Add changelog entries for the crypto changes in 2.20.0

Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0)
and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0).
diff --git a/ChangeLog b/ChangeLog
index 1d39172..a03d223 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,38 @@
 
 = mbed TLS 2.20.0 branch released 2020-01-15
 
+Default behavior changes
+   * The initial seeding of a CTR\_DRBG instance makes a second call to the
+     entropy function to obtain entropy for a nonce if the entropy size is less
+     than 3/2 times the key size. In case you want to disable the extra call to
+     grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the
+     nonce length to 0.
+
+Security
+   * Enforce that `mbedtls_entropy_func()` gathers a total of
+     `MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the
+     default configuration, on a platform with a single entropy source, the
+     entropy module formerly only grabbed 32 bytes, which is good enough for
+     security if the source is genuinely strong, but less than the expected 64
+     bytes (size of the entropy accumulator).
+
+Features
+   * Key derivation inputs in the PSA API can now either come from a key object
+     or from a buffer regardless of the step type.
+   * The CTR_DRBG module can grab a nonce from the entropy source during the
+     initial seeding. The default nonce length is chosen based on the key size
+     to achieve the security strength defined by NIST SP 800-90A. You can
+     change it with `mbedtls_ctr_drbg_set_nonce_len()`.
+   * Add ENUMERATED tag support to the ASN.1 module. Contributed by
+     msopiha-linaro in #307.
+
+API changes
+   * In the PSA API, forbid zero-length keys. To pass a zero-length input to a
+     key derivation function, use a buffer instead (this is now always
+     possible).
+   * Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and
+     `psa_asymmetric_verify()` to `psa_verify_hash()`.
+
 Bugfix
    * Fix an incorrect size in a debugging message. Reported and fix
      submitted by irwir. Fixes #2717.
@@ -9,6 +41,34 @@
      Reported and fix submitted by irwir. Fixes #2800.
    * Remove a useless assignment. Reported and fix submitted by irwir.
      Fixes #2801.
+   * Fix a buffer overflow in the PSA HMAC code when using a long key with an
+     unsupported algorithm. Fixes #254.
+   * Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit
+     to OSS-Fuzz for finding a bug in an intermediate version of the fix.
+   * Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at
+     most 2 bytes.
+   * `mbedtls_ctr_drbg_set_entropy_len()` and
+     `mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before
+     `mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`.
+   * Fix some false-positive uninitialized variable warnings. Fix contributed
+     by apple-ihack-geek in ARMmbed/mbedtls#2663.
+
+Changes
+   * Remove the technical possibility to define custom `mbedtls_md_info`
+     structures, which was exposed only in an internal header.
+   * `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as
+     before).
+   * Variables containing error codes are now initialized to an error code
+     rather than success, so that coding mistakes or memory corruption tends to
+     cause functions to return this error code rather than a success. There are
+     no known instances where this changes the behavior of the library: this is
+     merely a robustness improvement. #323
+   * Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by
+     Alexander Krizhanovsky in #210.
+   * Speed up PBKDF2 by caching the digest calculation. Contributed by Jack
+     Lloyd and Fortanix Inc in #277.
+   * Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by
+     Alexander Krizhanovsky in #308.
 
 = mbed TLS 2.19.1 branch released 2019-09-16