diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0d06342..ef0b8df 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -405,7 +405,6 @@ endif()
 
 add_executable(3proxy
     ${3PROXY_CORE_SOURCES}
-    ${MD_SOURCES}
     $<TARGET_OBJECTS:srv_modules>
     $<TARGET_OBJECTS:srvudppm_obj>
     $<TARGET_OBJECTS:mainfunc>
@@ -415,6 +414,9 @@ add_executable(3proxy
     $<TARGET_OBJECTS:ftp_obj>
     $<TARGET_OBJECTS:3proxy_crypt_obj>
 )
+if(NOT OpenSSL_FOUND)
+    target_sources(3proxy PRIVATE ${MD_SOURCES})
+endif()
 
 if(OpenSSL_FOUND)
     target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
@@ -519,9 +521,11 @@ endif()
 # Build 3proxy_crypt utility
 add_executable(3proxy_crypt
     src/3proxy_crypt.c
-    ${MD_SOURCES}
     $<TARGET_OBJECTS:base64_obj>
 )
+if(NOT OpenSSL_FOUND)
+    target_sources(3proxy_crypt PRIVATE ${MD_SOURCES})
+endif()
 target_compile_definitions(3proxy_crypt PRIVATE WITHMAIN)
 target_include_directories(3proxy_crypt PRIVATE
     ${CMAKE_CURRENT_SOURCE_DIR}/src
diff --git a/src/3proxy_crypt.c b/src/3proxy_crypt.c
index 1d2af0e..6960d47 100644
--- a/src/3proxy_crypt.c
+++ b/src/3proxy_crypt.c
@@ -8,7 +8,9 @@
 #include "blake2_compat.h"
 #ifdef WITH_SSL
 #include <openssl/evp.h>
-#ifndef WITHMAIN
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/params.h>
+#include <openssl/core_names.h>
 #endif
 #endif
 #include <string.h>
@@ -29,9 +31,50 @@ static unsigned char itoa64[] =
 #if defined(WITH_SSL)
 EVP_MD *md4_hash = NULL;
 EVP_MD *md5_hash = NULL;
-EVP_MD *blake2_hash = NULL;
 #endif
 
+#if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+int blake2b_init_3p(blake2b_state *S, size_t outlen) {
+    *S = EVP_MD_CTX_new();
+    if (!*S) return -1;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    size_t sz = outlen;
+    OSSL_PARAM params[2];
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
+    params[1] = OSSL_PARAM_construct_end();
+    if (!EVP_DigestInit_ex2(*S, EVP_blake2b512(), params)) {
+#else
+    (void)outlen;
+    if (!EVP_DigestInit_ex(*S, EVP_blake2b512(), NULL)) {
+#endif
+        EVP_MD_CTX_free(*S);
+        *S = NULL;
+        return -1;
+    }
+    return 0;
+}
+
+int blake2b_update_3p(blake2b_state *S, const void *in, size_t inlen) {
+    if (inlen == 0) return 0;
+    return EVP_DigestUpdate(*S, in, inlen) ? 0 : -1;
+}
+
+int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    unsigned int len = 0;
+    int ret = EVP_DigestFinal_ex(*S, out, &len) ? 0 : -1;
+#else
+    unsigned char tmp[64];
+    unsigned int len = 0;
+    int ret = EVP_DigestFinal_ex(*S, tmp, &len) ? 0 : -1;
+    if (ret == 0) memcpy(out, tmp, outlen);
+#endif
+    EVP_MD_CTX_free(*S);
+    *S = NULL;
+    return ret;
+}
+#endif /* WITH_SSL && OPENSSL >= 1.1 */
+
 void
 _crypt_to64(unsigned char *s, unsigned long v, int n)
 {
@@ -189,10 +232,10 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
     magic = (unsigned char *)"$3$";
     {
         blake2b_state S;
-        if(blake2b_init(&S, MD5_SIZE) != 0 ||
-           blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
-           blake2b_update(&S, sp, sl) != 0 ||
-           blake2b_final(&S, final, MD5_SIZE) != 0) {
+        if(blake2b_init_3p(&S, MD5_SIZE) != 0 ||
+           blake2b_update_3p(&S, pw, strlen((char *)pw) + 1) != 0 ||
+           blake2b_update_3p(&S, sp, sl) != 0 ||
+           blake2b_final_3p(&S, final, MD5_SIZE) != 0) {
             *passwd = 0;
             return NULL;
         }
@@ -268,10 +311,6 @@ int main(int argc, char* argv[]){
         if (md5_hash == NULL) {
 	    fprintf(stderr, "Error fetching MD5\n");
         }
-        blake2_hash = EVP_blake2b512();
-        if (blake2_hash == NULL) {
-	    fprintf(stderr, "Error fetching Blake2\n");
-        }
 #endif
 	if(argc == 2) {
 #ifdef WITH_SSL
diff --git a/src/auth.c b/src/auth.c
index dc15f38..be26861 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -234,9 +234,9 @@ int strongauth(struct clientparam * param){
 				unsigned hashsz;
 				hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
 				memset(buf, 0, pwl_table.recsize - 1);
-				blake2b_init(&S, hashsz);
-				blake2b_update(&S, param->password, pwlen + 1);
-				blake2b_final(&S, buf, hashsz);
+				blake2b_init_3p(&S, hashsz);
+				blake2b_update_3p(&S, param->password, pwlen + 1);
+				blake2b_final_3p(&S, buf, hashsz);
 				if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
 			    }
 			    return 6;
diff --git a/src/blake2_compat.h b/src/blake2_compat.h
index 38fac24..13f5719 100644
--- a/src/blake2_compat.h
+++ b/src/blake2_compat.h
@@ -8,70 +8,21 @@
 #if defined(WITH_SSL) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 
 #include <openssl/evp.h>
-#include <string.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#include <openssl/params.h>
-#include <openssl/core_names.h>
-#endif
-
-/*
- * OpenSSL 1.1.0+ BLAKE2b implementation.
- * Provides the same streaming API as libs/blake2.h but uses EVP internally.
- *
- * OpenSSL 3.0+: uses OSSL_DIGEST_PARAM_SIZE for proper custom output sizes.
- * OpenSSL 1.1.x: computes full 64-byte output and truncates in blake2b_final.
- */
 
 typedef EVP_MD_CTX *blake2b_state;
-extern EVP_MD *blake2_hash;
 
-static int blake2b_init(blake2b_state *S, size_t outlen) {
-    *S = EVP_MD_CTX_new();
-    if (!*S) return -1;
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    size_t sz = outlen;
-    OSSL_PARAM params[2];
-    params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
-    params[1] = OSSL_PARAM_construct_end();
-
-    if (!EVP_DigestInit_ex2(*S, blake2_hash, params)) {
-#else
-    (void)outlen;
-    if (!EVP_DigestInit_ex(*S, blake2_hash, NULL)) {
-#endif
-        EVP_MD_CTX_free(*S);
-        *S = NULL;
-        return -1;
-    }
-    return 0;
-}
-
-static int blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
-    if (inlen == 0) return 0;
-    return EVP_DigestUpdate(*S, in, inlen) ? 0 : -1;
-}
-
-static int blake2b_final(blake2b_state *S, void *out, size_t outlen) {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    unsigned int len = 0;
-    int ret = EVP_DigestFinal_ex(*S, out, &len) ? 0 : -1;
-#else
-    unsigned char tmp[64];
-    unsigned int len = 0;
-    int ret = EVP_DigestFinal_ex(*S, tmp, &len) ? 0 : -1;
-    if (ret == 0) memcpy(out, tmp, outlen);
-#endif
-    EVP_MD_CTX_free(*S);
-    *S = NULL;
-    return ret;
-}
+int blake2b_init_3p(blake2b_state *S, size_t outlen);
+int blake2b_update_3p(blake2b_state *S, const void *in, size_t inlen);
+int blake2b_final_3p(blake2b_state *S, void *out, size_t outlen);
 
 #else
 
 #include "libs/blake2.h"
 
+#define blake2b_init_3p   blake2b_init
+#define blake2b_update_3p blake2b_update
+#define blake2b_final_3p  blake2b_final
+
 #endif
 
 #endif /* BLAKE2_COMPAT_H */
diff --git a/src/conf.c b/src/conf.c
index 1f141c9..359d202 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -561,9 +561,9 @@ static int h_users(int argc, unsigned char **argv){
 	    blake2b_state S;
 	    unsigned hashsz;
 	    hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
-	    blake2b_init(&S, hashsz);
-	    blake2b_update(&S, pw[1], l + 1);
-	    blake2b_final(&S, (uint8_t *)(pass + 1), hashsz);
+	    blake2b_init_3p(&S, hashsz);
+	    blake2b_update_3p(&S, pw[1], l + 1);
+	    blake2b_final_3p(&S, (uint8_t *)(pass + 1), hashsz);
 	} else {
 	    memcpy(pass + 1, pw[1], l);
 	}
diff --git a/src/hashtables.c b/src/hashtables.c
index 533716e..2b77cdf 100644
--- a/src/hashtables.c
+++ b/src/hashtables.c
@@ -10,9 +10,9 @@ static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *ha
     memset(hash, 0, ht->hash_size);
     if(len <= ht->hash_size) memcpy(hash, index, len);
     else {
-	blake2b_init(&S, ht->hash_size);
-	blake2b_update(&S, index, strlen((const char*)index) + 1);
-	blake2b_final(&S, hash, ht->hash_size);
+	blake2b_init_3p(&S, ht->hash_size);
+	blake2b_update_3p(&S, index, strlen((const char*)index) + 1);
+	blake2b_final_3p(&S, hash, ht->hash_size);
     }
 }
 
@@ -49,18 +49,18 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has
 	if((type & 2048)){ memcpy(hash + offset, SAPORT(&param->srv->intsa), p2len); offset += 2; }
     }
     else {
-	blake2b_init(&S, ht->hash_size);
-	if((type & 2) && param->username)blake2b_update(&S, param->username, ulen);
-        if((type & 4) && param->password)blake2b_update(&S, param->password, plen);
-	if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(&param->sincr), a1len);
-	if((type & 16))blake2b_update(&S, &param->srv->acl, acllen);
-	if((type & 64))blake2b_update(&S, SAADDR(&param->req), a2len);
-	if((type & 128))blake2b_update(&S, SAPORT(&param->req), 2);
-	if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen);
-	if((type & 512))blake2b_update(&S, &param->operation, sizeof(param->operation));
-	if((type & 1024))blake2b_update(&S, SAADDR(&param->srv->intsa), a3len);
-	if((type & 2048))blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
-	blake2b_final(&S, hash, ht->hash_size);
+	blake2b_init_3p(&S, ht->hash_size);
+	if((type & 2) && param->username)blake2b_update_3p(&S, param->username, ulen);
+        if((type & 4) && param->password)blake2b_update_3p(&S, param->password, plen);
+	if((type & 1) && !(type & 8))blake2b_update_3p(&S, SAADDR(&param->sincr), a1len);
+	if((type & 16))blake2b_update_3p(&S, &param->srv->acl, acllen);
+	if((type & 64))blake2b_update_3p(&S, SAADDR(&param->req), a2len);
+	if((type & 128))blake2b_update_3p(&S, SAPORT(&param->req), 2);
+	if((type & 256) && param->hostname)blake2b_update_3p(&S, param->hostname, hlen);
+	if((type & 512))blake2b_update_3p(&S, &param->operation, sizeof(param->operation));
+	if((type & 1024))blake2b_update_3p(&S, SAADDR(&param->srv->intsa), a3len);
+	if((type & 2048))blake2b_update_3p(&S, SAPORT(&param->srv->intsa), 2);
+	blake2b_final_3p(&S, hash, ht->hash_size);
     }
     memcpy(param->hash, hash, ht->hash_size);
 }
@@ -74,12 +74,12 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
 static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
     struct clientparam *param = (struct clientparam *)index;
     blake2b_state S;
-    blake2b_init(&S, ht->hash_size);
-    blake2b_update(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
-    blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
-    blake2b_update(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
-    blake2b_update(&S, SAPORT(&param->sincr), 2);
-    blake2b_final(&S, hash, ht->hash_size);
+    blake2b_init_3p(&S, ht->hash_size);
+    blake2b_update_3p(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
+    blake2b_update_3p(&S, SAPORT(&param->srv->intsa), 2);
+    blake2b_update_3p(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
+    blake2b_update_3p(&S, SAPORT(&param->sincr), 2);
+    blake2b_final_3p(&S, hash, ht->hash_size);
 }
 
 struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};
diff --git a/src/ssllib.c b/src/ssllib.c
index dbe0093..46395b0 100644
--- a/src/ssllib.c
+++ b/src/ssllib.c
@@ -281,7 +281,6 @@ int ssl_init_done = 0;
 OSSL_LIB_CTX *library_ctx = NULL;
 extern EVP_MD *md4_hash;
 extern EVP_MD *md5_hash;
-extern EVP_MD *blake2_hash;
 
 
 void ssl_init()
@@ -305,10 +304,6 @@ void ssl_init()
 	    if (md5_hash == NULL) {
     		fprintf(stderr, "Error fetching MD5\n");
 	    }
-	    blake2_hash = EVP_blake2b512();
-	    if (blake2_hash == NULL) {
-    		fprintf(stderr, "Error fetching Blake2\n");
-	    }
 
     	}
 }