test_suite_psa_crypto_slot_management: modify check on open key slots

This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
  mbedtls_test_helper_is_psa_leaking():
   - when CTR_DRBG does not use AES_C or PSA does not have an external
     RNG, then we allow 1 key slot (it's the one holding the AES key)
   - when the above conditions are not met, then we fallback to the
     usual check for "no open key slots remaining"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

tests/src/psa_crypto_helpers.c

@@ -70,9 +70,20 @@ const char *mbedtls_test_helper_is_psa_leaking(void)
 
     mbedtls_psa_get_stats(&stats);
 
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \
+    !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    /* When AES_C is not defined and PSA does not have an external RNG,
+     * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
+     * slot is used internally from PSA to hold the AES key and it should
+     * not be taken into account when evaluating remaining open slots. */
+    if (stats.volatile_slots > 1) {
+        return "A volatile slot has not been closed properly.";
+    }
+#else
     if (stats.volatile_slots != 0) {
         return "A volatile slot has not been closed properly.";
     }
+#endif
     if (stats.persistent_slots != 0) {
         return "A persistent slot has not been closed properly.";
     }