diff --git a/.gitmodules b/.gitmodules
index 4d7e5fcac..e514a7f6d 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -19,9 +19,6 @@
 [submodule "nanopb"]
 	path = native/src/external/nanopb
 	url = https://github.com/nanopb/nanopb.git
-[submodule "mincrypt"]
-	path = native/src/external/mincrypt
-	url = https://github.com/topjohnwu/mincrypt.git
 [submodule "pcre"]
 	path = native/src/external/pcre
 	url = https://android.googlesource.com/platform/external/pcre
diff --git a/native/src/Android.mk b/native/src/Android.mk
index c3e557659..13d675335 100644
--- a/native/src/Android.mk
+++ b/native/src/Android.mk
@@ -14,7 +14,6 @@ LOCAL_STATIC_LIBRARIES := \
     libsystemproperties \
     libphmap \
     liblsplt \
-    libmincrypt \
     libmagisk-rs
 
 LOCAL_SRC_FILES := \
@@ -99,7 +98,6 @@ LOCAL_MODULE := magiskboot
 LOCAL_STATIC_LIBRARIES := \
     libbase \
     libcompat \
-    libmincrypt \
     liblzma \
     liblz4 \
     libbz2 \
diff --git a/native/src/Cargo.lock b/native/src/Cargo.lock
index 6729768f0..f73b2097c 100644
--- a/native/src/Cargo.lock
+++ b/native/src/Cargo.lock
@@ -82,6 +82,15 @@ version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "byteorder"
 version = "1.4.3"
@@ -125,6 +134,25 @@ dependencies = [
  "unicode-width",
 ]
 
+[[package]]
+name = "cpufeatures"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "03e69e28e9f7f77debdedbaafa2866e1de9ba56df55a8bd7cfc724c25a09987c"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
 [[package]]
 name = "cxx"
 version = "1.0.94"
@@ -157,6 +185,16 @@ dependencies = [
  "syn 2.0.18",
 ]
 
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+]
+
 [[package]]
 name = "env_logger"
 version = "0.7.1"
@@ -170,6 +208,16 @@ dependencies = [
  "termcolor",
 ]
 
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
 [[package]]
 name = "hermit-abi"
 version = "0.1.19"
@@ -220,8 +268,11 @@ dependencies = [
  "byteorder",
  "cxx",
  "cxx-gen",
+ "digest",
  "pb-rs",
  "quick-protobuf",
+ "sha1",
+ "sha2",
  "size",
 ]
 
@@ -346,6 +397,28 @@ version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78"
 
+[[package]]
+name = "sha1"
+version = "0.10.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "size"
 version = "0.4.1"
@@ -418,6 +491,12 @@ dependencies = [
  "syn 2.0.18",
 ]
 
+[[package]]
+name = "typenum"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.9"
@@ -436,6 +515,12 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
 
+[[package]]
+name = "version_check"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
diff --git a/native/src/Cargo.toml b/native/src/Cargo.toml
index 7050529e6..e87ab1de1 100644
--- a/native/src/Cargo.toml
+++ b/native/src/Cargo.toml
@@ -16,6 +16,9 @@ size = "0.4"
 argh = "0.1.10"
 pb-rs = { git = "https://github.com/tafia/quick-protobuf.git", rev = "2f37d5a65504de7d716b5b28fd82219501a901a9" }
 quick-protobuf = { git = "https://github.com/tafia/quick-protobuf.git", rev = "2f37d5a65504de7d716b5b28fd82219501a901a9" }
+sha1 = "0.10.5"
+sha2 = "0.10.7"
+digest = "0.10.7"
 
 [profile.dev]
 opt-level = "z"
diff --git a/native/src/boot/Cargo.toml b/native/src/boot/Cargo.toml
index 32ca8e0ce..91204bbcf 100644
--- a/native/src/boot/Cargo.toml
+++ b/native/src/boot/Cargo.toml
@@ -18,3 +18,6 @@ byteorder = { workspace = true }
 size = { workspace = true }
 quick-protobuf = { workspace = true }
 argh = { workspace = true }
+sha1 = { workspace = true }
+sha2 = { workspace = true }
+digest = { workspace = true }
diff --git a/native/src/boot/bootimg.cpp b/native/src/boot/bootimg.cpp
index 7dd7c3706..4abcea2a6 100644
--- a/native/src/boot/bootimg.cpp
+++ b/native/src/boot/bootimg.cpp
@@ -2,10 +2,9 @@
 #include <memory>
 
 #include <libfdt.h>
-#include <mincrypt/sha.h>
-#include <mincrypt/sha256.h>
 #include <base.hpp>
 
+#include "boot-rs.hpp"
 #include "bootimg.hpp"
 #include "magiskboot.hpp"
 #include "compress.hpp"
@@ -13,6 +12,8 @@
 using namespace std;
 
 #define PADDING 15
+#define SHA256_DIGEST_SIZE 32
+#define SHA_DIGEST_SIZE 20
 
 static void decompress(format_t type, int fd, const void *in, size_t size) {
     auto ptr = get_decoder(type, make_unique<fd_channel>(fd));
@@ -749,35 +750,35 @@ void repack(const char *src_img, const char *out_img, bool skip_comp) {
 
     // Update checksum
     if (char *id = hdr->id()) {
-        HASH_CTX ctx;
-        boot.flags[SHA256_FLAG] ? SHA256_init(&ctx) : SHA_init(&ctx);
+        auto ctx = get_sha(!boot.flags[SHA256_FLAG]);
         uint32_t size = hdr->kernel_size();
-        HASH_update(&ctx, out.buf() + off.kernel, size);
-        HASH_update(&ctx, &size, sizeof(size));
+        ctx->update(byte_view(out.buf() + off.kernel, size));
+        ctx->update(byte_view(&size, sizeof(size)));
         size = hdr->ramdisk_size();
-        HASH_update(&ctx, out.buf() + off.ramdisk, size);
-        HASH_update(&ctx, &size, sizeof(size));
+        ctx->update(byte_view(out.buf() + off.ramdisk, size));
+        ctx->update(byte_view(&size, sizeof(size)));
         size = hdr->second_size();
-        HASH_update(&ctx, out.buf() + off.second, size);
-        HASH_update(&ctx, &size, sizeof(size));
+        ctx->update(byte_view(out.buf() + off.second, size));
+        ctx->update(byte_view(&size, sizeof(size)));
         size = hdr->extra_size();
         if (size) {
-            HASH_update(&ctx, out.buf() + off.extra, size);
-            HASH_update(&ctx, &size, sizeof(size));
+            ctx->update(byte_view(out.buf() + off.extra, size));
+            ctx->update(byte_view(&size, sizeof(size)));
         }
         uint32_t ver = hdr->header_version();
         if (ver == 1 || ver == 2) {
             size = hdr->recovery_dtbo_size();
-            HASH_update(&ctx, out.buf() + hdr->recovery_dtbo_offset(), size);
-            HASH_update(&ctx, &size, sizeof(size));
+            ctx->update(byte_view(out.buf() + hdr->recovery_dtbo_offset(), size));
+            ctx->update(byte_view(&size, sizeof(size)));
         }
         if (ver == 2) {
             size = hdr->dtb_size();
-            HASH_update(&ctx, out.buf() + off.dtb, size);
-            HASH_update(&ctx, &size, sizeof(size));
+            ctx->update(byte_view(out.buf() + off.dtb, size));
+            ctx->update(byte_view(&size, sizeof(size)));
         }
         memset(id, 0, BOOT_ID_SIZE);
-        memcpy(id, HASH_final(&ctx), boot.flags[SHA256_FLAG] ? SHA256_DIGEST_SIZE : SHA_DIGEST_SIZE);
+        auto digest = ctx->finalize();
+        memcpy(id, digest.data(), digest.size());
     }
 
     // Print new header info
@@ -808,7 +809,8 @@ void repack(const char *src_img, const char *out_img, bool skip_comp) {
         auto d_hdr = reinterpret_cast<dhtb_hdr *>(out.buf());
         memcpy(d_hdr, DHTB_MAGIC, 8);
         d_hdr->size = off.total - sizeof(dhtb_hdr);
-        SHA256_hash(out.buf() + sizeof(dhtb_hdr), d_hdr->size, d_hdr->checksum);
+        auto checksum = sha_digest(byte_view(out.buf() + sizeof(dhtb_hdr), d_hdr->size), false);
+        memcpy(d_hdr->checksum, checksum.data(), checksum.size());
     } else if (boot.flags[BLOB_FLAG]) {
         // Blob header
         auto b_hdr = reinterpret_cast<blob_hdr *>(out.buf());
diff --git a/native/src/boot/lib.rs b/native/src/boot/lib.rs
index 174115188..d791b51cd 100644
--- a/native/src/boot/lib.rs
+++ b/native/src/boot/lib.rs
@@ -5,6 +5,7 @@ pub use base;
 use cpio::cpio_commands;
 use patch::{hexpatch, patch_encryption, patch_verity};
 use payload::extract_boot_from_payload;
+use sha::{get_sha, sha_digest, SHA};
 
 mod cpio;
 mod patch;
@@ -13,6 +14,7 @@ mod payload;
 #[allow(warnings)]
 mod proto;
 mod ramdisk;
+mod sha;
 
 #[cxx::bridge]
 pub mod ffi {
@@ -37,4 +39,12 @@ pub mod ffi {
 
         unsafe fn cpio_commands(argc: i32, argv: *const *const c_char) -> bool;
     }
+
+    extern "Rust" {
+        type SHA;
+        fn get_sha(use_sha1: bool) -> Box<SHA>;
+        fn finalize(&mut self) -> Vec<u8>;
+        fn update(&mut self, data: &[u8]);
+        fn sha_digest(data: &[u8], use_sha1: bool) -> Vec<u8>;
+    }
 }
diff --git a/native/src/boot/main.cpp b/native/src/boot/main.cpp
index 0f84c1a43..390a5076e 100644
--- a/native/src/boot/main.cpp
+++ b/native/src/boot/main.cpp
@@ -1,4 +1,3 @@
-#include <mincrypt/sha.h>
 #include <base.hpp>
 
 #include "boot-rs.hpp"
@@ -134,10 +133,8 @@ int main(int argc, char *argv[]) {
         unlink(RECV_DTBO_FILE);
         unlink(DTB_FILE);
     } else if (argc > 2 && action == "sha1") {
-        uint8_t sha1[SHA_DIGEST_SIZE];
         mmap_data m(argv[2]);
-        SHA_hash(m.buf(), m.sz(), sha1);
-        for (uint8_t i : sha1)
+        for (auto i : sha_digest(byte_view(m.buf(), m.sz()), true))
             printf("%02x", i);
         printf("\n");
     } else if (argc > 2 && action == "split") {
diff --git a/native/src/boot/sha.rs b/native/src/boot/sha.rs
new file mode 100644
index 000000000..ccb2e5ea0
--- /dev/null
+++ b/native/src/boot/sha.rs
@@ -0,0 +1,33 @@
+use digest::DynDigest;
+use sha1::Sha1;
+use sha2::Sha256;
+
+pub struct SHA {
+    hasher: Box<dyn DynDigest>,
+}
+
+impl SHA {
+    pub fn update(&mut self, data: &[u8]) {
+        self.hasher.update(data);
+    }
+
+    pub fn finalize(&mut self) -> Vec<u8> {
+        self.hasher.finalize_reset().to_vec()
+    }
+}
+
+pub fn get_sha(use_sha1: bool) -> Box<SHA> {
+    Box::new(SHA {
+        hasher: if use_sha1 {
+            Box::new(Sha1::default())
+        } else {
+            Box::new(Sha256::default())
+        },
+    })
+}
+
+pub fn sha_digest(data: &[u8], use_sha1: bool) -> Vec<u8> {
+    let mut sha = get_sha(use_sha1);
+    sha.update(data);
+    sha.finalize()
+}
diff --git a/native/src/external/Android.mk b/native/src/external/Android.mk
index 4bd6153b2..c0ea1980d 100644
--- a/native/src/external/Android.mk
+++ b/native/src/external/Android.mk
@@ -424,5 +424,4 @@ include $(BUILD_STATIC_LIBRARY)
 
 CWD := $(LOCAL_PATH)
 include $(CWD)/system_properties/Android.mk
-include $(CWD)/mincrypt/Android.mk
 include $(CWD)/libcxx/Android.mk
diff --git a/native/src/external/mincrypt b/native/src/external/mincrypt
deleted file mode 160000
index 1f355c50a..000000000
--- a/native/src/external/mincrypt
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 1f355c50a4025a3549cbeeb6cb29b639d8721323