *        type is passed.
      *
-     * NOTE: This method must be called before any other method 
-     *        on this interface is called.
+     * NOTE: This method must be called before any other method on this
+     *       interface is called.
      */
+    [must_use]
     void init(in unsigned long aAlgorithm, in nsIKeyObject aKeyObject);
 
     /**
      * @param aData a buffer to calculate the hash over
      *
      * @param aLen the length of the buffer |aData|
      *
-     * @throws NS_ERROR_NOT_INITIALIZED if |init| has not been 
-     *         called.
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
      */
+    [must_use]
     void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);
 
     /**
      * Calculates and updates a new hash based on a given data stream.
      *
      * @param aStream an input stream to read from.
      *
-     * @param aLen how much to read from the given |aStream|.  Passing
-     *        UINT32_MAX indicates that all data available will be used 
-     *        to update the hash. 
+     * @param aLen How much to read from the given |aStream|. Passing UINT32_MAX
+     *        indicates that all data available will be used to update the hash.
      *
-     * @throws NS_ERROR_NOT_INITIALIZED if |init| has not been 
-     *         called.
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
      *
-     * @throws NS_ERROR_NOT_AVAILABLE if the requested amount of 
-     *         data to be calculated into the hash is not available.
+     * @throws NS_ERROR_NOT_AVAILABLE If the requested amount of data to be
+     *         calculated into the hash is not available.
      *
      */
+    [must_use]
     void updateFromStream(in nsIInputStream aStream, in unsigned long aLen);
-    
+
     /**
-     * Completes this HMAC object and produces the actual HMAC diegest data.
+     * Completes this HMAC object and produces the actual HMAC digest data.
      *
-     * @param aASCII if true then the returned value is a base-64 
-     *        encoded string.  if false, then the returned value is
-     *        binary data.  
+     * @param aASCII If true then the returned value is a base64 encoded string.
+     *        If false, then the returned value is binary data.
      *
      * @return a hash of the data that was read by this object.  This can
      *         be either binary data or base 64 encoded.
      *
-     * @throws NS_ERROR_NOT_INITIALIZED if |init| has not been 
-     *         called.
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
      *
      * NOTE: This method may be called any time after |init|
      *       is called.  This call resets the object to its
      *       pre-init state.
      */
+    [must_use]
     ACString finish(in boolean aASCII);
 
     /**
-     * Reinitialize HMAC context to be reused with the same
-     * settings (the key and hash algorithm) but on different 
-     * set of data.
+     * Reinitialize HMAC context to be reused with the same settings (the key
+     * and hash algorithm) but on a different set of data.
      */
+    [must_use]
     void reset();
 };
--- a/security/manager/ssl/nsICryptoHash.idl
+++ b/security/manager/ssl/nsICryptoHash.idl
@@ -49,57 +49,54 @@ interface nsICryptoHash : nsISupports
      * @param aAlgorithm the algorithm type to be used.
      *
      * @throws NS_ERROR_INVALID_ARG if an unsupported algorithm
      *         type is passed.
      *
      * NOTE: This method or init must be called before any
      *       other method on this interface is called.
      */
+    [must_use]
     void initWithString(in ACString aAlgorithm);
-  
+
     /**
      * @param aData a buffer to calculate the hash over
      *
      * @param aLen the length of the buffer |aData|
      *
-     * @throws NS_ERROR_NOT_INITIALIZED if |init| has not been 
-     *         called.
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
      */
     void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);
 
     /**
      * Calculates and updates a new hash based on a given data stream.
      *
      * @param aStream an input stream to read from.
      *
-     * @param aLen how much to read from the given |aStream|.  Passing
-     *        UINT32_MAX indicates that all data available will be used 
-     *        to update the hash. 
+     * @param aLen How much to read from the given |aStream|. Passing UINT32_MAX
+     *        indicates that all data available will be used to update the hash.
      *
-     * @throws NS_ERROR_NOT_INITIALIZED if |init| has not been 
-     *         called.
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
      *
-     * @throws NS_ERROR_NOT_AVAILABLE if the requested amount of 
+     * @throws NS_ERROR_NOT_AVAILABLE If the requested amount of
      *         data to be calculated into the hash is not available.
      *
      */
+    [must_use]
     void updateFromStream(in nsIInputStream aStream, in unsigned long aLen);
-    
+
     /**
      * Completes this hash object and produces the actual hash data.
      *
-     * @param aASCII if true then the returned value is a base-64 
-     *        encoded string.  if false, then the returned value is
-     *        binary data.  
+     * @param aASCII If true then the returned value is a base64 encoded string.
+     *        If false, then the returned value is binary data.
      *
      * @return a hash of the data that was read by this object.  This can
      *         be either binary data or base 64 encoded.
      *
-     * @throws NS_ERROR_NOT_INITIALIZED if |init| has not been 
-     *         called.
+     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
      *
      * NOTE: This method may be called any time after |init|
      *       is called.  This call resets the object to its
      *       pre-init state.
      */
     ACString finish(in boolean aASCII);
 };
--- a/security/manager/ssl/nsIDataSignatureVerifier.idl
+++ b/security/manager/ssl/nsIDataSignatureVerifier.idl
@@ -19,19 +19,21 @@ interface nsIDataSignatureVerifier : nsI
    * signature.
    *
    * @param aData      The data to be tested.
    * @param aSignature The signature of the data, base64 encoded.
    * @param aPublicKey The public part of the key used for signing, DER encoded
    *                   then base64 encoded.
    * @returns true if the signature matches the data, false if not.
    */
+  [must_use]
   boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey);
 
    /* Sig Verification Error Codes */
   const long VERIFY_OK = 0;
   const long VERIFY_ERROR_UNKNOWN_ISSUER = 1;
   const long VERIFY_ERROR_OTHER = 2;
 
+  [must_use]
   nsIX509Cert verifySignature(in ACString signature, in ACString plaintext,
                               out long errorCode);
 
 };
--- a/security/manager/ssl/nsIGenKeypairInfoDlg.idl
+++ b/security/manager/ssl/nsIGenKeypairInfoDlg.idl
@@ -10,16 +10,17 @@ interface nsIKeygenThread;
 /**
  * nsIGeneratingKeypairInfoDialogs
  *  This is the interface for giving feedback to the user
  *  while generating a key pair.
  */
 [scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)]
 interface nsIGeneratingKeypairInfoDialogs : nsISupports
 {
+  [must_use]
   void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx,
                                     in nsIKeygenThread runnable);
 };
 
 %{C++
 /**
  * This component is to be implemented by the embeddor. It is used to show
  * feedback to the user while a private key is being generated.
--- a/security/manager/ssl/nsIKeyModule.idl
+++ b/security/manager/ssl/nsIKeyModule.idl
@@ -17,21 +17,25 @@ interface nsIKeyObject : nsISupports
   // Key types
   const short SYM_KEY = 1;
 
   // Algorithm types
   const short HMAC = 257;
 
   // The nsIKeyObject will take ownership of the key and be responsible
   // for freeing the key memory when destroyed.
-  [noscript] void initKey(in short aAlgorithm, in PK11SymKeyPtr aKey);
+  [noscript, must_use]
+  void initKey(in short aAlgorithm, in PK11SymKeyPtr aKey);
 
   // Returns a pointer to the underlying key object.
-  [noscript] PK11SymKeyPtr getKeyObj();
+  [noscript, must_use]
+  PK11SymKeyPtr getKeyObj();
 
+  [must_use]
   short getType();
 };
 
 [scriptable, uuid(838bdbf1-8244-448f-8bcd-cede70227d75)]
 interface nsIKeyObjectFactory : nsISupports
 {
+  [must_use]
   nsIKeyObject keyFromString(in short aAlgorithm, in ACString aKey);
 };
--- a/security/manager/ssl/nsIKeygenThread.idl
+++ b/security/manager/ssl/nsIKeygenThread.idl
@@ -24,24 +24,26 @@ interface nsIKeygenThread : nsISupports
    *   To allow the closure of the status information,
    *   the thread needs a handle to an observer.
    *
    *   observer will be called on the UI thread.
    *   When the key generation is done, the observe method will
    *   be called with a topic of "keygen-finished" and null data
    *   and subject.
    */
+  [must_use]
   void startKeyGeneration(in nsIObserver observer);
 
   /**
    * userCanceled - notify the thread
    *   If the user canceled, the thread is no longer allowed to
    *   close the dialog. However, if the thread already closed
    *   it, we are not allowed to close it.
    */
+  [must_use]
   void userCanceled(out boolean threadAlreadyClosedDialog);
 };
 
 %{ C++
 // {195763b8-1dd2-11b2-a843-eb44e44aaa37}
 #define NS_KEYGENTHREAD_CID \
 { 0x195763b8, 0x1dd2, 0x11b2, { 0xa8, 0x43, 0xeb, 0x44, 0xe4, 0x4a, 0xaa, 0x37 } }
 #define NS_KEYGENTHREAD_CONTRACTID "@mozilla.org/security/keygenthread;1"
--- a/security/manager/ssl/nsILocalCertService.idl
+++ b/security/manager/ssl/nsILocalCertService.idl
@@ -17,31 +17,34 @@ interface nsILocalCertService : nsISuppo
    *
    * The cert is stored permanently in the profile's key store after first use,
    * and is valid for 1 year.  If an expired or otherwise invalid cert is found
    * with the nickname supplied here, it is removed and a new one is made.
    *
    * @param nickname Nickname that identifies the cert
    * @param cb       Callback to be notified with the result
    */
+  [must_use]
   void getOrCreateCert(in ACString nickname, in nsILocalCertGetCallback cb);
 
   /**
    * Remove a X.509 cert with the given nickname.
    *
    * @param nickname Nickname that identifies the cert
    * @param cb       Callback to be notified with the result
    */
+  [must_use]
   void removeCert(in ACString nickname, in nsILocalCertCallback cb);
 
   /**
    * Whether calling |getOrCreateCert| or |removeCert| will trigger a login
    * prompt to be displayed.  Generally this happens if the user has set a
    * master password, but has not yet logged in.
    */
+  [must_use]
   readonly attribute boolean loginPromptRequired;
 };
 
 [scriptable, uuid(cc09633e-7c70-4093-a9cf-79ab676ca8a9)]
 interface nsILocalCertGetCallback : nsISupports
 {
   /**
    * Called with the result of the getOrCreateCert operation above.
--- a/security/manager/ssl/nsINSSErrorsService.idl
+++ b/security/manager/ssl/nsINSSErrorsService.idl
@@ -8,38 +8,41 @@
 
 [scriptable, uuid(12f60021-e14b-4020-99d1-ed2c795be66a)]
 interface nsINSSErrorsService : nsISupports
 {
     /**
      *  @param aNSPRCode An error code obtained using PR_GetError()
      *  @return True if it is error code defined by the NSS library
      */
+    [must_use]
     boolean isNSSErrorCode(in int32_t aNSPRCode);
 
     /**
      *  Function will fail if aNSPRCode is not an NSS error code.
      *  @param aNSPRCode An error code obtained using PR_GetError()
      *  @return The result of the conversion, an XPCOM error code
      */
+    [must_use]
     nsresult getXPCOMFromNSSError(in int32_t aNSPRCode);
 
     /**
      *  Function will fail if aXPCOMErrorCode is not an NSS error code.
      *  @param aXPCOMErrorCode An error code obtained using getXPCOMFromNSSError
      *  return A localized human readable error explanation.
      */
     AString getErrorMessage(in nsresult aXPCOMErrorCode);
 
     /**
      *  Function will fail if aXPCOMErrorCode is not an NSS error code.
      *  @param aXPCOMErrorCode An error code obtained using getXPCOMFromNSSError
      *  return the error class of the code, either ERROR_CLASS_BAD_CERT
      *         or ERROR_CLASS_SSL_PROTOCOL
      */
+    [must_use]
     uint32_t getErrorClass(in nsresult aXPCOMErrorCode);
 
     const unsigned long ERROR_CLASS_SSL_PROTOCOL = 1;
     const unsigned long ERROR_CLASS_BAD_CERT     = 2;
 
     /**
      *  The following values define the range of NSPR error codes used by NSS.
      *  NSS remains the authorative source for these numbers, as a result,
--- a/security/manager/ssl/nsINSSVersion.idl
+++ b/security/manager/ssl/nsINSSVersion.idl
@@ -7,21 +7,31 @@
 
 %{C++
 #define NS_NSSVERSION_CONTRACTID "@mozilla.org/security/nssversion;1"
 %}
 
 [scriptable, uuid(a8a53a2b-75cc-4c68-a9bb-9791dbddaa00)]
 interface nsINSSVersion : nsISupports {
     /* Minimal required versions as used at build time */
+    [must_use]
     readonly attribute AString NSPR_MinVersion;
+    [must_use]
     readonly attribute AString NSS_MinVersion;
+    [must_use]
     readonly attribute AString NSSUTIL_MinVersion;
+    [must_use]
     readonly attribute AString NSSSSL_MinVersion;
+    [must_use]
     readonly attribute AString NSSSMIME_MinVersion;
 
     /* Versions of libraries currently in use */
+    [must_use]
     readonly attribute AString NSPR_Version;
+    [must_use]
     readonly attribute AString NSS_Version;
+    [must_use]
     readonly attribute AString NSSUTIL_Version;
+    [must_use]
     readonly attribute AString NSSSSL_Version;
+    [must_use]
     readonly attribute AString NSSSMIME_Version;
 };
--- a/security/manager/ssl/nsIPK11Token.idl
+++ b/security/manager/ssl/nsIPK11Token.idl
@@ -11,70 +11,92 @@ interface nsIPK11Token : nsISupports
 {
   const long ASK_EVERY_TIME  = -1;
   const long ASK_FIRST_TIME  =  0;
   const long ASK_EXPIRE_TIME =  1;
 
   /*
    * The name of the token
    */
+  [must_use]
   readonly attribute AUTF8String tokenName;
+  [must_use]
   readonly attribute AUTF8String tokenLabel;
   /**
    * Manufacturer ID of the token.
    */
+  [must_use]
   readonly attribute AUTF8String tokenManID;
   /**
    * Hardware version of the token.
    */
+  [must_use]
   readonly attribute AUTF8String tokenHWVersion;
   /**
    * Firmware version of the token.
    */
+  [must_use]
   readonly attribute AUTF8String tokenFWVersion;
+  [must_use]
   readonly attribute AUTF8String tokenSerialNumber;
 
   /*
    * Login information
    */
+  [must_use]
   boolean isLoggedIn();
+  [must_use]
   void login(in boolean force);
+  [must_use]
   void logoutSimple();
+  [must_use]
   void logoutAndDropAuthenticatedResources();
 
   /*
    * Reset password
    */
+  [must_use]
   void reset();
 
   /*
    * Password information
    */
+  [must_use]
   readonly attribute long minimumPasswordLength;
+  [must_use]
   readonly attribute boolean needsUserInit;
   /**
    * Checks whether the given password is correct. Logs the token out if an
    * incorrect password is given.
    *
    * @param password The password to check.
    * @return true if the password was correct, false otherwise.
    */
+  [must_use]
   boolean checkPassword(in AUTF8String password);
+  [must_use]
   void initPassword(in AUTF8String initialPassword);
+  [must_use]
   void changePassword(in AUTF8String oldPassword, in AUTF8String newPassword);
+  [must_use]
   long getAskPasswordTimes();
+  [must_use]
   long getAskPasswordTimeout();
+  [must_use]
   void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout);
 
   /*
    * True if a password has been configured for this token, and false otherwise.
    * (Whether or not the user is currently logged in makes no difference.)
    * In particular, this can be used to determine if a user has set a master
    * password (if this is the internal key token).
    */
+  [must_use]
   readonly attribute boolean hasPassword;
 
   /*
    * Other attributes
    */
+  [must_use]
   boolean isHardwareToken();
+  [must_use]
   boolean needsLogin();
 };
--- a/security/manager/ssl/nsIPK11TokenDB.idl
+++ b/security/manager/ssl/nsIPK11TokenDB.idl
@@ -32,15 +32,17 @@ interface nsIPK11TokenDB : nsISupports
 
   /*
    * Find a token by name. Throws NS_ERROR_FAILURE if no token with the given
    * name can be found.
    * @param tokenName a string identifying the name of the token. Must be
    *                  non-empty.
    * @return a token with the given name
    */
+  [must_use]
   nsIPK11Token findTokenByName(in AUTF8String tokenName);
 
   /*
    * List all tokens
    */
+  [must_use]
   nsISimpleEnumerator listTokens();
 };
--- a/security/manager/ssl/nsIPKCS11.idl
+++ b/security/manager/ssl/nsIPKCS11.idl
@@ -7,14 +7,16 @@
 
 %{C++
 #define NS_PKCS11_CONTRACTID "@mozilla.org/security/pkcs11;1"
 %}
 
 [scriptable, uuid(5743f870-958e-4f02-aef2-c0afeef67f05)]
 interface nsIPKCS11 : nsISupports
 {
+  [must_use]
   void deleteModule(in AString moduleName);
+  [must_use]
   void addModule(in AString moduleName,
                  in AString libraryFullPath,
                  in long cryptoMechanismFlags,
                  in long cipherFlags);
 };
--- a/security/manager/ssl/nsIPKCS11Module.idl
+++ b/security/manager/ssl/nsIPKCS11Module.idl
@@ -7,15 +7,19 @@
 #include "nsISupports.idl"
 
 interface nsIPKCS11Slot;
 interface nsISimpleEnumerator;
 
 [scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
 interface nsIPKCS11Module : nsISupports
 {
+  [must_use]
   readonly attribute AUTF8String name;
+  [must_use]
   readonly attribute AUTF8String libName;
 
+  [must_use]
   nsIPKCS11Slot findSlotByName(in AUTF8String name);
 
+  [must_use]
   nsISimpleEnumerator listSlots();
 };
--- a/security/manager/ssl/nsIPKCS11ModuleDB.idl
+++ b/security/manager/ssl/nsIPKCS11ModuleDB.idl
@@ -12,24 +12,32 @@ interface nsISimpleEnumerator;
 
 %{C++
 #define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
 %}
 
 [scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
 interface nsIPKCS11ModuleDB : nsISupports
 {
+  [must_use]
   nsIPKCS11Module getInternal();
 
+  [must_use]
   nsIPKCS11Module getInternalFIPS();
 
+  [must_use]
   nsIPKCS11Module findModuleByName(in AUTF8String name);
 
+  [must_use]
   nsIPKCS11Slot findSlotByName(in AUTF8String name);
 
+  [must_use]
   nsISimpleEnumerator listModules();
 
+  [must_use]
   readonly attribute boolean canToggleFIPS;
 
+  [must_use]
   void toggleFIPSMode();
 
+  [must_use]
   readonly attribute boolean isFIPSEnabled;
 };
--- a/security/manager/ssl/nsIPKCS11Slot.idl
+++ b/security/manager/ssl/nsIPKCS11Slot.idl
@@ -5,40 +5,48 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
 interface nsIPK11Token;
 
 [scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)]
 interface nsIPKCS11Slot : nsISupports {
+  [must_use]
   readonly attribute AUTF8String name;
+  [must_use]
   readonly attribute AUTF8String desc;
   /**
    * Manufacturer ID of the slot.
    */
+  [must_use]
   readonly attribute AUTF8String manID;
   /**
    * Hardware version of the slot.
    */
+  [must_use]
   readonly attribute AUTF8String HWVersion;
   /**
    * Firmware version of the slot.
    */
+  [must_use]
   readonly attribute AUTF8String FWVersion;
 
   const unsigned long SLOT_DISABLED      = 0;
   const unsigned long SLOT_NOT_PRESENT   = 1;
   const unsigned long SLOT_UNINITIALIZED = 2;
   const unsigned long SLOT_NOT_LOGGED_IN = 3;
   const unsigned long SLOT_LOGGED_IN     = 4;
   const unsigned long SLOT_READY         = 5;
+  [must_use]
   readonly attribute unsigned long status;
 
   /* This is really a workaround for now.  All of the "slot" functions
    * (isTokenPresent(), etc.) are in nsIPK11Token.  For now, return the
    * token and handle those things there.
    */
+  [must_use]
   nsIPK11Token getToken();
 
   /* more fun with workarounds - we're referring to everything by token name */
+  [must_use]
   readonly attribute AUTF8String tokenName;
 };
--- a/security/manager/ssl/nsIProtectedAuthThread.idl
+++ b/security/manager/ssl/nsIProtectedAuthThread.idl
@@ -2,44 +2,46 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 #include "nsIObserver.idl"
 #include "nsIPKCS11Slot.idl"
 
 /**
- * nsIProtectedAuthThread
- *  This is used to communicate with the thread login on to 
- *  a token with CKF_PROTECTED_AUTHENTICATION_PATH set.
+ *  Used to communicate with the thread for logging on to a token with
+ *  CKF_PROTECTED_AUTHENTICATION_PATH set.
  */
 [scriptable, uuid(4bb27cb7-8984-4cee-8ce7-9b014c3d091b)]
 interface nsIProtectedAuthThread : nsISupports
 {
   /**
    * login - run the thread
    *   A user interface implementing this interface needs to
    *   call this method as soon as the message to the user is
-   *   displayed. This will trigger login operation. No user 
+   *   displayed. This will trigger login operation. No user
    *   cancellation is possible during login operation.
    *
    *   When the login is done, the observe method of @observer will
    *   be called on the UI thread with a topic of "login-finished"
    *   and null data and subject.
    */
+  [must_use]
   void login(in nsIObserver observer);
 
   /**
    * The PKCS11 slot
    */
+  [must_use]
   readonly attribute nsIPKCS11Slot slot;
 
   /**
    * Gets token to be logged in name.
    */
+  [must_use]
   AString getTokenName();
 };
 
 %{ C++
 // {45334489-3D30-47c6-920B-0A55A313AEBF}
 #define NS_PROTECTEDAUTHTHREAD_CID \
 { 0x45334489, 0x3d30, 0x47c6, { 0x92, 0x0b, 0x0a, 0x55, 0xa3, 0x13, 0xae, 0xbf } }
 #define NS_PROTECTEDAUTHTHREAD_CONTRACTID "@mozilla.org/security/protectedauththread;1"
--- a/security/manager/ssl/nsISSLStatus.idl
+++ b/security/manager/ssl/nsISSLStatus.idl
@@ -7,42 +7,51 @@
 #include "nsISupports.idl"
 
 interface nsIX509Cert;
 
 [scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)]
 interface nsISSLStatus : nsISupports {
   readonly attribute nsIX509Cert serverCert;
 
+  [must_use]
   readonly attribute ACString cipherName;
+  [must_use]
   readonly attribute unsigned long keyLength;
+  [must_use]
   readonly attribute unsigned long secretKeyLength;
 
   const short SSL_VERSION_3   = 0;
   const short TLS_VERSION_1   = 1;
   const short TLS_VERSION_1_1 = 2;
   const short TLS_VERSION_1_2 = 3;
   const short TLS_VERSION_1_3 = 4;
+  [must_use]
   readonly attribute unsigned short protocolVersion;
 
   const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE          = 0;
   const short CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT        = 5;
   const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS  = 6;
   const short CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS = 7;
+  [must_use]
   readonly attribute unsigned short certificateTransparencyStatus;
 
+  [must_use]
   readonly attribute boolean isDomainMismatch;
+  [must_use]
   readonly attribute boolean isNotValidAtThisTime;
 
   /* Note: To distinguish between
    *         "unstrusted because missing or untrusted issuer"
    *       and
    *         "untrusted because self signed"
    *       query nsIX509Cert::isSelfSigned
    */
+  [must_use]
   readonly attribute boolean isUntrusted;
 
   /**
    * True only if (and after) serverCert was successfully validated as
    * Extended Validation (EV).
    */
+  [must_use]
   readonly attribute boolean isExtendedValidation;
 };
--- a/security/manager/ssl/nsISecretDecoderRing.idl
+++ b/security/manager/ssl/nsISecretDecoderRing.idl
@@ -14,36 +14,41 @@ interface nsISecretDecoderRing: nsISuppo
    * encrypt passwords (or any text, really) won't work as expected.
    * Instead, use something like nsIScriptableUnicodeConverter to first convert
    * the desired password or text to UTF-8, then encrypt that. Remember to
    * convert back when calling decryptString().
    *
    * @param text The text to encrypt.
    * @return The encrypted text, encoded as Base64.
    */
+  [must_use]
   ACString encryptString(in ACString text);
 
   /**
    * Decrypt Base64 input.
    * See the encryptString() documentation - this method has basically the same
    * limitations.
    *
    * @param encryptedBase64Text Encrypted input text, encoded as Base64.
    * @return The decoded text.
    */
+  [must_use]
   ACString decryptString(in ACString encryptedBase64Text);
 
   /**
    * Prompt the user to change the password on the SDR key.
    */
+  [must_use]
   void changePassword();
 
   /**
    * Logout of the security device that protects the SDR key.
    */
+  [must_use]
   void logout();
 
   /**
    * Logout of the security device that protects the SDR key and tear
    * down authenticated objects.
    */
+  [must_use]
   void logoutAndTeardown();
 };
--- a/security/manager/ssl/nsISiteSecurityService.idl
+++ b/security/manager/ssl/nsISiteSecurityService.idl
@@ -24,22 +24,23 @@ namespace mozilla
 [ref] native nsCStringTArrayRef(nsTArray<nsCString>);
 [ref] native mozillaPkixTime(mozilla::pkix::Time);
 [ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
 
 // [infallible] attributes are only allowed on [builtinclass]
 [scriptable, uuid(31313372-842c-4110-bdf1-6aea17c845ad), builtinclass]
 interface nsISiteSecurityState : nsISupports
 {
+  [must_use]
   readonly attribute ACString hostname;
   [infallible] readonly attribute long long expireTime;
   [infallible] readonly attribute short securityPropertyState;
   [infallible] readonly attribute boolean includeSubdomains;
 
-  [implicit_jscontext]
+  [implicit_jscontext, must_use]
   readonly attribute jsval originAttributes;
 
   /*
    * SECURITY_PROPERTY_SET and SECURITY_PROPERTY_UNSET correspond to indicating
    * a site has or does not have the security property in question,
    * respectively.
    * SECURITY_PROPERTY_KNOCKOUT indicates a value on a preloaded
    * list is being overridden, and the associated site does not have the
@@ -58,16 +59,17 @@ interface nsISiteSecurityState : nsISupp
 interface nsISiteHSTSState : nsISiteSecurityState
 {
 };
 
 // This has to be a builtinclass because it derives from a builtinclass.
 [scriptable, uuid(ae395078-c7d0-474d-b147-f4aa203a9b2c), builtinclass]
 interface nsISiteHPKPState : nsISiteSecurityState
 {
+  [must_use]
   readonly attribute nsISimpleEnumerator sha256Keys;
 };
 
 [scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
 interface nsISiteSecurityService : nsISupports
 {
     const uint32_t HEADER_HSTS = 0;
     const uint32_t HEADER_HPKP = 1;
@@ -116,28 +118,29 @@ interface nsISiteSecurityService : nsISu
      * @param aIncludeSubdomains the parsed includeSubdomains directive.
      * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
                              was returned.
      * @return NS_OK            if it succeeds
      *         NS_ERROR_FAILURE if it can't be parsed
      *         NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
      *                          if there are unrecognized tokens in the header.
      */
-    [binaryname(ProcessHeader), noscript]
+    [binaryname(ProcessHeader), noscript, must_use]
     void processHeaderNative(in uint32_t aType,
                              in nsIURI aSourceURI,
                              in ACString aHeader,
                              in nsISSLStatus aSSLStatus,
                              in uint32_t aFlags,
                              in const_OriginAttributesRef aOriginAttributes,
                              [optional] out unsigned long long aMaxAge,
                              [optional] out boolean aIncludeSubdomains,
                              [optional] out uint32_t aFailureResult);
 
-    [binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc]
+    [binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc,
+     must_use]
     void processHeader(in uint32_t aType,
                        in nsIURI aSourceURI,
                        in ACString aHeader,
                        in nsISSLStatus aSSLStatus,
                        in uint32_t aFlags,
                        [optional] in jsval aOriginAttributes,
                        [optional] out unsigned long long aMaxAge,
                        [optional] out boolean aIncludeSubdomains,
@@ -153,17 +156,17 @@ interface nsISiteSecurityService : nsISu
      * @param aFlags  options for this request as defined in nsISocketProvider:
      *                  NO_PERMANENT_STORAGE
      * @param aOriginAttributes the origin attributes that isolate this origin,
      *                          (note that this implementation does not isolate
      *                          by userContextId because of the risk of man-in-
      *                          the-middle attacks before trust-on-second-use
      *                          happens).
      */
-    [implicit_jscontext, optional_argc]
+    [implicit_jscontext, optional_argc, must_use]
     void removeState(in uint32_t aType,
                      in nsIURI aURI,
                      in uint32_t aFlags,
                      [optional] in jsval aOriginAttributes);
 
     /**
      * Checks whether or not the URI's hostname has a given security state set.
      * For example, for HSTS:
@@ -180,36 +183,39 @@ interface nsISiteSecurityService : nsISu
      * @param aOriginAttributes the origin attributes that isolate this origin,
      *                          (note that this implementation does not isolate
      *                          by userContextId because of the risk of man-in-
      *                          the-middle attacks before trust-on-second-use
      *                          happens).
      * @param aCached true if we have cached information regarding whether or not
      *                  the host is HSTS, false otherwise.
      */
-    [binaryname(IsSecureURI), noscript]
+    [binaryname(IsSecureURI), noscript, must_use]
     boolean isSecureURINative(in uint32_t aType, in nsIURI aURI,
                               in uint32_t aFlags,
                               in const_OriginAttributesRef aOriginAttributes,
                               [optional] out boolean aCached);
 
-    [binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc]
+    [binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc,
+     must_use]
     boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags,
                         [optional] in jsval aOriginAttributes,
                         [optional] out boolean aCached);
 
     /**
      * Removes all non-preloaded security state by resetting to factory-original
      * settings.
      */
+    [must_use]
     void clearAll();
 
     /**
      * Removes all preloaded security state.
      */
+    [must_use]
     void clearPreloads();
 
     /**
      * Returns an array of sha256-hashed key pins for the given domain, if any.
      * If these pins also apply to subdomains of the given domain,
      * aIncludeSubdomains will be true. Pins returned are only for non-built-in
      * pin entries.
      *
@@ -220,17 +226,17 @@ interface nsISiteSecurityService : nsISu
      *                          (note that this implementation does not isolate
      *                          by userContextId because of the risk of man-in-
      *                          the-middle attacks before trust-on-second-use
      *                          happens).
      * @param aPinArray the set of sha256-hashed key pins for the given domain
      * @param aIncludeSubdomains true if the pins apply to subdomains of the
      *        given domain
      */
-    [noscript] boolean getKeyPinsForHostname(
+    [noscript, must_use] boolean getKeyPinsForHostname(
       in ACString aHostname,
       in mozillaPkixTime evalTime,
       in const_OriginAttributesRef aOriginAttributes,
       out nsCStringTArrayRef aPinArray,
       out boolean aIncludeSubdomains);
 
     /**
      * Set public-key pins for a host. The resulting pins will be permanent
@@ -245,60 +251,62 @@ interface nsISiteSecurityService : nsISu
      * @param aIsPreload are these key pins for a preload entry? (false by
      *        default)
      * @param aOriginAttributes the origin attributes that isolate this origin,
      *                          (note that this implementation does not isolate
      *                          by userContextId because of the risk of man-in-
      *                          the-middle attacks before trust-on-second-use
      *                          happens).
      */
-    [implicit_jscontext, optional_argc]
+    [implicit_jscontext, optional_argc, must_use]
     boolean setKeyPins(in ACString aHost, in boolean aIncludeSubdomains,
                        in int64_t aExpires, in unsigned long aPinCount,
                        [array, size_is(aPinCount)] in string aSha256Pins,
                        [optional] in boolean aIsPreload,
                        [optional] in jsval aOriginAttributes);
 
     /**
      * Set an HSTS preload entry for a host. The resulting entries will be
      * permanent and visible from private and non-private contexts. These
      * entries replace any already set by this mechanism or those built-in to
      * Gecko.
      *
      * @param aHost the hostname (punycode) that the entry applies to
      * @param aIncludeSubdomains whether this entry also applies to subdomains
      * @param aExpires the time this entry should expire (millis since epoch)
      */
+    [must_use]
     boolean setHSTSPreload(in ACString aHost,
                            in boolean aIncludesSubdomains,
                            in int64_t aExpires);
 
     /**
      * Mark a host as declining to provide a given security state so that features
      * such as HSTS priming will not flood a server with requests.
      *
      * @param aURI the nsIURI that this applies to
      * @param aMaxAge lifetime (in seconds) of this negative cache
      * @param aOriginAttributes the origin attributes that isolate this origin,
      *                          (note that this implementation does not isolate
      *                          by userContextId because of the risk of man-in-
      *                          the-middle attacks before trust-on-second-use
      *                          happens).
      */
-    [noscript] void cacheNegativeHSTSResult(
+    [noscript, must_use] void cacheNegativeHSTSResult(
       in nsIURI aURI, in unsigned long long aMaxAge,
       in const_OriginAttributesRef aOriginAttributes);
 
     /**
      * Returns an enumerator of the nsISiteSecurityService storage. Each item in
      * the enumeration is a nsISiteSecurityState that can be QueryInterfaced to
      * the appropriate nsISiteHSTSState or nsISiteHPKPState, depending on the
      * provided type. Doesn't include preloaded entries (either the hard-coded
      * ones or the preloaded-delivered-by-kinto ones).
      *
      * @param aType the type of security state in question.
      */
+    [must_use]
     nsISimpleEnumerator enumerate(in uint32_t aType);
 };
 
 %{C++
 #define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
 %}
--- a/security/manager/ssl/nsITokenDialogs.idl
+++ b/security/manager/ssl/nsITokenDialogs.idl
@@ -5,26 +5,27 @@
 #include "nsISupports.idl"
 
 interface nsIInterfaceRequestor;
 interface nsIProtectedAuthThread;
 
 [scriptable, uuid(a1cbc159-468c-495d-8068-61dd538cbcca)]
 interface nsITokenDialogs : nsISupports
 {
+  [must_use]
   void ChooseToken(in nsIInterfaceRequestor ctx,
                    [array, size_is(count)] in wstring tokenNameList,
                    in unsigned long count,
                    out AString tokenName,
                    out boolean canceled);
 
-    /**
-    * displayProtectedAuth - displays notification dialog to the user 
-    * that he is expected to authenticate to the token using its
-    * "protected authentication path" feature
-    */
+  /**
+   * Displays notification dialog to the user that they are expected to
+   * authenticate to the token using its "protected authentication path" feature.
+   */
+  [must_use]
   void displayProtectedAuth(in nsIInterfaceRequestor ctx,
                             in nsIProtectedAuthThread runnable);
 };
 
 %{C++
 #define NS_TOKENDIALOGS_CONTRACTID "@mozilla.org/nsTokenDialogs;1"
 %}
--- a/security/manager/ssl/nsITokenPasswordDialogs.idl
+++ b/security/manager/ssl/nsITokenPasswordDialogs.idl
@@ -15,14 +15,15 @@ interface nsITokenPasswordDialogs : nsIS
 {
   /**
    * Brings up a dialog to set the password on a token.
    *
    * @param ctx A user interface context.
    * @param tokenName Name of the token.
    * @return true if the user canceled the dialog, false otherwise.
    */
+  [must_use]
   boolean setPassword(in nsIInterfaceRequestor ctx, in AString tokenName);
 };
 
 %{C++
 #define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1"
 %}
--- a/security/manager/ssl/nsIU2FToken.idl
+++ b/security/manager/ssl/nsIU2FToken.idl
@@ -12,57 +12,61 @@ interface nsIArray;
 [scriptable, uuid(5778242f-1f42-47a2-b514-fa1adde2d904)]
 interface nsIU2FToken : nsISupports {
   /**
    * Is this token compatible with the provided version?
    *
    * @param version The offered version to test
    * @return True if the offered version is compatible
    */
+  [must_use]
   void isCompatibleVersion(in AString version, [retval] out boolean result);
 
   /**
    * Return whether the provided KeyHandle belongs to this Token
    *
    * @param keyHandle Key Handle to evaluate.
    * @param application The FIDO Application data to associate with the key.
    * @return True if the Key Handle is ours.
    */
+  [must_use]
   void isRegistered([array, size_is(keyHandleLen)] in octet keyHandle,
                     in uint32_t keyHandleLen,
                     [array, size_is(applicationLen)] in octet application,
                     in uint32_t applicationLen,
                     [retval] out boolean result);
 
   /**
    * Generates a public/private keypair for the provided application
    * and challenge, returning the pubkey, challenge response, and
    * key handle in the registration data.
    *
    * @param application The FIDO Application data to associate with the key.
    * @param challenge The Challenge to satisfy in the response.
    * @param registration An array containing the pubkey, challenge response,
    *                     and key handle.
    */
+  [must_use]
   void register([array, size_is(applicationLen)] in octet application,
                 in uint32_t applicationLen,
                 [array, size_is(challengeLen)] in octet challenge,
                 in uint32_t challengeLen,
                 [array, size_is(registrationLen)] out octet registration,
                 out uint32_t registrationLen);
 
   /**
    * Creates a signature over the "param" arguments using the private key
    * provided in the key handle argument.
    *
    * @param application The FIDO Application data to associate with the key.
    * @param challenge The Challenge to satisfy in the response.
    * @param keyHandle The Key Handle opaque object to use.
    * @param signature The resulting signature.
    */
+  [must_use]
   void sign([array, size_is(applicationLen)] in octet application,
             in uint32_t applicationLen,
             [array, size_is(challengeLen)] in octet challenge,
             in uint32_t challengeLen,
             [array, size_is(keyHandleLen)] in octet keyHandle,
             in uint32_t keyHandleLen,
             [array, size_is(signatureLen)] out octet signature,
             out uint32_t signatureLen);
--- a/security/manager/ssl/nsIX509Cert.idl
+++ b/security/manager/ssl/nsIX509Cert.idl
@@ -31,37 +31,40 @@ interface nsIX509Cert : nsISupports {
   /**
    *  The primary email address of the certificate, if present.
    */
   readonly attribute AString emailAddress;
 
   /**
    * Did this certificate ship with the platform as a built-in root?
    */
+  [must_use]
   readonly attribute bool isBuiltInRoot;
 
   /**
    *  Obtain a list of all email addresses
    *  contained in the certificate.
    *
    *  @param length The number of strings in the returned array.
    *  @return An array of email addresses.
    */
+  [must_use]
   void getEmailAddresses(out unsigned long length,
                          [retval, array, size_is(length)] out wstring addresses);
 
   /**
    *  Check whether a given address is contained in the certificate.
    *  The comparison will convert the email address to lowercase.
    *  The behaviour for non ASCII characters is undefined.
    *
    *  @param aEmailAddress The address to search for.
    *
    *  @return True if the address is contained in the certificate.
    */
+  [must_use]
   boolean containsEmailAddress(in AString aEmailAddress);
 
   /**
    *  The subject owning the certificate.
    */
   readonly attribute AString subjectName;
 
   /**
@@ -72,79 +75,87 @@ interface nsIX509Cert : nsISupports {
   /**
    *  The subject's organization.
    */
   readonly attribute AString organization;
 
   /**
    *  The subject's organizational unit.
    */
+  [must_use]
   readonly attribute AString organizationalUnit;
 
   /**
    *  The fingerprint of the certificate's DER encoding,
    *  calculated using the SHA-256 algorithm.
    */
   readonly attribute AString sha256Fingerprint;
 
   /**
    *  The fingerprint of the certificate's DER encoding,
    *  calculated using the SHA1 algorithm.
    */
+  [must_use]
   readonly attribute AString sha1Fingerprint;
 
   /**
    *  A human readable name identifying the hardware or
    *  software token the certificate is stored on.
    */
   readonly attribute AString tokenName;
 
   /**
    *  The subject identifying the issuer certificate.
    */
   readonly attribute AString issuerName;
 
   /**
    *  The serial number the issuer assigned to this certificate.
    */
+  [must_use]
   readonly attribute AString serialNumber;
 
   /**
    *  The issuer subject's common name.
    */
+  [must_use]
   readonly attribute AString issuerCommonName;
 
   /**
    *  The issuer subject's organization.
    */
   readonly attribute AString issuerOrganization;
 
   /**
    *  The issuer subject's organizational unit.
    */
+  [must_use]
   readonly attribute AString issuerOrganizationUnit;
 
   /**
    *  The certificate used by the issuer to sign this certificate.
    */
+  [must_use]
   readonly attribute nsIX509Cert issuer;
 
   /**
    *  This certificate's validity period.
    */
   readonly attribute nsIX509CertValidity validity;
 
   /**
    *  A unique identifier of this certificate within the local storage.
    */
+  [must_use]
   readonly attribute ACString dbKey;
 
   /**
    *  A human readable identifier to label this certificate.
    */
+  [must_use]
   readonly attribute AString displayName;
 
   /**
    *  Constants to classify the type of a certificate.
    */
   const unsigned long UNKNOWN_CERT =      0;
   const unsigned long CA_CERT      = 1 << 0;
   const unsigned long USER_CERT    = 1 << 1;
@@ -156,88 +167,98 @@ interface nsIX509Cert : nsISupports {
    * Type of this certificate
    */
   readonly attribute unsigned long certType;
 
   /**
    *  True if the certificate is self-signed. CA issued
    *  certificates are always self-signed.
    */
+  [must_use]
   readonly attribute boolean isSelfSigned;
 
   /**
    *  Constants for specifying the chain mode when exporting a certificate
    */
   const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
   const unsigned long CMS_CHAIN_MODE_CertChain = 2;
   const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
 
   /**
    *  Obtain a list of certificates that contains this certificate
    *  and the issuing certificates of all involved issuers,
    *  up to the root issuer.
    *
    *  @return The chain of certifficates including the issuers.
    */
+  [must_use]
   nsIArray getChain();
 
   /**
    * A comma separated list of localized strings representing the contents of
    * the certificate's key usage extension, if present. The empty string if the
    * certificate doesn't have the key usage extension, or has an empty extension.
    */
+  [must_use]
   readonly attribute AString keyUsages;
 
   /**
    *  This is the attribute which describes the ASN1 layout
    *  of the certificate.  This can be used when doing a
    *  "pretty print" of the certificate's ASN1 structure.
    */
+  [must_use]
   readonly attribute nsIASN1Object ASN1Structure;
 
   /**
    *  Obtain a raw binary encoding of this certificate
    *  in DER format.
    *
    *  @param length The number of bytes in the binary encoding.
    *  @param data The bytes representing the DER encoded certificate.
    */
+  [must_use]
   void getRawDER(out unsigned long length,
 	               [retval, array, size_is(length)] out octet data);
 
   /**
    *  Test whether two certificate instances represent the
    *  same certificate.
    *
    *  @return Whether the certificates are equal
    */
+  [must_use]
   boolean equals(in nsIX509Cert other);
 
   /**
    * The base64 encoding of the DER encoded public key info using the specified
    * digest.
    */
+  [must_use]
   readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
 
   /**
    *  Obtain the certificate wrapped in a PKCS#7 SignedData structure,
    *  with or without the certificate chain
    *
    *  @param chainMode Whether to include the chain (with or without the root),
                        see CMS_CHAIN_MODE constants.
    *  @param length The number of bytes of the PKCS#7 data.
    *  @param data The bytes representing the PKCS#7 wrapped certificate.
    */
+  [must_use]
   void exportAsCMS(in unsigned long chainMode,
                    out unsigned long length,
                    [retval, array, size_is(length)] out octet data);
 
   /**
    * Retrieves the NSS certificate object wrapped by this interface
    */
-   [notxpcom, noscript] CERTCertificatePtr getCert();
+  [notxpcom, noscript, must_use]
+  CERTCertificatePtr getCert();
 
   /**
    * Either delete the certificate from all cert databases,
    * or mark it as untrusted.
    */
+  [must_use]
   void markForPermDeletion();
 };
--- a/security/manager/ssl/nsIX509CertDB.idl
+++ b/security/manager/ssl/nsIX509CertDB.idl
@@ -70,26 +70,28 @@ interface nsIX509CertDB : nsISupports {
   /**
    *  Will find a certificate based on its dbkey
    *  retrieved by getting the dbKey attribute of
    *  the certificate.
    *
    *  @param aDBkey Database internal key, as obtained using
    *                attribute dbkey in nsIX509Cert.
    */
+  [must_use]
   nsIX509Cert findCertByDBKey(in ACString aDBkey);
 
   /**
    *  Find a certificate by email address.
    *
    *  @param aEmailAddress The email address to be used as the key
    *                       to find the certificate.
    *
    *  @return The matching certificate if found.
    */
+  [must_use]
   nsIX509Cert findCertByEmailAddress(in ACString aEmailAddress);
 
   /**
    *  Use this to import a stream sent down as a mime type into
    *  the certificate database on the default token.
    *  The stream may consist of one or more certificates.
    *
    *  @param data The raw data to be imported
@@ -138,88 +140,96 @@ interface nsIX509CertDB : nsISupports {
    *  One call manipulates the trust for one trust type only.
    *  See the trust type constants defined within this interface.
    *
    *  @param cert Change the stored trust of this certificate.
    *  @param type The type of the certificate. See nsIX509Cert.
    *  @param trust A bitmask. The new trust for the possible usages.
    *               See the trust constants defined within this interface.
    */
+  [must_use]
   void setCertTrust(in nsIX509Cert cert,
                     in unsigned long type,
                     in unsigned long trust);
 
   /**
    * @param cert        The certificate for which to modify trust.
    * @param trustString decoded by CERT_DecodeTrustString. 3 comma separated
    *                    characters, indicating SSL, Email, and Obj signing
    *                    trust.
    */
+  [must_use]
   void setCertTrustFromString(in nsIX509Cert cert, in ACString trustString);
 
   /**
    *  Query whether a certificate is trusted for a particular use.
    *
    *  @param cert Obtain the stored trust of this certificate.
    *  @param certType The type of the certificate. See nsIX509Cert.
    *  @param trustType A single bit from the usages constants defined
    *                   within this interface.
    *
    *  @return Returns true if the certificate is trusted for the given use.
    */
+  [must_use]
   boolean isCertTrusted(in nsIX509Cert cert,
                         in unsigned long certType,
                         in unsigned long trustType);
 
   /**
    *  Import certificate(s) from file
    *
    *  @param aFile Identifies a file that contains the certificate
    *               to be imported.
    *  @param aType Describes the type of certificate that is going to
    *               be imported. See type constants in nsIX509Cert.
    */
+  [must_use]
   void importCertsFromFile(in nsIFile aFile,
                            in unsigned long aType);
 
   /**
    *  Import a PKCS#12 file containing cert(s) and key(s) into the database.
    *
    *  @param aFile Identifies a file that contains the data to be imported.
    */
+  [must_use]
   void importPKCS12File(in nsIFile aFile);
 
   /**
    *  Export a set of certs and keys from the database to a PKCS#12 file.
    *
    *  @param aFile Identifies a file that will be filled with the data to be
    *               exported.
    *  @param count The number of certificates to be exported.
    *  @param aCerts The array of all certificates to be exported.
    */
+  [must_use]
   void exportPKCS12File(in nsIFile aFile,
                         in unsigned long count,
                         [array, size_is(count)] in nsIX509Cert aCerts);
 
   /*
    *  Decode a raw data presentation and instantiate an object in memory.
    *
    *  @param base64 The raw representation of a certificate,
    *                encoded as Base 64.
    *  @return The new certificate object.
    */
+  [must_use]
   nsIX509Cert constructX509FromBase64(in ACString base64);
 
   /*
    *  Decode a raw data presentation and instantiate an object in memory.
    *
    *  @param certDER The raw representation of a certificate,
    *                 encoded as raw DER.
    *  @return The new certificate object.
    */
+  [must_use]
   nsIX509Cert constructX509(in ACString certDER);
 
   /**
    *  Verifies the signature on the given JAR file to verify that it has a
    *  valid signature.  To be considered valid, there must be exactly one
    *  signature on the JAR file and that signature must have signed every
    *  entry. Further, the signature must come from a certificate that
    *  is trusted for code signing.
@@ -245,46 +255,49 @@ interface nsIX509CertDB : nsISupports {
   /*
    * If DeveloperImportedRoot is set as trusted root, a CA from local file
    * system will be imported. Only used when preference
    * "network.http.packaged-apps-developer-mode" is set.
    * The path of the CA is specified by preference
    * "network.http.packaged-apps-developer-trusted-root".
    */
   const AppTrustedRoot DeveloperImportedRoot = 10;
+  [must_use]
   void openSignedAppFileAsync(in AppTrustedRoot trustedRoot,
                               in nsIFile aJarFile,
                               in nsIOpenSignedAppFileCallback callback);
 
   /**
    *  Verifies the signature on a directory representing an unpacked signed
    *  JAR file. To be considered valid, there must be exactly one signature
    *  on the directory structure and that signature must have signed every
    *  entry. Further, the signature must come from a certificate that
    *  is trusted for code signing.
    *
    *  On success NS_OK and the trusted certificate that signed the
    *  unpacked JAR are returned.
    *
    *  On failure, an error code is returned.
    */
+  [must_use]
   void verifySignedDirectoryAsync(in AppTrustedRoot trustedRoot,
                                   in nsIFile aUnpackedDir,
                                   in nsIVerifySignedDirectoryCallback callback);
 
   /*
    * Add a cert to a cert DB from a binary string.
    *
    * @param certDER The raw DER encoding of a certificate.
    * @param trust String describing the trust settings to assign the
    *              certificate. Decoded by CERT_DecodeTrustString. Consists of 3
    *              comma separated sets of characters, indicating SSL, Email, and
    *              Object signing trust.
    * @return nsIX509Cert the resulting certificate
    */
+  [must_use]
   nsIX509Cert addCert(in ACString certDER, in ACString trust);
 
   // Flags for verifyCertNow (these must match the values in CertVerifier.cpp):
   // Prevent network traffic. Doesn't work with classic verification.
   const uint32_t FLAG_LOCAL_ONLY = 1 << 0;
   // Do not fall back to DV verification after attempting EV validation.
   // Actually does prevent network traffic, but can cause a valid EV
   // certificate to not be considered valid.
@@ -304,62 +317,69 @@ interface nsIX509CertDB : nsISupports {
    *  @param aFlags flags as described above
    *  @param aHostname the (optional) hostname to verify for
    *  @param aTime the time at which to verify, in seconds since the epoch
    *  @param aVerifiedChain chain of verification up to the root if success
    *  @param aHasEVPolicy bool that signified that the cert was an EV cert
    *  @return 0 if success or the value or the error code for the verification
    *          failure
    */
+  [must_use]
   int32_t /*PRErrorCode*/
     verifyCertAtTime(in nsIX509Cert aCert,
                      in int64_t /*SECCertificateUsage*/ aUsage,
                      in uint32_t aFlags,
                      in ACString aHostname,
                      in uint64_t aTime,
                      out nsIX509CertList aVerifiedChain,
                      out bool aHasEVPolicy);
+  [must_use]
   int32_t /*PRErrorCode*/
     verifyCertNow(in nsIX509Cert aCert,
                   in int64_t /*SECCertificateUsage*/ aUsage,
                   in uint32_t aFlags,
                   in ACString aHostname,
                   out nsIX509CertList aVerifiedChain,
                   out bool aHasEVPolicy);
 
   /**
    * Similar to the above, but asynchronous. As a result, use of this API is not
    * limited to tests.
    */
+  [must_use]
   void asyncVerifyCertAtTime(in nsIX509Cert aCert,
                              in int64_t /*SECCertificateUsage*/ aUsage,
                              in uint32_t aFlags,
                              in ACString aHostname,
                              in uint64_t aTime,
                              in nsICertVerificationCallback aCallback);
 
   // Clears the OCSP cache for the current certificate verification
   // implementation.
+  [must_use]
   void clearOCSPCache();
 
   /*
    * Add a cert to a cert DB from a base64 encoded string.
    *
    * @param base64 The raw representation of a certificate, encoded as Base 64.
    * @param trust String describing the trust settings to assign the
    *              certificate. Decoded by CERT_DecodeTrustString. Consists of 3
    *              comma separated sets of characters, indicating SSL, Email, and
    *              Object signing trust.
    * @return nsIX509Cert the resulting certificate
    */
+  [must_use]
   nsIX509Cert addCertFromBase64(in ACString base64, in ACString trust);
 
   /*
    * Get all the known certs in the database
    */
+  [must_use]
   nsIX509CertList getCerts();
 
   /*
    * Get a list of imported enterprise root certificates (currently only
    * implemented on Windows).
    */
+  [must_use]
   nsIX509CertList getEnterpriseRoots();
 };
--- a/security/manager/ssl/nsIX509CertList.idl
+++ b/security/manager/ssl/nsIX509CertList.idl
@@ -9,35 +9,39 @@ interface nsIX509Cert;
 
 %{C++
 typedef struct CERTCertListStr CERTCertList;
 %}
 [ptr] native CERTCertListPtr(CERTCertList);
 
 [scriptable, uuid(ae74cda5-cd2f-473f-96f5-f0b7fff62c68)]
 interface nsIX509CertList : nsISupports {
-   void addCert(in nsIX509Cert cert);
-   void deleteCert(in nsIX509Cert cert);
-   nsISimpleEnumerator getEnumerator();
+  [must_use]
+  void addCert(in nsIX509Cert cert);
+  [must_use]
+  void deleteCert(in nsIX509Cert cert);
+  [must_use]
+  nsISimpleEnumerator getEnumerator();
 
-   /**
-    * Returns the raw, backing cert list.
-    * Must be called only from functions where an nsNSSShutDownPreventionLock
-    * has been acquired.
-    */
-   [notxpcom, noscript] CERTCertListPtr getRawCertList();
+  /**
+   * Returns the raw, backing cert list.
+   * Must be called only from functions where an nsNSSShutDownPreventionLock
+   * has been acquired.
+   */
+  [notxpcom, noscript, must_use]
+  CERTCertListPtr getRawCertList();
 
-   /**
-    * Test whether two certificate list instances represent the same
-    * certificate list.
-    *
-    * @return Whether the certificate lists are equal
-    */
-   boolean equals(in nsIX509CertList other);
-
+  /**
+   * Test whether two certificate list instances represent the same
+   * certificate list.
+   *
+   * @return Whether the certificate lists are equal
+   */
+  [must_use]
+  boolean equals(in nsIX509CertList other);
 };
 
 %{C++
 
 #define NS_X509CERTLIST_CID { /* 959fb165-6517-487f-ab9b-d8913be53197 */  \
     0x959fb165,                                                           \
     0x6517,                                                               \
     0x487f,                                                               \
--- a/security/manager/ssl/nsIX509CertValidity.idl
+++ b/security/manager/ssl/nsIX509CertValidity.idl
@@ -12,59 +12,61 @@
 [scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
 interface nsIX509CertValidity : nsISupports {
 
   /**
    *  The earliest point in time where
    *  a certificate is valid.
    */
   readonly attribute PRTime notBefore;
-  
+
   /**
    *  "notBefore" attribute formatted as a time string
    *  according to the environment locale,
    *  according to the environment time zone.
    */
+  [must_use]
   readonly attribute AString notBeforeLocalTime;
 
   /**
-   *  The day portion of "notBefore" 
-   *  formatted as a time string
+   *  The day portion of "notBefore" formatted as a time string
    *  according to the environment locale,
    *  according to the environment time zone.
    */
   readonly attribute AString notBeforeLocalDay;
 
   /**
    *  "notBefore" attribute formatted as a string
    *  according to the environment locale,
    *  displayed as GMT / UTC.
    */
+  [must_use]
   readonly attribute AString notBeforeGMT;
 
   /**
    *  The latest point in time where
    *  a certificate is valid.
    */
   readonly attribute PRTime notAfter;
 
   /**
    *  "notAfter" attribute formatted as a time string
    *  according to the environment locale,
    *  according to the environment time zone.
    */
+  [must_use]
   readonly attribute AString notAfterLocalTime;
 
   /**
-   *  The day portion of "notAfter" 
-   *  formatted as a time string
+   *  The day portion of "notAfter" formatted as a time string
    *  according to the environment locale,
    *  according to the environment time zone.
    */
   readonly attribute AString notAfterLocalDay;
 
   /**
    *  "notAfter" attribute formatted as a time string
    *  according to the environment locale,
    *  displayed as GMT / UTC.
    */
+  [must_use]
   readonly attribute AString notAfterGMT;
 };