Also mention HMAC_DRBG in the changelog entry There were no tricky compliance issues for HMAC_DBRG, unlike CTR_DRBG, but mention it anyway. For CTR_DRBG, summarize the salient issue.

commit: 9e2543bd4f5b7fa06287e2e057088b55813bdbda [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 30 15:25:18 2019 +0200
committer: Simon Butcher <simon.butcher@arm.com> Fri Mar 13 15:22:13 2020 +0000
tree: 006678571ce5745bab3fb8e29e3ebced2dc1c868
parent: ccb38381e82bed21c66f9ca900d2e532f4372fda [diff]
diff --git a/ChangeLog b/ChangeLog
index 70488e2..123b9b7 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -73,8 +73,9 @@
 Changes
    * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
      from the cipher abstraction layer. Fixes #2198.
-   * Clarify how the interface of the CTR_DRBG module relates to
-     NIST SP 800-90A.
+   * Clarify how the interface of the CTR_DRBG and HMAC modules relates to
+     NIST SP 800-90A. In particular CTR_DRBG requires an explicit nonce
+     to achieve a 256-bit strength if MBEDTLS_ENTROPY_FORCE_SHA256 is set.
 
 = mbed TLS 2.16.3 branch released 2019-09-06
commit	9e2543bd4f5b7fa06287e2e057088b55813bdbda	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Sep 30 15:25:18 2019 +0200
committer	Simon Butcher <simon.butcher@arm.com>	Fri Mar 13 15:22:13 2020 +0000
tree	006678571ce5745bab3fb8e29e3ebced2dc1c868
parent	ccb38381e82bed21c66f9ca900d2e532f4372fda [diff]