move ssl code to 3proxy, remove SSLPlugin, switch md4/md5/blake to OpenSSL where possible

2026-05-01 08:20:12 +08:00 · 2026-04-30 17:58:16 +03:00 · 2026-04-30 17:58:16 +03:00 · 30bee085e9
commit 30bee085e9
parent d674d1d51b
26 changed files with 349 additions and 989 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -320,10 +320,8 @@ set(3PROXY_CORE_SOURCES
    src/stringtable.c
 )
-# MD4/MD5/BLAKE2 sources for 3proxy_crypt
+# BLAKE2 source for 3proxy_crypt
 set(MD_SOURCES
    src/libs/md4.c
    src/libs/md5.c
    src/libs/blake2b-ref.c
 )
@ -402,6 +400,10 @@ add_executable(3proxy
    $<TARGET_OBJECTS:3proxy_crypt_obj>
 )
 if(OpenSSL_FOUND)
    target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
 endif()
 target_include_directories(3proxy PRIVATE
    ${CMAKE_CURRENT_SOURCE_DIR}/src
    ${CMAKE_CURRENT_SOURCE_DIR}/src/libs
@ -444,6 +446,9 @@ target_include_directories(3proxy_crypt PRIVATE
    ${CMAKE_CURRENT_SOURCE_DIR}/src/libs
 )
 target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
 if(OpenSSL_FOUND)
    target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
 endif()
 if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
    set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
 else()
@ -527,10 +532,6 @@ foreach(PLUGIN ${DEFAULT_PLUGINS})
    add_subdirectory(src/plugins/${PLUGIN})
 endforeach()
 if(OPENSSL_FOUND)
    add_subdirectory(src/plugins/SSLPlugin)
 endif()
 if(PCRE2_FOUND)
    add_subdirectory(src/plugins/PCREPlugin)
 endif()
@ -541,9 +542,6 @@ endif()
 # Build full list of plugins to be built
 set(ALL_PLUGINS ${DEFAULT_PLUGINS})
 if(OPENSSL_FOUND)
    list(APPEND ALL_PLUGINS SSLPlugin)
 endif()
 if(PCRE2_FOUND)
    list(APPEND ALL_PLUGINS PCREPlugin)
 endif()
--- a/Makefile.FreeBSD
+++ b/Makefile.FreeBSD
@ -36,7 +36,8 @@ PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
-    PLUGINS += SSLPlugin
+    CFLAGS += -DWITH_SSL
    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
--- a/Makefile.Linux
+++ b/Makefile.Linux
@ -38,7 +38,8 @@ PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
-    PLUGINS += SSLPlugin
+    CFLAGS += -DWITH_SSL
    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
--- a/Makefile.msvc
+++ b/Makefile.msvc
@ -27,7 +27,8 @@ REMOVECOMMAND = del
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin SSLPlugin PCREPlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin PCREPlugin
 SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
 VERFILE = 3proxy.res $(VERFILE)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
 AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err)
--- a/Makefile.unix
+++ b/Makefile.unix
@ -38,7 +38,8 @@ PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
-    PLUGINS += SSLPlugin
+    CFLAGS += -DWITH_SSL
    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
 endif
 PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
--- a/Makefile.win
+++ b/Makefile.win
@ -37,7 +37,8 @@ ifndef OPENSSL_CHECK
 OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
    LIBS += -l crypto -l ssl
-    PLUGINS += SSLPlugin
+    CFLAGS += -DWITH_SSL
    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
 endif
 PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
--- a/src/3proxy.c
+++ b/src/3proxy.c
@ -7,6 +7,9 @@
 */
 #include "proxy.h"
 #ifdef WITH_SSL
 void ssl_install(void);
 #endif
 #ifndef _WIN32
 #include <sys/resource.h>
 #ifndef NOPLUGINS
@ -523,6 +526,10 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
  _3proxy_mutex_init(&conf.threadinit);
 #endif
 #ifdef WITH_SSL
  ssl_install();
 #endif
  freeconf(&conf);
  res = readconfig(fp);
  conf.version++;
--- a/src/3proxy_crypt.c
+++ b/src/3proxy_crypt.c
@ -5,11 +5,13 @@
   please read License Agreement
 */
 #include "blake2_compat.h"
 #ifdef WITH_SSL
 #include <openssl/evp.h>
 #ifndef WITHMAIN
-#include "libs/md5.h"
+/* MD5 needed for $1$ crypt */
 #endif
 #endif
 #include "libs/md4.h"
 #include "libs/blake2.h"
 #include <string.h>
 #define MD5_SIZE 16
@ -24,6 +26,12 @@ void tohex(unsigned char *in, unsigned char *out, int len);
 static unsigned char itoa64[] =
        "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 #if defined(WITH_SSL)
 EVP_MD *md4 = NULL;
 EVP_MD *md5 = NULL;
 #endif
 void
 _crypt_to64(unsigned char *s, unsigned long v, int n)
 {
@ -34,11 +42,13 @@ _crypt_to64(unsigned char *s, unsigned long v, int n)
 }
 #ifdef WITH_SSL
 unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPassword, int ctohex)
 {
 	unsigned char szUnicodePass[513];
 	unsigned int nPasswordLen;
-	MD4_CTX ctx;
+	EVP_MD_CTX *ctx;
 	unsigned int len=sizeof(szUnicodePass);
 	unsigned int i;
 	/*
@ -53,15 +63,20 @@ unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPasswor
 	}
 	/* Encrypt Unicode password to a 16-byte MD4 hash */
-	MD4Init(&ctx);
+	ctx = EVP_MD_CTX_new();
-	MD4Update(&ctx, szUnicodePass, (nPasswordLen<<1));
+	if(!EVP_DigestInit_ex(ctx, md4, NULL)){
-	MD4Final(szUnicodePass, &ctx);
+	    fprintf(stderr, "Failed to init MD4 digest\n");
 	}
 	EVP_DigestUpdate(ctx, szUnicodePass, (nPasswordLen<<1));
 	EVP_DigestFinal_ex(ctx, szUnicodePass, &len);
 	EVP_MD_CTX_free(ctx);
 	if (ctohex){
 		tohex(szUnicodePass, szHash, 16);
 	}
 	else memcpy(szHash, szUnicodePass, 16);
 	return szHash;
 }
 #endif
 unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsigned char *passwd){
@ -74,34 +89,38 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
 int sl;
 unsigned long l;
-#ifndef WITHMAIN
+#if defined(WITH_SSL)
 if(salt[0] == '$' && salt[1] == '1' && salt[2] == '$' && (ep = (unsigned char *)strchr((char *)salt+3, '$'))) {
-	MD5_CTX	ctx,ctx1;
+	EVP_MD_CTX	*ctx, *ctx1;
 	unsigned int len;
 	int pl, i;
 	sp = salt +3;
 	sl = (int)(ep - sp);
 	magic = (unsigned char *)"$1$";
-	MD5Init(&ctx);
+	ctx = EVP_MD_CTX_new();
 	EVP_DigestInit_ex(ctx, md5, NULL);
 	/* The password first, since that is what is most unknown */
-	MD5Update(&ctx,pw,strlen((char *)pw));
+	EVP_DigestUpdate(ctx,pw,strlen((char *)pw));
 	/* Then our magic string */
-	MD5Update(&ctx,magic,strlen((char *)magic));
+	EVP_DigestUpdate(ctx,magic,strlen((char *)magic));
 	/* Then the raw salt */
-	MD5Update(&ctx,sp,sl);
+	EVP_DigestUpdate(ctx,sp,sl);
 	/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
-	MD5Init(&ctx1);
+	ctx1 = EVP_MD_CTX_new();
-	MD5Update(&ctx1,pw,strlen((char *)pw));
+	EVP_DigestInit_ex(ctx1, EVP_md5(), NULL);
-	MD5Update(&ctx1,sp,sl);
+	EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
-	MD5Update(&ctx1,pw,strlen((char *)pw));
+	EVP_DigestUpdate(ctx1,sp,sl);
-	MD5Final(final,&ctx1);
+	EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
 	EVP_DigestFinal_ex(ctx1,final,&len);
 	EVP_MD_CTX_free(ctx1);
 	for(pl = (int)strlen((char *)pw); pl > 0; pl -= MD5_SIZE)
-		MD5Update(&ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl);
+		EVP_DigestUpdate(ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl);
 	/* Don't leave anything around in vm they could use. */
 	memset(final,0,sizeof final);
@ -109,12 +128,13 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
 	/* Then something really weird... */
 	for (i = (int)strlen((char *)pw); i ; i >>= 1)
 		if(i&1)
-		    MD5Update(&ctx, final, 1);
+		    EVP_DigestUpdate(ctx, final, 1);
 		else
-		    MD5Update(&ctx, pw, 1);
+		    EVP_DigestUpdate(ctx, pw, 1);
-	MD5Final(final,&ctx);
+	EVP_DigestFinal_ex(ctx,final,&len);
 	EVP_MD_CTX_free(ctx);
 	/*
 	 * and now, just to make sure things don't run too fast
@ -122,23 +142,25 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
 	 * need 30 seconds to build a 1000 entry dictionary...
 	 */
 	for(i=0;i<1000;i++) {
-		MD5Init(&ctx1);
+		ctx1 = EVP_MD_CTX_new();
 		EVP_DigestInit_ex(ctx1, md5, NULL);
 		if(i & 1)
-			MD5Update(&ctx1,pw,strlen((char *)pw));
+			EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
 		else
-			MD5Update(&ctx1,final,MD5_SIZE);
+			EVP_DigestUpdate(ctx1,final,MD5_SIZE);
 		if(i % 3)
-			MD5Update(&ctx1,sp,sl);
+			EVP_DigestUpdate(ctx1,sp,sl);
 		if(i % 7)
-			MD5Update(&ctx1,pw,strlen((char *)pw));
+			EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
 		if(i & 1)
-			MD5Update(&ctx1,final,MD5_SIZE);
+			EVP_DigestUpdate(ctx1,final,MD5_SIZE);
 		else
-			MD5Update(&ctx1,pw,strlen((char *)pw));
+			EVP_DigestUpdate(ctx1,pw,strlen((char *)pw));
-		MD5Final(final,&ctx1);
+		EVP_DigestFinal_ex(ctx1,final,&len);
 		EVP_MD_CTX_free(ctx1);
 	}
@ -151,7 +173,13 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
    sp = salt +3;
    sl = (int)(ep - sp);
    magic = (unsigned char *)"$3$";
-    blake2b(final, MD5_SIZE, pw, strlen((char *)pw), sp, sl);
+    {
        blake2b_state S;
        blake2b_init(&S, MD5_SIZE);
        blake2b_update(&S, pw, strlen((char *)pw) + 1);
        blake2b_update(&S, sp, sl);
        blake2b_final(&S, final, MD5_SIZE);
    }
 }
 else {
 	*passwd = 0;
@ -180,25 +208,55 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
 }
 #ifdef WITHMAIN
-
+#ifdef WITH_SSL
 OSSL_LIB_CTX *library_ctx = NULL;
 #include <openssl/provider.h>
 #endif
 #include <stdio.h>
 int main(int argc, char* argv[]){
 	unsigned char buf[1024];
 	unsigned i;
 	if(argc < 2 || argc > 3) {
 		fprintf(stderr, "usage: \n"
 #ifdef WITH_SSL
 			"\t%s <password>\n"
 #endif
 			"\t%s <salt> <password>\n"
 #ifdef WITH_SSL
 			"Performs NT crypt if no salt specified, BLAKE2 crypt with salt\n"
 #else
 			"Performs BLAKE2 crypt with salt\n"
 #endif
 			"This software uses:\n"
-			"  RSA Data Security, Inc. MD4 Message-Digest Algorithm\n"
+#ifdef WITH_SSL
-			"  RSA Data Security, Inc. MD5 Message-Digest Algorithm\n",
+			"  OpenSSL EVP (MD4, MD5, BLAKE2b)\n"
 #else
 			"  BLAKE2 reference implementation\n"
 #endif
 			,
 			argv[0],
 			argv[0]);
 			return 1;
 	}
 #ifdef WITH_SSL
        library_ctx = OSSL_LIB_CTX_new();
        OSSL_PROVIDER_load(library_ctx, "legacy");
        OSSL_PROVIDER_load(library_ctx, "default");
        md4 = EVP_MD_fetch(library_ctx, "MD4", NULL);
        if (md4 == NULL) {
 	    fprintf(stderr, "Error fetching MD4\n");
        }
        md5 = EVP_MD_fetch(library_ctx, "MD5", NULL);
        if (md5 == NULL) {
 	    fprintf(stderr, "Error fetching MD5\n");
        }
 #endif
 	if(argc == 2) {
 #ifdef WITH_SSL
 		printf("NT:%s\n", ntpwdhash(buf, (unsigned char *)argv[1], 1));
 #else
 		fprintf(stderr, "NT crypt not available (compiled without OpenSSL)\n");
 #endif
 	}
 	else {
 		i = (int)strlen((char *)argv[1]);
--- a/src/Makefile.inc
+++ b/src/Makefile.inc
@ -152,21 +152,21 @@ datatypes$(OBJSUFFICS): datatypes.c proxy.h structures.h
 3proxy_cryptmain$(OBJSUFFICS): 3proxy_crypt.c
 	$(CC) $(COUT)3proxy_cryptmain$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITHMAIN 3proxy_crypt.c
 md4$(OBJSUFFICS):  libs/md4.h libs/md4.c
 	$(CC) $(COUT)md4$(OBJSUFFICS) $(CFLAGS) libs/md4.c
 md5$(OBJSUFFICS):  libs/md5.h libs/md5.c
 	$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
 blake2$(OBJSUFFICS):  libs/blake2.h libs/blake2-impl.h libs/blake2b-ref.c
 	$(CC) $(COUT)blake2$(OBJSUFFICS) $(CFLAGS) libs/blake2b-ref.c
-$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): md4$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS)
+$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS)
-	$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) md4$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS)
+	$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
 stringtable$(OBJSUFFICS):  stringtable.c
 	$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
-$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP)
+ssllib$(OBJSUFFICS): ssllib.c
-	$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE)  3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
+	$(CC) $(COUT)ssllib$(OBJSUFFICS) $(CFLAGS) ssllib.c
 ssl$(OBJSUFFICS): ssl.c
 	$(CC) $(COUT)ssl$(OBJSUFFICS) $(CFLAGS) ssl.c
 $(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(SSL_OBJS) $(COMPATLIBS) $(VERSIONDEP)
 	$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE)  3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(SSL_OBJS) $(COMPATLIBS) $(LIBS)
--- a/src/auth.c
+++ b/src/auth.c
@ -223,8 +223,10 @@ int strongauth(struct clientparam * param){
 	if (!param->pwtype && param->password) {
 		if (pw_table.ihashtable && hashresolv(&pw_table, param, &dummy, NULL))
 			return 0;
 #ifdef WITH_SSL
 		if (pwnt_table.ihashtable && hashresolv(&pwnt_table, param, &dummy, NULL))
 			return 0;
 #endif
 #ifndef NOCRYPT
 		if (pwcr_table.ihashtable && hashresolv(&pwcr_table, param, cryptpw, NULL)) {
 			if (!strcmp(cryptpw, (char *)mycrypt(param->password, (unsigned char *)cryptpw, buf)))
--- a/src/authradius.c
+++ b/src/authradius.c
@ -8,7 +8,7 @@
 #ifndef NORADIUS
 #include "proxy.h"
-#include "libs/md5.h"
+#include <openssl/evp.h>
 #define AUTH_VECTOR_LEN         16
 #define MAX_STRING_LEN          254
@ -183,14 +183,19 @@ char *strNcpy(char *dest, const char *src, int n)
 	return dest;
 }
 extern EVP_MD *md4;
 extern EVP_MD *md5;
 void md5_calc(unsigned char *output, unsigned char *input,
 		     unsigned int inlen)
 {
-	MD5_CTX	context;
+	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-
+	unsigned int len = 0;
-	MD5Init(&context);
+	EVP_DigestInit_ex(ctx, md5, NULL);
-	MD5Update(&context, input, inlen);
+	EVP_DigestUpdate(ctx, input, inlen);
-	MD5Final(output, &context);
+	EVP_DigestFinal_ex(ctx, output, &len);
 	EVP_MD_CTX_free(ctx);
 }
--- a/src/blake2_compat.h
+++ b/src/blake2_compat.h
@ -0,0 +1,76 @@
 #ifndef BLAKE2_COMPAT_H
 #define BLAKE2_COMPAT_H
 #if defined(WITH_SSL)
 #include <openssl/opensslv.h>
 #endif
 #if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 #include <openssl/evp.h>
 #include <string.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #endif
 /*
 * OpenSSL 1.1.0+ BLAKE2b implementation.
 * Provides the same streaming API as libs/blake2.h but uses EVP internally.
 *
 * OpenSSL 3.0+: uses OSSL_DIGEST_PARAM_SIZE for proper custom output sizes.
 * OpenSSL 1.1.x: computes full 64-byte output and truncates in blake2b_final.
 */
 typedef EVP_MD_CTX *blake2b_state;
 static int blake2b_init(blake2b_state *S, size_t outlen) {
    *S = EVP_MD_CTX_new();
    if (!*S) return -1;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
    size_t sz = outlen;
    OSSL_PARAM params[2];
    params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
    params[1] = OSSL_PARAM_construct_end();
    if (!EVP_DigestInit_ex2(*S, EVP_blake2b512(), params)) {
 #else
    (void)outlen;
    if (!EVP_DigestInit_ex(*S, EVP_blake2b512(), NULL)) {
 #endif
        EVP_MD_CTX_free(*S);
        *S = NULL;
        return -1;
    }
    return 0;
 }
 static int blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
    if (inlen == 0) return 0;
    return EVP_DigestUpdate(*S, in, inlen) ? 0 : -1;
 }
 static int blake2b_final(blake2b_state *S, void *out, size_t outlen) {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
    unsigned int len = 0;
    int ret = EVP_DigestFinal_ex(*S, out, &len) ? 0 : -1;
 #else
    unsigned char tmp[64];
    unsigned int len = 0;
    int ret = EVP_DigestFinal_ex(*S, tmp, &len) ? 0 : -1;
    if (ret == 0) memcpy(out, tmp, outlen);
 #endif
    EVP_MD_CTX_free(*S);
    *S = NULL;
    return ret;
 }
 #else
 #include "libs/blake2.h"
 #endif
 #endif /* BLAKE2_COMPAT_H */
--- a/src/conf.c
+++ b/src/conf.c
@ -7,6 +7,9 @@
 */
 #include "proxy.h"
 #ifdef WITH_SSL
 void ssl_install(void);
 #endif
 #ifndef _WIN32
 #include <sys/resource.h>
 #include <pwd.h>
@ -526,9 +529,11 @@ static int h_users(int argc, unsigned char **argv){
        if (arg[1] && arg[2] && arg[3] == ':') {
            pw[1] = (char *)(arg + 4);
            if (arg[1] == 'N' && arg[2] == 'T') {
 #ifdef WITH_SSL
                if (!pwnt_table.ihashtable && inithashtable(&pwnt_table, 16, 32, 1048576))
                    return 3;
                hashadd(&pwnt_table, pw, &dummy, MAX_COUNTER_TIME);
 #endif
                continue;
            }
            if (arg[1] == 'C' && arg[2] == 'R') {
@ -1447,6 +1452,11 @@ static int h_authcache(int argc, unsigned char **argv){
 }
 static int h_plugin(int argc, unsigned char **argv){
 #ifdef WITH_SSL
 	if(argc >= 3 && !strcmp((char *)argv[2], "ssl_plugin")){
 		return 0;
 	}
 #endif
 #ifdef NOPLUGINS
 	return 999;
 #else
@ -1875,7 +1885,9 @@ void freeconf(struct extparam *confp){
 _3proxy_mutex_unlock(&connlim_mutex);
 destroyhashtable(&pw_table);
 #ifdef WITH_SSL
 destroyhashtable(&pwnt_table);
 #endif
 destroyhashtable(&pwcr_table);
 confp->logfunc = lognone;
@ -1946,6 +1958,9 @@ int reload (void){
 	int error = -2;
 	_3proxy_mutex_lock(&config_mutex);
 #ifdef WITH_SSL
 	ssl_install();
 #endif
 	conf.paused++;
 	freeconf(&conf);
 	conf.paused++;
--- a/src/hashtables.c
+++ b/src/hashtables.c
@ -1,11 +1,13 @@
 #include "proxy.h"
-#include "libs/blake2.h"
+#include "blake2_compat.h"
 static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
-    char* name = index;
+    blake2b_state S;
-    blake2b(hash, ht->hash_size, index, strlen((const char*)index), NULL, 0);
+    blake2b_init(&S, ht->hash_size);
    blake2b_update(&S, index, strlen((const char*)index) + 1);
    blake2b_final(&S, hash, ht->hash_size);
 }
 static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *hash){
@ -36,7 +38,11 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
 static void user2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
    struct clientparam *param = (struct clientparam *)index;
-    blake2b(hash, ht->hash_size, param->username, strlen((const char *)param->username), NULL, 0);
+    blake2b_state S;
    blake2b_init(&S, ht->hash_size);
    blake2b_update(&S, param->username, strlen((const char *)param->username) + 1);
    blake2b_final(&S, hash, ht->hash_size);
 }
 static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
@ -80,6 +86,7 @@ static void pwnt2hash_add(const struct hashtable *ht, void *index, uint8_t *hash
 }
 #ifdef WITH_SSL
 static void pwnt2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
    struct clientparam *param  = (struct clientparam *)index;
    unsigned char pass[40];
@ -88,6 +95,7 @@ static void pwnt2hash_search(const struct hashtable *ht, void *index, uint8_t *h
    ntpwdhash(pass, param->password, 1);
    pwnt2hash_add(ht, pw, hash);
 }
 #endif
@ -95,5 +103,7 @@ struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 12};
 struct hashtable dns6_table = {char_index2hash, char_index2hash, 16, 12};
 struct hashtable auth_table = {param2hash_add, param2hash_search, sizeof(struct authcache), 12};
 struct hashtable pw_table = {pw2hash_add, pw2hash_search, 0, 12};
 #ifdef WITH_SSL
 struct hashtable pwnt_table = {pwnt2hash_add, pwnt2hash_search, 0, 12};
 #endif
 struct hashtable pwcr_table = {char_index2hash, user2hash_search, 64, 12};
--- a/src/libs/md4.c
+++ b/src/libs/md4.c
@ -1,290 +0,0 @@
 /*
 * md4c.c	MD4 message-digest algorithm
 *
 *   License to copy and use this software is granted provided that it
 *   is identified as the "RSA Data Security, Inc. MD4 Message-Digest
 *   Algorithm" in all material mentioning or referencing this software
 *   or this function.
 *
 *   License is also granted to make and use derivative works provided
 *   that such works are identified as "derived from the RSA Data
 *   Security, Inc. MD4 Message-Digest Algorithm" in all material
 *   mentioning or referencing the derived work.
 *
 *   RSA Data Security, Inc. makes no representations concerning either
 *   the merchantability of this software or the suitability of this
 *   software for any particular purpose. It is provided "as is"
 *   without express or implied warranty of any kind.
 *
 *   These notices must be retained in any copies of any part of this
 *   documentation and/or software.
 *
 * Copyright 1990,1991,1992  RSA Data Security, Inc.
 */
 #include "md4.h"
 /* Constants for MD4Transform routine.
 */
 #define S11 3
 #define S12 7
 #define S13 11
 #define S14 19
 #define S21 3
 #define S22 5
 #define S23 9
 #define S24 13
 #define S31 3
 #define S32 9
 #define S33 11
 #define S34 15
 static void MD4Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
 static void Encode PROTO_LIST
  ((unsigned char *, UINT4 *, unsigned int));
 static void Decode PROTO_LIST
  ((UINT4 *, unsigned char *, unsigned int));
 static void MD4_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
 static void MD4_memset PROTO_LIST ((POINTER, int, unsigned int));
 static unsigned char PADDING[64] = {
  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 /* F, G and H are basic MD4 functions.
 */
 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 /* ROTATE_LEFT rotates x left n bits.
 */
 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
 /* FF, GG and HH are transformations for rounds 1, 2 and 3 */
 /* Rotation is separate from addition to prevent recomputation */
 #define FF(a, b, c, d, x, s) { \
    (a) += F ((b), (c), (d)) + (x); \
    (a) = ROTATE_LEFT ((a), (s)); \
  }
 #define GG(a, b, c, d, x, s) { \
    (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
    (a) = ROTATE_LEFT ((a), (s)); \
  }
 #define HH(a, b, c, d, x, s) { \
    (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
    (a) = ROTATE_LEFT ((a), (s)); \
  }
 void md4_calc(unsigned char *output, unsigned char *input, unsigned inlen)
 {
 	MD4_CTX	context;
 	MD4Init(&context);
 	MD4Update(&context, input, inlen);
 	MD4Final(output, &context);
 }
 /* MD4 initialization. Begins an MD4 operation, writing a new context.
 */
 void MD4Init ( MD4_CTX *context)
 {
  context->count[0] = context->count[1] = 0;
  /* Load magic initialization constants.
   */
  context->state[0] = 0x67452301;
  context->state[1] = 0xefcdab89;
  context->state[2] = 0x98badcfe;
  context->state[3] = 0x10325476;
 }
 /* MD4 block update operation. Continues an MD4 message-digest
     operation, processing another message block, and updating the
     context.
 */
 void MD4Update (MD4_CTX *context, unsigned char *input, unsigned inputLen)
 {
  unsigned int i, index, partLen;
  /* Compute number of bytes mod 64 */
  index = (unsigned int)((context->count[0] >> 3) & 0x3F);
  /* Update number of bits */
  if ((context->count[0] += ((UINT4)inputLen << 3))
      < ((UINT4)inputLen << 3))
    context->count[1]++;
  context->count[1] += ((UINT4)inputLen >> 29);
  partLen = 64 - index;
  /* Transform as many times as possible.
   */
  if (inputLen >= partLen) {
    MD4_memcpy
      ((POINTER)&context->buffer[index], (POINTER)input, partLen);
    MD4Transform (context->state, context->buffer);
    for (i = partLen; i + 63 < inputLen; i += 64)
      MD4Transform (context->state, &input[i]);
    index = 0;
  }
  else
    i = 0;
  /* Buffer remaining input */
  MD4_memcpy
    ((POINTER)&context->buffer[index], (POINTER)&input[i],
     inputLen-i);
 }
 /* MD4 finalization. Ends an MD4 message-digest operation, writing the
     the message digest and zeroizing the context.
 */
 void MD4Final (unsigned char digest[16],  MD4_CTX *context)
 {
  unsigned char bits[8];
  unsigned int index, padLen;
  /* Save number of bits */
  Encode (bits, context->count, 8);
  /* Pad out to 56 mod 64.
   */
  index = (unsigned int)((context->count[0] >> 3) & 0x3f);
  padLen = (index < 56) ? (56 - index) : (120 - index);
  MD4Update (context, PADDING, padLen);
  /* Append length (before padding) */
  MD4Update (context, bits, 8);
  /* Store state in digest */
  Encode (digest, context->state, 16);
  /* Zeroize sensitive information.
   */
  MD4_memset ((POINTER)context, 0, sizeof (*context));
 }
 /* MD4 basic transformation. Transforms state based on block.
 */
 static void MD4Transform (UINT4 state[4], unsigned char block[64])
 {
  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
  Decode (x, block, 64);
  /* Round 1 */
  FF (a, b, c, d, x[ 0], S11); /* 1 */
  FF (d, a, b, c, x[ 1], S12); /* 2 */
  FF (c, d, a, b, x[ 2], S13); /* 3 */
  FF (b, c, d, a, x[ 3], S14); /* 4 */
  FF (a, b, c, d, x[ 4], S11); /* 5 */
  FF (d, a, b, c, x[ 5], S12); /* 6 */
  FF (c, d, a, b, x[ 6], S13); /* 7 */
  FF (b, c, d, a, x[ 7], S14); /* 8 */
  FF (a, b, c, d, x[ 8], S11); /* 9 */
  FF (d, a, b, c, x[ 9], S12); /* 10 */
  FF (c, d, a, b, x[10], S13); /* 11 */
  FF (b, c, d, a, x[11], S14); /* 12 */
  FF (a, b, c, d, x[12], S11); /* 13 */
  FF (d, a, b, c, x[13], S12); /* 14 */
  FF (c, d, a, b, x[14], S13); /* 15 */
  FF (b, c, d, a, x[15], S14); /* 16 */
  /* Round 2 */
  GG (a, b, c, d, x[ 0], S21); /* 17 */
  GG (d, a, b, c, x[ 4], S22); /* 18 */
  GG (c, d, a, b, x[ 8], S23); /* 19 */
  GG (b, c, d, a, x[12], S24); /* 20 */
  GG (a, b, c, d, x[ 1], S21); /* 21 */
  GG (d, a, b, c, x[ 5], S22); /* 22 */
  GG (c, d, a, b, x[ 9], S23); /* 23 */
  GG (b, c, d, a, x[13], S24); /* 24 */
  GG (a, b, c, d, x[ 2], S21); /* 25 */
  GG (d, a, b, c, x[ 6], S22); /* 26 */
  GG (c, d, a, b, x[10], S23); /* 27 */
  GG (b, c, d, a, x[14], S24); /* 28 */
  GG (a, b, c, d, x[ 3], S21); /* 29 */
  GG (d, a, b, c, x[ 7], S22); /* 30 */
  GG (c, d, a, b, x[11], S23); /* 31 */
  GG (b, c, d, a, x[15], S24); /* 32 */
  /* Round 3 */
  HH (a, b, c, d, x[ 0], S31); /* 33 */
  HH (d, a, b, c, x[ 8], S32); /* 34 */
  HH (c, d, a, b, x[ 4], S33); /* 35 */
  HH (b, c, d, a, x[12], S34); /* 36 */
  HH (a, b, c, d, x[ 2], S31); /* 37 */
  HH (d, a, b, c, x[10], S32); /* 38 */
  HH (c, d, a, b, x[ 6], S33); /* 39 */
  HH (b, c, d, a, x[14], S34); /* 40 */
  HH (a, b, c, d, x[ 1], S31); /* 41 */
  HH (d, a, b, c, x[ 9], S32); /* 42 */
  HH (c, d, a, b, x[ 5], S33); /* 43 */
  HH (b, c, d, a, x[13], S34); /* 44 */
  HH (a, b, c, d, x[ 3], S31); /* 45 */
  HH (d, a, b, c, x[11], S32); /* 46 */
  HH (c, d, a, b, x[ 7], S33); /* 47 */
  HH (b, c, d, a, x[15], S34); /* 48 */
  state[0] += a;
  state[1] += b;
  state[2] += c;
  state[3] += d;
  /* Zeroize sensitive information.
   */
  MD4_memset ((POINTER)x, 0, sizeof (x));
 }
 /* Encodes input (UINT4) into output (unsigned char). Assumes len is
     a multiple of 4.
 */
 static void Encode (unsigned char *output, UINT4 *input, unsigned len)
 {
  unsigned int i, j;
  for (i = 0, j = 0; j < len; i++, j += 4) {
    output[j] = (unsigned char)(input[i] & 0xff);
    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
  }
 }
 /* Decodes input (unsigned char) into output (UINT4). Assumes len is
     a multiple of 4.
 */
 static void Decode (UINT4 *output, unsigned char *input, unsigned len)
 {
  unsigned int i, j;
  for (i = 0, j = 0; j < len; i++, j += 4)
    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
 }
 /* Note: Replace "for loop" with standard memcpy if possible.
 */
 static void MD4_memcpy (POINTER output, POINTER input, unsigned len)
 {
  unsigned int i;
  for (i = 0; i < len; i++)
    output[i] = input[i];
 }
 /* Note: Replace "for loop" with standard memset if possible.
 */
 static void MD4_memset (POINTER output, int value, unsigned len)
 {
  unsigned int i;
  for (i = 0; i < len; i++)
    ((char *)output)[i] = (char)value;
 }
--- a/src/libs/md4.h
+++ b/src/libs/md4.h
@ -1,83 +0,0 @@
 #ifndef _LRAD_MD4_H
 #define _LRAD_MD4_H
 #ifndef _LRAD_PROTO_H
 #define _LRAD_PROTO_H
 /* GLOBAL.H - RSAREF types and constants
 */
 /* PROTOTYPES should be set to one if and only if the compiler supports
  function argument prototyping.
  The following makes PROTOTYPES default to 0 if it has not already
  been defined with C compiler flags.
 */
 #ifndef PROTOTYPES
 #  if __STDC__
 #    define PROTOTYPES 1
 #  else
 #    define PROTOTYPES 0
 #  endif
 #endif
 /* POINTER defines a generic pointer type */
 typedef unsigned char *POINTER;
 #define _POINTER_T
 /* UINT2 defines a two byte word */
 typedef unsigned short int UINT2;
 #define _UINT2_T
 /* UINT4 defines a four byte word */
 typedef unsigned int UINT4;
 #define _UINT4_T
 /* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
   If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
  returns an empty list.
 */
 #if PROTOTYPES
 #define PROTO_LIST(list) list
 #else
 #define PROTO_LIST(list) ()
 #endif
 #endif /* _LRAD_PROTO_H */
 /* MD4.H - header file for MD4C.C
 */
 /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
   rights reserved.
   License to copy and use this software is granted provided that it
   is identified as the "RSA Data Security, Inc. MD4 Message-Digest
   Algorithm" in all material mentioning or referencing this software
   or this function.
   License is also granted to make and use derivative works provided
   that such works are identified as "derived from the RSA Data
   Security, Inc. MD4 Message-Digest Algorithm" in all material
   mentioning or referencing the derived work.
   RSA Data Security, Inc. makes no representations concerning either
   the merchantability of this software or the suitability of this
   software for any particular purpose. It is provided "as is"
   without express or implied warranty of any kind.
   These notices must be retained in any copies of any part of this
   documentation and/or software.
 */
 /* MD4 context. */
 typedef struct {
  UINT4 state[4];                                   /* state (ABCD) */
  UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
  unsigned char buffer[64];                         /* input buffer */
 } MD4_CTX;
 void md4_calc (unsigned char *, unsigned char *, unsigned int);
 void MD4Init PROTO_LIST ((MD4_CTX *));
 void MD4Update PROTO_LIST
  ((MD4_CTX *, unsigned char *, unsigned int));
 void MD4Final PROTO_LIST ((unsigned char [16], MD4_CTX *));
 #endif /* _LRAD_MD4_H */
--- a/src/libs/md5.c
+++ b/src/libs/md5.c
@ -1,325 +0,0 @@
 /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
 */
 /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
 rights reserved.
 License to copy and use this software is granted provided that it
 is identified as the "RSA Data Security, Inc. MD5 Message-Digest
 Algorithm" in all material mentioning or referencing this software
 or this function.
 License is also granted to make and use derivative works provided
 that such works are identified as "derived from the RSA Data
 Security, Inc. MD5 Message-Digest Algorithm" in all material
 mentioning or referencing the derived work.
 RSA Data Security, Inc. makes no representations concerning either
 the merchantability of this software or the suitability of this
 software for any particular purpose. It is provided "as is"
 without express or implied warranty of any kind.
 These notices must be retained in any copies of any part of this
 documentation and/or software.
 */
 #include "md5.h"
 /* Constants for MD5Transform routine.
 */
 #define S11 7
 #define S12 12
 #define S13 17
 #define S14 22
 #define S21 5
 #define S22 9
 #define S23 14
 #define S24 20
 #define S31 4
 #define S32 11
 #define S33 16
 #define S34 23
 #define S41 6
 #define S42 10
 #define S43 15
 #define S44 21
 void librad_md5_calc(unsigned char *output, unsigned char *input,
 		     unsigned int inputlen);
 static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
 static void Encode PROTO_LIST
  ((unsigned char *, UINT4 *, unsigned int));
 static void Decode PROTO_LIST
  ((UINT4 *, const unsigned char *, unsigned int));
 static void MD5_memcpy PROTO_LIST ((POINTER, CONSTPOINTER, unsigned int));
 static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
 static const unsigned char PADDING[64] = {
  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 /* F, G, H and I are basic MD5 functions.
 */
 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 #define I(x, y, z) ((y) ^ ((x) | (~z)))
 /* ROTATE_LEFT rotates x left n bits.
 */
 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
 Rotation is separate from addition to prevent recomputation.
 */
 #define FF(a, b, c, d, x, s, ac) { \
 (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
 #define GG(a, b, c, d, x, s, ac) { \
 (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
 #define HH(a, b, c, d, x, s, ac) { \
 (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
 #define II(a, b, c, d, x, s, ac) { \
 (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
 (a) = ROTATE_LEFT ((a), (s)); \
 (a) += (b); \
  }
 void librad_md5_calc(unsigned char *output, unsigned char *input,
 		     unsigned int inlen)
 {
 	MD5_CTX	context;
 	MD5Init(&context);
 	MD5Update(&context, input, inlen);
 	MD5Final(output, &context);
 }
 /* MD5 initialization. Begins an MD5 operation, writing a new context.
 */
 void MD5Init (MD5_CTX *context)
 {
  context->count[0] = context->count[1] = 0;
  /* Load magic initialization constants.
 */
  context->state[0] = 0x67452301;
  context->state[1] = 0xefcdab89;
  context->state[2] = 0x98badcfe;
  context->state[3] = 0x10325476;
 }
 /* MD5 block update operation. Continues an MD5 message-digest
  operation, processing another message block, and updating the
  context.
 */
 void MD5Update (MD5_CTX *context, const unsigned char *input, unsigned inputLen)
 {
  unsigned int i, index, partLen;
  /* Compute number of bytes mod 64 */
  index = (unsigned int)((context->count[0] >> 3) & 0x3F);
  /* Update number of bits */
  if ((context->count[0] += ((UINT4)inputLen << 3))
   < ((UINT4)inputLen << 3))
 context->count[1]++;
  context->count[1] += ((UINT4)inputLen >> 29);
  partLen = 64 - index;
  /* Transform as many times as possible.
 */
  if (inputLen >= partLen) {
 MD5_memcpy
   ((POINTER)&context->buffer[index], (CONSTPOINTER)input, partLen);
 MD5Transform (context->state, context->buffer);
 for (i = partLen; i + 63 < inputLen; i += 64)
   MD5Transform (context->state, &input[i]);
 index = 0;
  }
  else
 i = 0;
  /* Buffer remaining input */
  MD5_memcpy
 ((POINTER)&context->buffer[index], (CONSTPOINTER)&input[i],
  inputLen-i);
 }
 /* MD5 finalization. Ends an MD5 message-digest operation, writing the
  the message digest and zeroizing the context.
 */
 void MD5Final (unsigned char digest[16], MD5_CTX *context)
 {
  unsigned char bits[8];
  unsigned int index, padLen;
  /* Save number of bits */
  Encode (bits, context->count, 8);
  /* Pad out to 56 mod 64.
 */
  index = (unsigned int)((context->count[0] >> 3) & 0x3f);
  padLen = (index < 56) ? (56 - index) : (120 - index);
  MD5Update (context, PADDING, padLen);
  /* Append length (before padding) */
  MD5Update (context, bits, 8);
  /* Store state in digest */
  Encode (digest, context->state, 16);
  /* Zeroize sensitive information.
 */
  MD5_memset ((POINTER)context, 0, sizeof (*context));
 }
 /* MD5 basic transformation. Transforms state based on block.
 */
 static void MD5Transform (UINT4 state[4], const unsigned char block[64])
 {
  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
  Decode (x, block, 64);
  /* Round 1 */
  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
 /* Round 2 */
  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
  /* Round 3 */
  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
  /* Round 4 */
  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
  state[0] += a;
  state[1] += b;
  state[2] += c;
  state[3] += d;
  /* Zeroize sensitive information.
 */
  MD5_memset ((POINTER)x, 0, sizeof (x));
 }
 /* Encodes input (UINT4) into output (unsigned char). Assumes len is
  a multiple of 4.
 */
 static void Encode (unsigned char *output, UINT4 *input, unsigned len)
 {
  unsigned int i, j;
  for (i = 0, j = 0; j < len; i++, j += 4) {
 output[j] = (unsigned char)(input[i] & 0xff);
 output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
 output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
 output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
  }
 }
 /* Decodes input (unsigned char) into output (UINT4). Assumes len is
  a multiple of 4.
 */
 static void Decode (UINT4 *output, const unsigned char *input, unsigned len)
 {
  unsigned int i, j;
  for (i = 0, j = 0; j < len; i++, j += 4)
 output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
   (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
 }
 /* Note: Replace "for loop" with standard memcpy if possible.
 */
 static void MD5_memcpy (POINTER output, CONSTPOINTER input, unsigned len)
 {
  unsigned int i;
  for (i = 0; i < len; i++)
 output[i] = input[i];
 }
 /* Note: Replace "for loop" with standard memset if possible.
 */
 static void MD5_memset (POINTER output, int value, unsigned len)
 {
  unsigned int i;
  for (i = 0; i < len; i++)
 ((char *)output)[i] = (char)value;
 }
--- a/src/libs/md5.h
+++ b/src/libs/md5.h
@ -1,94 +0,0 @@
 #ifndef _LRAD_MD5_H
 #define _LRAD_MD5_H
 #ifndef _LRAD_PROTO_H
 #define _LRAD_PROTO_H
 /* GLOBAL.H - RSAREF types and constants
 */
 /* PROTOTYPES should be set to one if and only if the compiler supports
  function argument prototyping.
  The following makes PROTOTYPES default to 0 if it has not already
  been defined with C compiler flags.
 */
 #ifndef PROTOTYPES
 #  if __STDC__
 #    define PROTOTYPES 1
 #  else
 #    define PROTOTYPES 0
 #  endif
 #endif
 /* POINTER defines a generic pointer type */
 #ifndef _POINTER_T
 typedef unsigned char *POINTER;
 #endif
 typedef const unsigned char *CONSTPOINTER;
 /* UINT2 defines a two byte word */
 #ifndef _UINT2_T
 typedef unsigned short int UINT2;
 #endif
 /* UINT4 defines a four byte word */
 #ifndef _UINT4_T
 typedef unsigned int UINT4;
 #endif
 /* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
   If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
  returns an empty list.
 */
 #if PROTOTYPES
 #define PROTO_LIST(list) list
 #else
 #define PROTO_LIST(list) ()
 #endif
 #endif /* _LRAD_PROTO_H */
 /*
 *  FreeRADIUS defines to ensure globally unique MD5 function names,
 *  so that we don't pick up vendor-specific broken MD5 libraries.
 */
 #define MD5_CTX		librad_MD5_CTX
 #define MD5Init		librad_MD5Init
 #define MD5Update	librad_MD5Update
 #define MD5Final       	librad_MD5Final
 /* MD5.H - header file for MD5C.C
 */
 /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
 rights reserved.
 License to copy and use this software is granted provided that it
 is identified as the "RSA Data Security, Inc. MD5 Message-Digest
 Algorithm" in all material mentioning or referencing this software
 or this function.
 License is also granted to make and use derivative works provided
 that such works are identified as "derived from the RSA Data
 Security, Inc. MD5 Message-Digest Algorithm" in all material
 mentioning or referencing the derived work.
 RSA Data Security, Inc. makes no representations concerning either
 the merchantability of this software or the suitability of this
 software for any particular purpose. It is provided "as is"
 without express or implied warranty of any kind.
 These notices must be retained in any copies of any part of this
 documentation and/or software.
 */
 /* MD5 context. */
 typedef struct {
  UINT4 state[4];                                   /* state (ABCD) */
  UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
  unsigned char buffer[64];                         /* input buffer */
 } MD5_CTX;
 void MD5Init PROTO_LIST ((MD5_CTX *));
 void MD5Update PROTO_LIST
  ((MD5_CTX *, const unsigned char *, unsigned int));
 void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
 #endif /* _LRAD_MD5_H */
--- a/src/plugins/SSLPlugin/CMakeLists.txt
+++ b/src/plugins/SSLPlugin/CMakeLists.txt
@ -1,17 +0,0 @@
 # SSLPlugin - requires OpenSSL
 if(NOT TARGET OpenSSL::SSL)
    message(STATUS "SSLPlugin requires OpenSSL, skipping")
    return()
 endif()
 add_3proxy_plugin(SSLPlugin
    SOURCES
        ssl_plugin.c
        my_ssl.c
    LIBRARIES
        OpenSSL::SSL
        OpenSSL::Crypto
    COMPILE_DEFINITIONS
        WITH_SSL
 )
--- a/src/plugins/SSLPlugin/Makefile
+++ b/src/plugins/SSLPlugin/Makefile
@ -1 +0,0 @@
 include Makefile.var
--- a/src/plugins/SSLPlugin/Makefile.inc
+++ b/src/plugins/SSLPlugin/Makefile.inc
@ -1,14 +0,0 @@
 all: $(BUILDDIR)SSLPlugin$(DLSUFFICS)
 ssl_plugin$(OBJSUFFICS): ssl_plugin.c
 	$(CC) $(DCFLAGS) $(CFLAGS) ssl_plugin.c
 my_ssl$(OBJSUFFICS): my_ssl.c
 	$(CC) $(DCFLAGS) $(CFLAGS) my_ssl.c
 $(BUILDDIR)SSLPlugin$(DLSUFFICS): ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS)
 	$(LN) $(LNOUT)../../$(BUILDDIR)SSLPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS) $(LIBS) 
--- a/src/proxy.h
+++ b/src/proxy.h
@ -15,6 +15,12 @@
 #ifndef _3PROXY_H_
 #define _3PROXY_H_
 #include "version.h"
 #ifndef WITH_SSL
 #ifndef NORADIUS
 #define NORADIUS
 #endif
 #endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -232,7 +238,9 @@ extern int paused;
 extern int demon;
 unsigned char * mycrypt(const unsigned char *key, const unsigned char *salt, unsigned char *buf);
 #ifdef WITH_SSL
 unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPassword, int tohex);
 #endif
 int de64 (const unsigned char *in, unsigned char *out, int maxlen);
 unsigned char* en64 (const unsigned char *in, unsigned char *out, int inlen);
 void tohex(unsigned char *in, unsigned char *out, int len);
--- a/src/plugins/SSLPlugin/ssl_plugin.c
+++ b/src/plugins/SSLPlugin/ssl_plugin.c
@ -5,23 +5,19 @@
 */
-#include "../../structures.h"
+#include "structures.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include "../../proxy.h"
+#include "proxy.h"
-#include "my_ssl.h"
+#include "ssl.h"
 #ifndef _WIN32
 #define WINAPI
 #endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
 #ifndef isnumber
 #define isnumber(i_n_arg) ((i_n_arg>='0')&&(i_n_arg<='9'))
 #endif
@ -62,11 +58,6 @@ static char * server_cipher_list = NULL;
 static char * client_sni = NULL;
 static int client_mode = 0;
 typedef struct _ssl_conn {
 	SSL_CTX *ctx;
 	SSL *ssl;
 } ssl_conn;
 struct SSLsock {
 	SOCKET s;
@ -1178,21 +1169,13 @@ static struct symbol ssl_symbols[] = {
 };
-#ifdef WATCOM
+void ssl_install(void){
 #pragma aux ssl_plugin "*" parm caller [ ] value struct float struct routine [eax] modify [eax ecx edx]
 #undef PLUGINCALL
 #define PLUGINCALL
 #endif
 PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink, 
 					 int argc, char** argv){
 	h_nomitm(0, NULL);
 	h_noserv(0, NULL);
 	h_nocli(0, NULL);
-	pl = pluginlink;
+	pl = &pluginlink;
 	free(certcache);
 	certcache = NULL;
@ -1245,7 +1228,7 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
 	}
 	tcppmfunc = (PROXYFUNC)pl->findbyname("tcppm");
-	if(!tcppmfunc){return 13;}
+	if(!tcppmfunc) return;
 	proxyfunc = (PROXYFUNC)pl->findbyname("proxy");
 	if(!proxyfunc)proxyfunc = tcppmfunc;
 	smtppfunc = (PROXYFUNC)pl->findbyname("smtpp");
@ -1253,9 +1236,4 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
 	ftpprfunc = (PROXYFUNC)pl->findbyname("ftppr");
 	if(!ftpprfunc)ftpprfunc = tcppmfunc;
 	return 0;
 }
 #ifdef  __cplusplus
 }
 #endif
--- a/src/plugins/SSLPlugin/my_ssl.h
+++ b/src/plugins/SSLPlugin/my_ssl.h
@ -1,5 +1,5 @@
-#ifndef __my_ssl_h__
+#ifndef __ssl_h__
-#define __my_ssl_h__
+#define __ssl_h__
 //
 // opaque connection structure
@ -10,6 +10,11 @@ typedef void *SSL_CONN;
 //
 typedef void *SSL_CERT;
 typedef struct _ssl_conn {
 	SSL_CTX *ctx;
 	SSL *ssl;
 } ssl_conn;
 struct alpn {
    unsigned char *protos;
    unsigned int protos_len;
@ -83,5 +88,10 @@ void _ssl_cert_free(SSL_CERT cert);
 void ssl_init(void);
 char * getSSLErr(void);
 //
 // Built-in SSL installation (called from 3proxy.c)
 //
 void ssl_install(void);
 extern struct sockfuncs sso;
-#endif // __my_ssl_h__
+#endif // __ssl_h__
--- a/src/plugins/SSLPlugin/my_ssl.c
+++ b/src/plugins/SSLPlugin/my_ssl.c
@ -7,7 +7,7 @@
 #define _CRT_SECURE_NO_WARNINGS
-#include "../../structures.h"
+#include "structures.h"
 #include <memory.h>
 #include <fcntl.h>
 #ifndef _WIN32
@ -20,18 +20,12 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/provider.h>
-#include "../../proxy.h"
+#include "proxy.h"
-#include "my_ssl.h"
+#include "ssl.h"
 typedef struct _ssl_conn {
 	SSL_CTX *ctx;
 	SSL *ssl;
 } ssl_conn;
 _3proxy_mutex_t ssl_file_mutex;
@ -284,15 +278,31 @@ int ssl_file_init = 0;
 int ssl_init_done = 0;
 OSSL_LIB_CTX *library_ctx = NULL;
 extern EVP_MD *md4;
 extern EVP_MD *md5;
 void ssl_init()
 {
 	if(!ssl_init_done){
 	    ssl_init_done = 1;
 	    thread_setup();
 	    SSLeay_add_ssl_algorithms();
 	    SSL_load_error_strings();
 	    _3proxy_mutex_init(&ssl_file_mutex);
 	    bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	    library_ctx = OSSL_LIB_CTX_new();
 	    OSSL_PROVIDER_load(library_ctx, "legacy");
 	    OSSL_PROVIDER_load(library_ctx, "default");
 	    md4 = EVP_MD_fetch(library_ctx, "MD4", NULL);
 	    if (md4 == NULL) {
    		printf("Error fetching MD4\n");
 	    }
 	    md5 = EVP_MD_fetch(library_ctx, "MD5", NULL);
 	    if (md5 == NULL) {
    		printf("Error fetching MD5\n");
 	    }
    	}
 }
--- a/src/structures.h
+++ b/src/structures.h
@ -771,7 +771,9 @@ extern struct hashtable dns_table;
 extern struct hashtable dns6_table;
 extern struct hashtable auth_table;
 extern struct hashtable pw_table;
 #ifdef WITH_SSL
 extern struct hashtable pwnt_table;
 #endif
 extern struct hashtable pwcr_table;
 extern struct hashtable udp_table;