Also mention HMAC_DRBG in the changelog entry There were no tricky compliance issues for HMAC_DBRG, unlike CTR_DRBG, but mention it anyway. For CTR_DRBG, summarize the salient issue.

commit: 6735363f809049c70038b8272721d909b9a64772 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 30 15:25:18 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 30 15:27:33 2019 +0200
tree: 9a838bac7e609988fefb5e789df7a83b35fb3654
parent: 0b5e804c095789c85cba0503b04d53eb5700a35e [diff]
diff --git a/ChangeLog b/ChangeLog
index 30a84f1..18a47c8 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,8 +3,9 @@
 = mbed TLS 2.16.x branch released xxxx-xx-xx
 
 Changes
-   * Clarify how the interface of the CTR_DRBG module relates to
-     NIST SP 800-90A.
+   * Clarify how the interface of the CTR_DRBG and HMAC modules relates to
+     NIST SP 800-90A. In particular CTR_DRBG requires an explicit nonce
+     to achieve a 256-bit strength if MBEDTLS_ENTROPY_FORCE_SHA256 is set.
 
 = mbed TLS 2.16.3 branch released 2019-09-06
commit	6735363f809049c70038b8272721d909b9a64772	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Sep 30 15:25:18 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Sep 30 15:27:33 2019 +0200
tree	9a838bac7e609988fefb5e789df7a83b35fb3654
parent	0b5e804c095789c85cba0503b04d53eb5700a35e [diff]