corrupt chacha20-poly1305 MAC when built with OpenSSL 3.x

At GitHub, we have a libssh-based server that fails by sending corrupt SSH2_MSG_EXT_INFO messages during key exchange when compiled against openssl 3.x. I've reproduced this with a lightly modified libssh master (70d3760d) linked against openssl libcrypto 3.x (including the openssl-3.0.0 and openssl-3.0.1 tags, as well as openssl master). The client is openssh, tested with multiple versions.

The client failure looks like:

Bad packet length 1666186249.
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 22: Connection corrupted

Dumping packet contents shows that the packet length is garbage because the client is decrypting an all-zeroes ciphertext.

On the server, this call to EVP_PKEY_CTX_ctrl is failing, specifically here, when lookup_evp_pkey_ctx_translation returns a NULL translation.