Unexport X509_VERIFY_PARAM_lookup

This is used to implement X509_STORE_CTX_set_default and some very messy
"default" parameter, which has its own awkward quirks (see
https://boringssl-review.googlesource.com/c/boringssl/+/64253/).

We can't avoid X509_STORE_CTX_set_default, but if we resolve the mess
around "default", then all the defined parameters will just be purpose
and trust tuples. If we get to that point, we probably don't need to
define actual X509_VERIFY_PARAM objects and can just store the purpose
and trust values. But we can only do that if this function is gone.

Update-Note: Removed unused function.
Change-Id: I118f4a1ebff99f919d0f6ee63175633fe945822b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64487
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
(cherry picked from commit 20f7eb1430ca03712441b78330ad320cb0134055)

crypto/x509/internal.h

@@ -539,6 +539,10 @@ int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
 OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a,
                                     const GENERAL_NAME *b);
 
+// X509_VERIFY_PARAM_lookup returns a pre-defined |X509_VERIFY_PARAM| named by
+// |name|, or NULL if no such name is defined.
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+
 
 #if defined(__cplusplus)
 }  // extern C

include/openssl/x509.h

@@ -3436,11 +3436,6 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
 
 OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
 
-// X509_VERIFY_PARAM_lookup returns a pre-defined |X509_VERIFY_PARAM| named by
-// |name|, or NULL if no such name is defined.
-OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
-    const char *name);
-
 // Forward reference
 struct v3_ext_method;
 struct v3_ext_ctx;