Add CRYPTO_BUFFER_new_from_static_data_unsafe.

When making a CRYPTO_BUFFER from a static, const buffer, there is no
need to make a copy of the data. Instead, we can reference it directly.
The hope is this will save a bit of memory in Chromium, since root store
certs will already in static data.

Moreover, by letting static CRYPTO_BUFFERs participate in pooling, we
can extend the memory savings to yet other copies of these certs. For
instance, if we make the root store updatable via component updater,
most of the updated roots will likely already be in the binary's copy.
Pooling will transparently dedup those and avoid retaining an extra

(I haven't gone as far as to give static CRYPTO_BUFFERs strong
references from the pool, since that seems odd. But something like
Chromium probably wants to intentionally leak the initial static ones so
that, when all references go away, they're still available for pooling.)

Change-Id: I05c25c5ff618f9f7a6ed21e4575cf659e7c32811
Commit-Queue: David Benjamin <>
Reviewed-by: Adam Langley <>
diff --git a/crypto/pool/internal.h b/crypto/pool/internal.h
index ed91de6..b39ee42 100644
--- a/crypto/pool/internal.h
+++ b/crypto/pool/internal.h
@@ -18,18 +18,22 @@
 #include <openssl/lhash.h>
 #include <openssl/thread.h>
+#include "../lhash/internal.h"
 #if defined(__cplusplus)
 extern "C" {
 struct crypto_buffer_st {
   uint8_t *data;
   size_t len;
   CRYPTO_refcount_t references;
+  int data_is_static;
 struct crypto_buffer_pool_st {