Index: tclpkcs11.c
==================================================================
--- tclpkcs11.c
+++ tclpkcs11.c
@@ -1243,11 +1243,11 @@
 	Tcl_Obj *tcl_result;
 	long slotid_long;
 	int tcl_keylist_llength, idx;
 	int input_len;
 	CK_ULONG resultbuf_len;
-	int sign;
+	int sign, terminate;
 	int tcl_rv;
 
 	CK_SLOT_ID slotid;
 	CK_OBJECT_HANDLE hObject;
 	CK_ULONG foundObjs;
@@ -1478,16 +1478,29 @@
 				}
 			}
 
 			chk_rv = handle->pkcs11->C_Sign(handle->session, input, input_len, resultbuf, &resultbuf_len);
 		}
-		if (chk_rv != CKR_OK) {
+
+		terminate = 0;
+		if (chk_rv == CKR_OK) {
+			terminate = 1;
+		} else {
 			if (chk_rv == CKR_BUFFER_TOO_SMALL) {
-				/* Terminate decryption operation */
-				handle->pkcs11->C_DecryptFinal(handle->session, NULL, 0);
+				terminate = 1;
+			}
+		}
+
+		if (terminate) {
+			if (!sign) {
+				handle->pkcs11->C_EncryptFinal(handle->session, NULL, 0);
+			} else {
+				handle->pkcs11->C_SignFinal(handle->session, NULL, 0);
 			}
+		}
 
+		if (chk_rv != CKR_OK) {
 			Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));
 
 			return(TCL_ERROR);
 		}
 	} else {

Index: usage.txt
==================================================================
--- usage.txt
+++ usage.txt
@@ -4,5 +4,8 @@
 ::pki::pkcs11::listcerts  <handle> <slotId>                -> list: keylist
 ::pki::pkcs11::encrypt <mode> <input> <keylist>            -> data
 ::pki::pkcs11::decrypt <mode> <input> <keylist>            -> data
 ::pki::pkcs11::login <handle> <slotId> <password>          -> true/false
 ::pki::pkcs11::logout <handle> <slotId>                    -> true/false
+
+# Future
+::pki::pkcs11::listobjects <handle> <slotId>               -> list: ....