From 50e0402c220ab7abd375802ea4264ff3ee9fc339 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Sat, 22 Feb 2020 10:35:26 +1000
Subject: [PATCH] sec_mem: add note about the minimum size parameter.

Add a note indicating that the minimum size parameter to
CRYPTO_secure_malloc_init() should be small.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
---
 doc/man3/OPENSSL_secure_malloc.pod | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod
index e47dfd673a..67a34eb809 100644
--- a/doc/man3/OPENSSL_secure_malloc.pod
+++ b/doc/man3/OPENSSL_secure_malloc.pod
@@ -53,8 +53,10 @@ put all intermediate values and computations there.
 
 CRYPTO_secure_malloc_init() creates the secure heap, with the specified
 C<size> in bytes. The C<minsize> parameter is the minimum size to
-allocate from the heap. Both C<size> and C<minsize> must be a power
-of two.
+allocate from the heap or zero to use a reasonable default value.
+Both C<size> and, if specified, C<minsize> must be a power of two and
+C<minsize> should generally be small, for example 16 or 32.
+C<minsize> must be less than a quarter of C<size> in any case.
 
 CRYPTO_secure_malloc_initialized() indicates whether or not the secure
 heap as been initialized and is available.
-- 
2.25.1