diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index ec10033462..be9b6e8c3e 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -26,6 +26,10 @@ void mbedtls_base64_encode( char * src_string, char * dst_string,
     TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result );
     TEST_CF_PUBLIC( src_str, sizeof( src_str ) );
 
+    /* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
+       CF failures by unmarking it. */
+    TEST_CF_PUBLIC( dst_str, len );
+
     if( result == 0 )
     {
         TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
@@ -67,6 +71,10 @@ void base64_encode_hex( data_t * src, char * dst, int dst_buf_size,
     TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
     TEST_CF_PUBLIC( src->x, src->len );
 
+    /* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
+       CF failures by unmarking it. */
+    TEST_CF_PUBLIC( res, len );
+
     if( result == 0 )
     {
         TEST_ASSERT( len == strlen( dst ) );