diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index e26ca40591..db3ca71c05 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -25,6 +25,10 @@ void mbedtls_base64_encode( char *src_string, char *dst_string, int dst_buf_size
     TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result );
     TEST_CF_PUBLIC( src_str, sizeof( src_str ) );
 
+    /* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
+       CF failures by unmarking it. */
+    TEST_CF_PUBLIC( dst_str, len );
+
     if( result == 0 )
     {
         TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
@@ -67,6 +71,10 @@ void base64_encode_hex( char *src_hex, char *dst, int dst_buf_size,
     TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src, src_len ) == result );
     TEST_CF_PUBLIC( src, src_len );
 
+    /* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
+       CF failures by unmarking it. */
+    TEST_CF_PUBLIC( res, len );
+
     if( result == 0 )
     {
         TEST_ASSERT( len == strlen( dst ) );