return &HTTPRangeSpec{Start: start, End: end}
}

// Returns the compressed offset which should be skipped.
// If encrypted offsets are adjusted for encrypted block headers/trailers.
// Since de-compression is after decryption encryption overhead is only added to compressedOffset.

				writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
				return
			}
		}
		// Set this for multipart only operations, we need to differentiate during
		// decryption if the file was actually multipart or not.
		encMetadata[ReservedMetadataPrefix+"Encrypted-Multipart"] = ""
	}

	// Extract metadata that needs to be saved.
	metadata, err := extractMetadataFromReq(ctx, r)

     * Decrypt a message using the session's encryption context
     *
     * @param encryptedMessage the encrypted message with transform header
     * @return decrypted message
     * @throws CIFSException if decryption fails or encryption is not enabled
     */
    public byte[] decryptMessage(byte[] encryptedMessage) throws CIFSException {
        if (this.encryptionContext == null) {

        } else {
            throw new SmbUnsupportedOperationException("SMB3 required for encryption, negotiated: " + dialect);
        }

        try {
            // Derive encryption and decryption keys using SMB3 KDF
            final int dialectInt = dialect.getDialect();
            final byte[] encryptionKey = Smb3KeyDerivation.deriveEncryptionKey(dialectInt, sessionKey, preauthHash);

				rinfo.ReplicationAction = rAction
				rinfo.ReplicationStatus = replication.Completed
			}
			return rinfo
		}
	} else {
		// SSEC objects will refuse HeadObject without the decryption key.
		// Ignore the error, since we know the object exists and versioning prevents overwriting existing versions.
		if isSSEC && strings.Contains(cerr.Error(), errorCodes[ErrSSEEncryptedObject].Description) {

## Changelog since v1.32.3

## Changes by Kind

### Bug or Regression

- Fix a bug where kube-apiserver could emit an further watch even even if decryption failed for earlier event and it was not emitted. ([#131159](https://github.com/kubernetes/kubernetes/pull/131159), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Etcd]

- kubeadm now includes the ability to specify certificate encryption and decryption keys for the upload and download certificate phases as part of the new v1beta2 kubeadm config format. ([#77012](https://github.com/kubernetes/kubernetes/pull/77012), [@rosti](https://github.com/rosti))

R13, ZR CSELW NE, R14, R13, R13 // Fake modulo SUBS $1, R8 VMOV V2.S[0], R0 EORW R0, R4 EORW R4, R5 EORW R5, R6 EORW R6, R7 STPW.P (R4, R5), 8(R10) STPW.P (R6, R7), 8(R10) BNE ks128Loop CBZ R11, ksDone // If dec is nil we are done SUB $176, R10 // Decryption keys are encryption keys with InverseMixColumns applied VLD1.P 64(R10), [V0.B16, V1.B16, V2.B16, V3.B16] VMOV V0.B16, V7.B16 AESIMC V1.B16, V6.B16 AESIMC V2.B16, V5.B16 AESIMC V3.B16, V4.B16 VLD1.P 64(R10), [V0.B16, V1.B16, V2.B16, V3.B16] AESIMC...

R13, ZR CSELW NE, R14, R13, R13 // Fake modulo SUBS $1, R8 VMOV V2.S[0], R0 EORW R0, R4 EORW R4, R5 EORW R5, R6 EORW R6, R7 STPW.P (R4, R5), 8(R10) STPW.P (R6, R7), 8(R10) BNE ks128Loop CBZ R11, ksDone // If dec is nil we are done SUB $176, R10 // Decryption keys are encryption keys with InverseMixColumns applied VLD1.P 64(R10), [V0.B16, V1.B16, V2.B16, V3.B16] VMOV V0.B16, V7.B16 AESIMC V1.B16, V6.B16 AESIMC V2.B16, V5.B16 AESIMC V3.B16, V4.B16 VLD1.P 64(R10), [V0.B16, V1.B16, V2.B16, V3.B16] AESIMC...

## Changelog since v1.30.11

## Changes by Kind

### Bug or Regression

- Fix a bug where kube-apiserver could emit an further watch even even if decryption failed for earlier event and it was not emitted. ([#131161](https://github.com/kubernetes/kubernetes/pull/131161), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery]