diff --git a/ChangeLog b/ChangeLog
index 57d121be6227195e764141f7512502e4e48c227b..6626c6eac2c2efc63b74a7a34fe8ff196f4d7d5c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2020-10-29  Niels Möller  <nisse@lysator.liu.se>
+
+	* blowfish.c (blowfish_set_key): Add casts to uint32_t. Avoids
+	undefined behavior, since shifting an 8-bit value left by 24 bits
+	overflows the range of signed int. Reported by Guido Vranken.
+
 2020-10-28  Niels Möller  <nisse@lysator.liu.se>
 
 	* gmp-glue.h (cnd_add_n, cnd_sub_n, cnd_swap): Deleted, use
diff --git a/blowfish.c b/blowfish.c
index e73caffe487d2bbbf6f3206229bc1ea79649244e..3d546694fe4dd16d21451a8b09bfb71a88995aa2 100644
--- a/blowfish.c
+++ b/blowfish.c
@@ -385,8 +385,10 @@ blowfish_set_key (struct blowfish_ctx *ctx,
 
   for (i = j = 0; i < _BLOWFISH_ROUNDS + 2; i++)
     {
-      data = (key[j] << 24) | (key[(j+1) % length] << 16)
-	| (key[(j+2) % length] << 8) | key[(j+3) % length];
+      data = ((uint32_t) key[j] << 24)
+	| ((uint32_t) key[(j+1) % length] << 16)
+	| ((uint32_t) key[(j+2) % length] << 8)
+	| (uint32_t) key[(j+3) % length];
       ctx->p[i] ^= data;
       j = (j + 4) % length;
     }