Enable DNSSEC compilation on nettle 2.7.1

RHEL/CentOS 7 does not compile with DNSSEC enabled, because older
version is not supported. Add few defines to compile also on older
nettle versions.

Adds also major version 4 check, taking into account higher major
version.

src/crypto.c

@@ -18,11 +18,20 @@
 
 #ifdef HAVE_DNSSEC
 
+/* Minimal version of nettle */
+#define MIN_VERSION(major, minor) (NETTLE_VERSION_MAJOR == (major) && NETTLE_VERSION_MINOR >= (minor)) || \
+				  (NETTLE_VERSION_MAJOR > (major))
+
 #include <nettle/rsa.h>
 #include <nettle/ecdsa.h>
 #include <nettle/ecc-curve.h>
+#if !defined(NETTLE_VERSION_MAJOR)
+#define NETTLE_VERSION_MAJOR 2
+#endif
+#if MIN_VERSION(3, 1)
 #include <nettle/eddsa.h>
-#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
+#endif
+#if MIN_VERSION(3, 6)
 #  include <nettle/gostdsa.h>
 #endif
 #endif
@@ -238,7 +247,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
   static struct ecc_point *key_256 = NULL, *key_384 = NULL;
   static mpz_t x, y;
   static struct dsa_signature *sig_struct;
-#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4
+#if !MIN_VERSION(3, 4)
 #define nettle_get_secp_256r1() (&nettle_secp_256r1)
 #define nettle_get_secp_384r1() (&nettle_secp_384r1)
 #endif
@@ -301,7 +310,7 @@ static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len
   return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
 }
 
-#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
+#if MIN_VERSION(3, 6)
 static int dnsmasq_gostdsa_verify(struct blockdata *key_data, unsigned int key_len, 
 				  unsigned char *sig, size_t sig_len,
 				  unsigned char *digest, size_t digest_len, int algo)
@@ -342,6 +351,7 @@ static int dnsmasq_gostdsa_verify(struct blockdata *key_data, unsigned int key_l
 }
 #endif
 
+#if MIN_VERSION(3, 1)
 static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len, 
 				unsigned char *sig, size_t sig_len,
 				unsigned char *digest, size_t digest_len, int algo)
@@ -368,7 +378,7 @@ static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len
 				   ((struct null_hash_digest *)digest)->buff,
 				   sig);
       
-#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
+#if MIN_VERSION(3, 6)
     case 16:
       if (key_len != ED448_KEY_SIZE ||
 	  sig_len != ED448_SIGNATURE_SIZE)
@@ -384,6 +394,7 @@ static int dnsmasq_eddsa_verify(struct blockdata *key_data, unsigned int key_len
 
   return 0;
 }
+#endif
 
 static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
 			     unsigned char *digest, size_t digest_len, int algo)
@@ -399,16 +410,17 @@ static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key
     case 5: case 7: case 8: case 10:
       return dnsmasq_rsa_verify;
 
-#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR >= 6
+#if MIN_VERSION(3, 6)
     case 12:
       return dnsmasq_gostdsa_verify;
 #endif
       
     case 13: case 14:
       return dnsmasq_ecdsa_verify;
-
+#if MIN_VERSION(3, 1)
     case 15: case 16:
       return dnsmasq_eddsa_verify;
+#endif
     }
   
   return NULL;