diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index cd64dc7adf..0b8c221946 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -34,7 +34,6 @@
 #define PSA_DONE()                                                      \
     do                                                                  \
     {                                                                   \
-        mbedtls_psa_random_free();                                      \
         mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__);           \
         mbedtls_test_psa_purge_key_storage();                           \
         mbedtls_psa_crypto_free();                                      \
@@ -126,21 +125,17 @@ const char *mbedtls_test_helper_is_psa_leaking(void);
 
 /** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
  * Expect a clean shutdown, with no slots in use.
- * mbedtls_psa_random_free() is called before any check for remaining open
- * keys because when AES_C is not defined, CTR_DRBG relies on PSA to perform
- * AES-ECB so it holds an open AES key for that since psa_crypto_init().
  *
  * If some key slots are still in use, record the test case as failed and
  * jump to the `exit` label.
  */
 #define PSA_SESSION_DONE()                                             \
-    do                                                                 \
-    {                                                                  \
-        mbedtls_psa_random_free();                                     \
+    do                                                                  \
+    {                                                                   \
         mbedtls_test_psa_purge_key_cache();                            \
         ASSERT_PSA_PRISTINE();                                         \
         mbedtls_psa_crypto_free();                                     \
-    }                                                                  \
+    }                                                                   \
     while (0)
 
 
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index d59a8f8721..e1ea2b5c81 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -70,9 +70,20 @@ const char *mbedtls_test_helper_is_psa_leaking(void)
 
     mbedtls_psa_get_stats(&stats);
 
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \
+    !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    /* When AES_C is not defined and PSA does not have an external RNG,
+     * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
+     * slot is used internally from PSA to hold the AES key and it should
+     * not be taken into account when evaluating remaining open slots. */
+    if (stats.volatile_slots > 1) {
+        return "A volatile slot has not been closed properly.";
+    }
+#else
     if (stats.volatile_slots != 0) {
         return "A volatile slot has not been closed properly.";
     }
+#endif
     if (stats.persistent_slots != 0) {
         return "A persistent slot has not been closed properly.";
     }
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 2137aba227..cc530e22c2 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -90,10 +90,10 @@ static int invalidate_psa(invalidate_method_t invalidate_method)
             break;
     }
 
-    /* When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB so it
-     * holds an open key once psa_crypto_init() is called. */
-    ASSERT_PSA_PRISTINE();
     PSA_ASSERT(psa_crypto_init());
+
+    ASSERT_PSA_PRISTINE();
+
     return 1;
 
 exit: