ykcs11: session cap is global, not per-slot

[satoqz]

ykcs11 globally limits the session count to 16:

yubico-piv-tool/ykcs11/ykcs11.c

Line 57 in 7851acf

static ykcs11_session_t sessions[YKCS11_MAX_SESSIONS];

... and reports the same value in CK_TOKEN_INFO's ulMaxSessionCount & ulMaxRwSessionCount.

However, as per PKCS#11 standard, these values should represent the per-token limit, not a global limit:

ulMaxSessionCount maximum number of sessions that can be opened with the token at one time by a single application

As a result, applications that consume PKCS#11 modules generically are led to assume that they can open up to 16 concurrent sessions per token slot, which is not actually guaranteed, and will lead to unexpected errors.

---

Am I interpreting this incorrectly? What are the odds this can be patched to track sessions per-slot? I realize this may not be a straightforward refactor given session memory is currently statically allocated, which is likely impractical going forward if done per-slot.