diff --git a/src/util/secsave.c b/src/util/secsave.c
index 23ea093a..10ffd326 100644
--- a/src/util/secsave.c
+++ b/src/util/secsave.c
@@ -69,9 +69,8 @@ enum secsave_errno secsave_errno = SS_ERR_NONE;
 /* Open a file for writing in a secure way. It returns a pointer to a structure
  * secure_save_info on success, or NULL on failure. */
 static struct secure_save_info *
-secure_open_umask(unsigned char *file_name, mode_t mask)
+secure_open_umask(unsigned char *file_name)
 {
-	mode_t saved_mask;
 	struct stat st;
 	struct secure_save_info *ssi;
 
@@ -144,8 +143,6 @@ secure_open_umask(unsigned char *file_name, mode_t mask)
 		}
 	}
 
-	saved_mask = umask(mask);
-
 	if (ssi->secure_save) {
 		/* We use a random name for temporary file, mkstemp() opens
 		 * the file and return a file descriptor named fd, which is
@@ -187,8 +184,6 @@ secure_open_umask(unsigned char *file_name, mode_t mask)
 		}
 	}
 
-	umask(saved_mask);
-
 	return ssi;
 
 free_file_name:
@@ -206,12 +201,20 @@ end:
 struct secure_save_info *
 secure_open(unsigned char *file_name)
 {
+	struct secure_save_info *ssi;
+	mode_t saved_mask;
 #ifdef CONFIG_OS_WIN32
 	/* There is neither S_IRWXG nor S_IRWXO under crossmingw32-gcc */
-	return secure_open_umask(file_name, 0177);
+	const mode_t mask = 0177;
 #else
-	return secure_open_umask(file_name, S_IXUSR | S_IRWXG | S_IRWXO);
+	const mode_t mask = S_IXUSR | S_IRWXG | S_IRWXO;
 #endif
+	
+	saved_mask = umask(mask);
+	ssi = secure_open_umask(file_name);
+	umask(saved_mask);
+
+	return ssi;
 }
 
 /* Close a file opened with secure_open, and return 0 on success, errno