diff --git a/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch b/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch
index 4ad2e8c7db..808450c0dd 100644
--- a/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch
+++ b/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch
@@ -11,7 +11,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
 --- a/include/mbedtls/x509_crt.h
 +++ b/include/mbedtls/x509_crt.h
-@@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b
+@@ -596,7 +596,7 @@ int mbedtls_x509_crt_verify_info(char *b
   * \param cn       The expected Common Name. This will be checked to be
   *                 present in the certificate's subjectAltNames extension or,
   *                 if this extension is absent, as a CN component in its
@@ -22,7 +22,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
   *                 If the verification couldn't be completed, the flag value is
 --- a/library/x509_crt.c
 +++ b/library/x509_crt.c
-@@ -57,6 +57,10 @@
+@@ -45,6 +45,10 @@
  
  #if defined(MBEDTLS_HAVE_TIME)
  #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -33,7 +33,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  #include <windows.h>
  #else
  #include <time.h>
-@@ -3002,6 +3006,61 @@ find_parent:
+@@ -2990,6 +2994,61 @@ find_parent:
      }
  }
  
@@ -95,7 +95,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  /*
   * Check for CN match
   */
-@@ -3022,24 +3081,51 @@ static int x509_crt_check_cn(const mbedt
+@@ -3010,24 +3069,51 @@ static int x509_crt_check_cn(const mbedt
      return -1;
  }
  
@@ -158,7 +158,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  }
  
  /*
-@@ -3050,31 +3136,23 @@ static void x509_crt_verify_name(const m
+@@ -3038,31 +3124,23 @@ static void x509_crt_verify_name(const m
                                   uint32_t *flags)
  {
      const mbedtls_x509_name *name;
diff --git a/package/libs/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch b/package/libs/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch
index 4b0106d157..14dda807d7 100644
--- a/package/libs/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch
+++ b/package/libs/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch
@@ -100,7 +100,7 @@ Then run normal make or cmake etc.
 +#endif /* MBEDTLS_ARMV8CE_AES_H */
 --- a/include/mbedtls/check_config.h
 +++ b/include/mbedtls/check_config.h
-@@ -69,6 +69,10 @@
+@@ -57,6 +57,10 @@
  #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
  #endif
  
@@ -111,14 +111,14 @@ Then run normal make or cmake etc.
  #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
  #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
  #endif
-@@ -959,3 +963,4 @@ typedef int mbedtls_iso_c_forbids_empty_
+@@ -947,3 +951,4 @@ typedef int mbedtls_iso_c_forbids_empty_
  
  /* *INDENT-ON* */
  #endif /* MBEDTLS_CHECK_CONFIG_H */
 +
 --- a/include/mbedtls/config.h
 +++ b/include/mbedtls/config.h
-@@ -46,6 +46,7 @@
+@@ -34,6 +34,7 @@
   * Requires support for asm() in compiler.
   *
   * Used in:
@@ -126,7 +126,7 @@ Then run normal make or cmake etc.
   *      library/aria.c
   *      library/timing.c
   *      include/mbedtls/bn_mul.h
-@@ -2471,6 +2472,21 @@
+@@ -2462,6 +2463,21 @@
  #define MBEDTLS_AESNI_C
  
  /**
@@ -150,7 +150,7 @@ Then run normal make or cmake etc.
   * Enable the AES block cipher.
 --- a/library/aes.c
 +++ b/library/aes.c
-@@ -39,7 +39,9 @@
+@@ -27,7 +27,9 @@
  #if defined(MBEDTLS_AESNI_C)
  #include "mbedtls/aesni.h"
  #endif
@@ -161,7 +161,7 @@ Then run normal make or cmake etc.
  #include "mbedtls/platform.h"
  
  #if !defined(MBEDTLS_AES_ALT)
-@@ -1076,6 +1078,11 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_co
+@@ -1064,6 +1066,11 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_co
      }
  #endif
  
@@ -330,7 +330,7 @@ Then run normal make or cmake etc.
      base64.c
 --- a/library/gcm.c
 +++ b/library/gcm.c
-@@ -43,6 +43,10 @@
+@@ -31,6 +31,10 @@
  #include "mbedtls/aesni.h"
  #endif
  
@@ -341,7 +341,7 @@ Then run normal make or cmake etc.
  #if !defined(MBEDTLS_GCM_ALT)
  
  /* Parameter validation macros */
-@@ -81,6 +85,12 @@ static int gcm_gen_table(mbedtls_gcm_con
+@@ -69,6 +73,12 @@ static int gcm_gen_table(mbedtls_gcm_con
          return ret;
      }
  
@@ -354,7 +354,7 @@ Then run normal make or cmake etc.
      /* pack h as two 64-bits ints, big-endian */
      hi = MBEDTLS_GET_UINT32_BE(h,  0);
      lo = MBEDTLS_GET_UINT32_BE(h,  4);
-@@ -191,6 +201,11 @@ static void gcm_mult(mbedtls_gcm_context
+@@ -179,6 +189,11 @@ static void gcm_mult(mbedtls_gcm_context
      unsigned char lo, hi, rem;
      uint64_t zh, zl;
  
@@ -378,7 +378,7 @@ Then run normal make or cmake etc.
  	     blowfish.o \
 --- a/library/version_features.c
 +++ b/library/version_features.c
-@@ -636,6 +636,9 @@ static const char * const features[] = {
+@@ -624,6 +624,9 @@ static const char * const features[] = {
  #if defined(MBEDTLS_AESNI_C)
      "MBEDTLS_AESNI_C",
  #endif /* MBEDTLS_AESNI_C */