add codespell pre-commit check and fix found misspellings

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from openssl#28436)

Author: quarckster

.codespellrc

@@ -0,0 +1,9 @@
+ci:
+  autofix_prs: false
+repos:
+  - repo: "https://github.com/codespell-project/codespell"
+    rev: "v2.4.1"
+    hooks:
+      - id: "codespell"
+        args: ["--config=.codespellrc", "."]
+        pass_filenames: false

.pre-commit-config.yaml

@@ -772,7 +772,7 @@ static int add_object(const ASN1_OBJECT *obj, int indirect)
 
     /*
      * Indirect calls leave the NID unspecified, in which case we generate a
-     * fresh NID here.  Direct calls via `OBJ_add_object()` must explicity
+     * fresh NID here.  Direct calls via `OBJ_add_object()` must explicitly
      * specify the nid, and we then also check against the compile-time bsearch
      * lists that the indirect calls have checked while holding a read lock.
      */

.pre-commit-config.yml

@@ -19,7 +19,7 @@ and the private key I<priv>.
 Each of the different key types has an associated security category.
 This value is one of 2, 3 or 5 for key types B<ML-DSA-44>, B<ML-DSA-65>
 and B<ML-DSA-87> respectively, which correspond to security strengths of
-128, 192 and 256 repsectively.
+128, 192 and 256 respectively.
 
 =head2 Keygen Parameters
 

crypto/objects/obj_dat.c

@@ -110,7 +110,7 @@ configuration options programmatically.
 
 =item C<ml-kem.import_pct_type> (B<OSSL_PKEY_PARAM_ML_KEM_IMPORT_PCT_TYPE>) <UTF8 string>
 
-When an B<ML-KEM> key is imported as an explict FIPS 203 B<dk> decapsulation
+When an B<ML-KEM> key is imported as an explicit FIPS 203 B<dk> decapsulation
 key, rather than a seed, a pairwise consistency test (PCT) is optionally
 performed.
 By default, or when this parameter is set explicitly to C<random>, the PCT

doc/man7/EVP_PKEY-ML-DSA.pod

@@ -17,7 +17,7 @@ L<FIPS 204|https://csrc.nist.gov/pubs/fips/204/final> Section 4 Table 1.
 (The signatures range in size from ~2.5K to ~4.5K depending on the type chosen).
 There are 3 different security categories also depending on the type.
 
-L<EVP_SIGNATURE_fetch(3)> can be used to explicitely fetch one of the 3
+L<EVP_SIGNATURE_fetch(3)> can be used to explicitly fetch one of the 3
 algorithms which can then be used with L<EVP_PKEY_sign_message_init(3)>,
 L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify_message_init(3)>, and
 L<EVP_PKEY_verify(3)> to perform one-shot message signing or signature verification.
@@ -87,7 +87,7 @@ See L<EVP_PKEY-ML-DSA(7)> for information related to B<ML-DSA> keys.
 
 =head1 NOTES
 
-For backwards compatability reasons EVP_DigestSignInit_ex(), EVP_DigestSign(),
+For backwards compatibility reasons EVP_DigestSignInit_ex(), EVP_DigestSign(),
 EVP_DigestVerifyInit_ex() and EVP_DigestVerify() may also be used, but the digest
 passed in I<mdname> must be NULL.
 

doc/man7/EVP_PKEY-ML-KEM.pod

@@ -28,7 +28,7 @@ C<s> types have smaller signature sizes, and the C<f> variants are faster,
 (The signatures range from ~8K to ~50K depending on the type chosen). There are
 3 different security categories also depending on the type.
 
-L<EVP_SIGNATURE_fetch(3)> can be used to explicitely fetch one of the 12
+L<EVP_SIGNATURE_fetch(3)> can be used to explicitly fetch one of the 12
 algorithms which can then be used with L<EVP_PKEY_sign_message_init(3)>,
 L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify_message_init(3)>, and
 L<EVP_PKEY_verify(3)> to perform one-shot message signing or verification.
@@ -38,7 +38,7 @@ encodes the message internally as 0x00 || len(ctx) || ctx || message.
 where B<ctx> is some optional value of size 0x00..0xFF.
 OpenSSL also allows the message to not be encoded which is required for
 testing. OpenSSL does not support Pre Hash SLH-DSA Signature Generation, but this
-may be done by the user by doing Pre hash encoding externally and then chosing
+may be done by the user by doing Pre hash encoding externally and then choosing
 the option to not encode the message.
 
 =head2 SLH-DSA Signature Parameters

doc/man7/EVP_SIGNATURE-ML-DSA.pod

@@ -196,7 +196,7 @@ Specifying this flag configures the Single-Threaded Concurrency Model (SCM).
 
 =item B<SSL_DOMAIN_FLAG_MULTI_THREAD>
 
-Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless
+Specifying this flag configures the Contentive Concurrency Model (CCM) (unless
 B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> is also specified).
 
 =item B<SSL_DOMAIN_FLAG_THREAD_ASSISTED>

doc/man7/EVP_SIGNATURE-SLH-DSA.pod

@@ -566,7 +566,7 @@ L<SSL_accept_connection(3)>.
 
 =item L<SSL_accept_connection(3)>
 
-Accepts a new incoming connection for a listner SSL object. A new SSL object
+Accepts a new incoming connection for a listener SSL object. A new SSL object
 representing the accepted connection is created and returned on success. If no
 incoming connection is available and the listener SSL object is configured in
 nonblocking mode, NULL is returned.