diff --git a/src/core/base64.c b/src/core/base64.c
index 01bf46e2..05ff424f 100644
--- a/src/core/base64.c
+++ b/src/core/base64.c
@@ -33,23 +33,24 @@ static const char base64[64] =
 	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
 /**
- * Base64-encode a string
+ * Base64-encode data
  *
- * @v raw		Raw string
+ * @v raw		Raw data
+ * @v len		Length of raw data
  * @v encoded		Buffer for encoded string
  *
  * The buffer must be the correct length for the encoded string.  Use
  * something like
  *
- *     char buf[ base64_encoded_len ( strlen ( raw ) ) + 1 ];
+ *     char buf[ base64_encoded_len ( len ) + 1 ];
  *
  * (the +1 is for the terminating NUL) to provide a buffer of the
  * correct size.
  */
-void base64_encode ( const char *raw, char *encoded ) {
+void base64_encode ( const uint8_t *raw, size_t len, char *encoded ) {
 	const uint8_t *raw_bytes = ( ( const uint8_t * ) raw );
 	uint8_t *encoded_bytes = ( ( uint8_t * ) encoded );
-	size_t raw_bit_len = ( 8 * strlen ( raw ) );
+	size_t raw_bit_len = ( 8 * len );
 	unsigned int bit;
 	unsigned int tmp;
 
@@ -63,6 +64,7 @@ void base64_encode ( const char *raw, char *encoded ) {
 		*(encoded_bytes++) = '=';
 	*(encoded_bytes++) = '\0';
 
-	DBG ( "Base64-encoded \"%s\" as \"%s\"\n", raw, encoded );
-	assert ( strlen ( encoded ) == base64_encoded_len ( strlen ( raw ) ) );
+	DBG ( "Base64-encoded to \"%s\":\n", encoded );
+	DBG_HDA ( 0, raw, len );
+	assert ( strlen ( encoded ) == base64_encoded_len ( len ) );
 }
diff --git a/src/include/ipxe/base64.h b/src/include/ipxe/base64.h
index 12959415..88c91563 100644
--- a/src/include/ipxe/base64.h
+++ b/src/include/ipxe/base64.h
@@ -12,15 +12,15 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <stdint.h>
 
 /**
- * Calculate length of base64-encoded string
+ * Calculate length of base64-encoded data
  *
- * @v raw_len		Raw string length (excluding NUL)
+ * @v raw_len		Raw data length
  * @ret encoded_len	Encoded string length (excluding NUL)
  */
 static inline size_t base64_encoded_len ( size_t raw_len ) {
 	return ( ( ( raw_len + 3 - 1 ) / 3 ) * 4 );
 }
 
-extern void base64_encode ( const char *raw, char *encoded );
+extern void base64_encode ( const uint8_t *raw, size_t len, char *encoded );
 
 #endif /* _IPXE_BASE64_H */
diff --git a/src/net/tcp/http.c b/src/net/tcp/http.c
index c7027d2d..5faffe99 100644
--- a/src/net/tcp/http.c
+++ b/src/net/tcp/http.c
@@ -424,7 +424,7 @@ static void http_step ( struct process *process ) {
 	size_t user_pw_len = ( user ? ( strlen ( user ) + 1 /* ":" */ +
 					strlen ( password ) ) : 0 );
 	size_t user_pw_base64_len = base64_encoded_len ( user_pw_len );
-	char user_pw[ user_pw_len + 1 /* NUL */ ];
+	uint8_t user_pw[ user_pw_len + 1 /* NUL */ ];
 	char user_pw_base64[ user_pw_base64_len + 1 /* NUL */ ];
 	int rc;
 	int request_len = unparse_uri ( NULL, 0, http->uri,
@@ -443,11 +443,11 @@ static void http_step ( struct process *process ) {
 		/* Construct authorisation, if applicable */
 		if ( user ) {
 			/* Make "user:password" string from decoded fields */
-			snprintf ( user_pw, sizeof ( user_pw ), "%s:%s",
-				   user, password );
+			snprintf ( ( ( char * ) user_pw ), sizeof ( user_pw ),
+				   "%s:%s", user, password );
 
 			/* Base64-encode the "user:password" string */
-			base64_encode ( user_pw, user_pw_base64 );
+			base64_encode ( user_pw, user_pw_len, user_pw_base64 );
 		}
 
 		/* Send GET request */