The default RSA method calls static rsa_ossl_finish to free BN_MONT_CTX_free objects.
If neverbleed RSA method is used, this function is not called, thus these objects are leaked.
The proposed fix is tatsuhiro-t@003de52

Note that I found this memory leak when I run TLS client. I'm not sure server is also affected.

Thank for reporting the issue as well as providing a fix.

Yeah I think this would be an issue on the server-side as well, if the server discards RSA keys while running.