rust-crypto is unmaintained, so it's strongly recommended to avoid it.
If you only need PBKDF2, then I would recommend to use the pbkdf2 crate, since it's a lightweight pure-Rust dependency (disclaimer: it's part of the RustCrypto project and I am one of its maintainers).
ring is a good option if you already have it in your dependency tree (e.g. via rustls) and if you absolutely want to squeeze the last drop of performance (ring uses assembly and C inherited from BoringSSL, so it's a bit more performant than the pure Rust implementation), but it has downsides of relying on non-Rust code (e.g. it's less portable and harder to cross-compile).
is an old monolithic crate. It's unmaintained, which is why the last update was 2016. It is basically the predecessor to the separate crates maintained by Rust Crypto · GitHub, for example these:
Those are alive and well. One of those is the pbkdf2 crate.
Correct?
I'm not sure yet. I also need to do AES-CBC, preferably with AES hardware detection. I haven't found out yet how to do AES-CBC with ring.
ring principally supports only a relatively small list of cryptographic algorithms and does not expose "dangerous" low-level primitives (such as unauthenticated encryption), so you will not be able to use AES-CBC with it.
Take a look at block-modes and aes. The latter one does support AES-NI hardware acceleration, but at the moment it can switch only at compile time, see this issue for more information.
I could require both aes-soft and aesni and then call into them depending on is_x86_feature_detected!("aes")? But I would have to force aesni to assume the aes feature is there.
Note that you would have enable not only aesni target feature, but also several SIMD-related ones, which with high probability will influence code generation in other parts of your project.