Allow closing a session manually

hug-dev · hug-dev · commit e52d58f9ba9b · 2025-11-24T13:50:39.000+01:00
Currently a session can only be closed on drop.
diff --git a/cryptoki/src/session/mod.rs b/cryptoki/src/session/mod.rs
@@ -4,6 +4,7 @@
 
 use crate::context::Pkcs11;
 
+use crate::error::Result;
 use cryptoki_sys::*;
 use std::fmt::Formatter;
 use std::marker::PhantomData;
@@ -72,15 +73,17 @@ impl<'a> Session<'a> {
 impl<'a> Session<'a> {
     /// Close a session
     /// This will be called on drop as well.
-    pub fn close(self) {}
+    pub fn close(self) -> Result<()> {
+        self.close_inner()
+    }
 
     /// Get the raw handle of the session.
     pub fn handle(&self) -> CK_SESSION_HANDLE {
         self.handle
     }
 
     pub(crate) fn client(&self) -> &Pkcs11 {
-        &self.client
+        self.client
     }
 }
 
diff --git a/cryptoki/src/session/session_management.rs b/cryptoki/src/session/session_management.rs
@@ -3,7 +3,7 @@
 //! Session management functions
 
 use crate::context::Function;
-use crate::error::{Result, Rv};
+use crate::error::{Error, Result, Rv, RvError};
 use crate::session::{Session, SessionInfo, UserType};
 use crate::types::{AuthPin, RawAuthPin};
 
@@ -16,19 +16,13 @@ use std::convert::{TryFrom, TryInto};
 
 impl Drop for Session<'_> {
     fn drop(&mut self) {
-        #[inline(always)]
-        fn close(session: &Session) -> Result<()> {
-            unsafe {
-                Rv::from(get_pkcs11!(session.client(), C_CloseSession)(
-                    session.handle(),
-                ))
-                .into_result(Function::CloseSession)
+        match self.close_inner() {
+            Err(Error::Pkcs11(RvError::SessionClosed, Function::CloseSession)) => (), // the session has already been closed: ignore.
+            Ok(()) => (),
+            Err(err) => {
+                error!("Failed to close session: {err}");
             }
         }
-
-        if let Err(err) = close(self) {
-            error!("Failed to close session: {err}");
-        }
     }
 }
 
@@ -105,4 +99,13 @@ impl Session<'_> {
             SessionInfo::try_from(session_info)
         }
     }
+
+    // Helper function to be able to close a session only taking a reference.
+    // This is used in the Drop trait function which only takes a reference as input.
+    pub(super) fn close_inner(&self) -> Result<()> {
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_CloseSession)(self.handle()))
+                .into_result(Function::CloseSession)
+        }
+    }
 }
