From 7b43ea0d2f4b3a76bb054d6083a894d422ffac3f Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@gmail.com>
Date: Fri, 29 Nov 2024 10:34:15 -0600
Subject: [PATCH] X509: algorithmidentifier parameters could get incorrectly
 set

---
 phpseclib/File/X509.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php
index 877c5e49..00504f15 100644
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@@ -519,11 +519,6 @@ class X509
                 );
         }
 
-        if ($algorithm == 'rsaEncryption') {
-            $cert['signatureAlgorithm']['parameters'] = null;
-            $cert['tbsCertificate']['signature']['parameters'] = null;
-        }
-
         $filters = [];
         $type_utf8_string = ['type' => ASN1::TYPE_UTF8_STRING];
         $filters['tbsCertificate']['signature']['parameters'] = $type_utf8_string;
@@ -2994,7 +2989,10 @@ class X509
                 case 'sha256':
                 case 'sha384':
                 case 'sha512':
-                    return ['algorithm' => $key->getHash() . 'WithRSAEncryption'];
+                    return [
+                        'algorithm' => $key->getHash() . 'WithRSAEncryption',
+                        'parameters' => null
+                    ];
             }
             throw new UnsupportedAlgorithmException('The only supported hash algorithms for RSA are: md2, md5, sha1, sha224, sha256, sha384, sha512');
         }