userauth: fix replacement of embedded with detached RSA cert.

If you specify a detached certificate, it's supposed to completely
replace any certificate that might have been embedded in the input PPK
file. But one thing wasn't working: if the key was RSA, and the server
was using new SHA-2 based RSA, and the user provided both an embedded
_and_ detached certificate, then the initial call to
ssh2_userauth_signflags would upgrade the ssh-rsa-cert-... key type to
rsa-sha2-NNN-cert-..., which ssh2_userauth_add_alg_and_publickey's
call to ssh_keyalg_related_alg would not recognise as any of the base
RSA types while trying to decide on the key algorithm string _after_
replacing the certificate.

Fixed by reverting to the the uncertified base algorithm before
calling ssh_keyalg_related_alg.

ssh/userauth2-client.c

@@ -2373,7 +2373,18 @@ static void ssh2_userauth_add_alg_and_publickey(
             ppl_logevent("Sending public key with certificate from \"%s\"",
                          filename_to_str(s->detached_cert_file));
         }
-        put_stringz(pkt, ssh_keyalg_related_alg(certalg, pkalg)->ssh_id);
+        {
+            /* Strip off any existing certificate-nature from pkalg,
+             * for the case where we're replacing a cert embedded in
+             * the key with the detached one. The second argument of
+             * ssh_keyalg_related_alg is expected to be one of the
+             * bare key algorithms, or nothing useful will happen. */
+            const ssh_keyalg *pkalg_base =
+                pkalg->base_alg ? pkalg->base_alg : pkalg;
+            const ssh_keyalg *output_alg =
+                ssh_keyalg_related_alg(certalg, pkalg_base);
+            put_stringz(pkt, output_alg->ssh_id);
+        }
         put_stringpl(pkt, ptrlen_from_strbuf(s->detached_cert_blob));
         done = true;
         goto out;