@zvolin and I have been discussing the PKCS5 implementation in MbedTLS and it seems pretty broken and untested. e.g. Mbed-TLS/mbedtls#7038 (comment). We should disable it.

From #213, you can see that although I removed the support of pkcs12 support in rust side, I still turn on the C define of it because some other code in C side is actually using pkcs12 (mainly in TLS for parse certificates). And this also applies to pkcs5.

And also the related function pbkdf2_hmac which used pkcs5_pbkdf2_hmac_ext is currently used by our internal projects.
So I think this issue need to be put off or declined.