diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index fde0f658ee..6a1bf664a4 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -130,19 +130,29 @@ foreach my $f ( @defltfiles ) {
        "running evp_test -config $conf $f");
 }
 
+# test_errors OPTIONS
+#
+# OPTIONS may include:
+#
+# key      => "filename"        # expected to be found in $SRCDIR/test/certs
+# out      => "filename"        # file to write error strings to
+# args     => [ ... extra openssl pkey args ... ]
+# expected => regexps to match error lines against
 sub test_errors { # actually tests diagnostics of OSSL_STORE
-    my ($expected, $key, @opts) = @_;
-    my $infile = srctop_file('test', 'certs', $key);
-    my @args = qw(openssl pkey -in);
-    push(@args, $infile, @opts);
-    my $tmpfile = 'out.txt';
-    my $res = !run(app([@args], stderr => $tmpfile));
-    my $found = 0;
-    open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
-    while(<$in>) {
-        print; # this may help debugging
-        $res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
-        $found = 1 if m/$expected/; # output must include $expected
+    my %opts = @_;
+    my $infile = srctop_file('test', 'certs', $opts{key});
+    my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
+    my $res = !run(app([@args], stderr => $opts{out}));
+    my $found = !exists $opts{expected};
+    open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
+    while(my $errline = <$in>) {
+        print $errline; # this may help debugging
+
+        # output must not include ASN.1 parse errors
+        $res &&= $errline !~ m/asn1 encoding/;
+        # output must include what is expressed in $opts{$expected}
+        $found = 1
+            if exists $opts{expected} && $errline =~ m/$opts{expected}/;
     }
     close $in;
     # $tmpfile is kept to help with investigation in case of failure
@@ -152,15 +162,19 @@ sub test_errors { # actually tests diagnostics of OSSL_STORE
 SKIP: {
     skip "DSA not disabled", 2 if !disabled("dsa");
 
-    ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
-       "error loading unsupported dsa private key");
-    ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
-       "error loading unsupported dsa public key");
+    ok(test_errors(key => 'server-dsa-key.pem',
+                   out => 'server-dsa-key.err'),
+       "expected error loading unsupported dsa private key");
+    ok(test_errors(key => 'server-dsa-pubkey.pem',
+                   out => 'server-dsa-pubkey.err',
+                   args => [ '-pubin' ],
+                   expected => 'unsupported algorithm'),
+       "expected error loading unsupported dsa public key");
 }
 
 SKIP: {
-    skip "sm2 not disabled", 1 if !disabled("sm2");
+    skip "SM2 not disabled", 1 if !disabled("sm2");
 
-    ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
-       "error loading unsupported sm2 private key");
+    ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
+       "expected error loading unsupported sm2 private key");
 }