diff --git a/ChangeLog.d/mbedtls_pem_get_der.txt b/ChangeLog.d/mbedtls_pem_get_der.txt
new file mode 100644
index 000000000..b03b058dc
--- /dev/null
+++ b/ChangeLog.d/mbedtls_pem_get_der.txt
@@ -0,0 +1,2 @@
+Features
+   * Add accessor to get the raw buffer pointer from a PEM context.
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index a2b73f8cf..c75a1246a 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -27,6 +27,11 @@
 
 #include <stddef.h>
 
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
 /**
  * \name PEM Error codes
  * These error codes are returned in case of errors reading the
@@ -96,6 +101,10 @@ void mbedtls_pem_init( mbedtls_pem_context *ctx );
  *                  the decrypted text starts with an ASN.1 sequence of
  *                  appropriate length
  *
+ * \note            \c mbedtls_pem_free must be called on PEM context before
+ *                  the PEM context can be reused in another call to
+ *                  \c mbedtls_pem_read_buffer
+ *
  * \return          0 on success, or a specific PEM error code
  */
 int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
@@ -103,6 +112,25 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
                      const unsigned char *pwd,
                      size_t pwdlen, size_t *use_len );
 
+/**
+ * \brief       Get the pointer to the decoded binary data in a PEM context.
+ *
+ * \param ctx       PEM context to access.
+ * \param buflen    On success, this will contain the length of the binary data.
+ *                  This must be a valid (non-null) pointer.
+ *
+ * \return          A pointer to the decoded binary data.
+ *
+ * \note            The returned pointer remains valid only until \p ctx is
+                    modified or freed.
+ */
+static inline const unsigned char *mbedtls_pem_get_buffer( mbedtls_pem_context *ctx, size_t *buflen )
+{
+    *buflen = ctx->MBEDTLS_PRIVATE(buflen);
+    return( ctx->MBEDTLS_PRIVATE(buf) );
+}
+
+
 /**
  * \brief       PEM context memory freeing
  *
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 77546c586..59884e548 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -16,23 +16,26 @@ mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102
 PEM write (exactly two lines + 1)
 mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
 
+PEM read (unencrypted, valid)
+mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53"
+
 PEM read (DES-EDE3-CBC + invalid iv)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:""
 
 PEM read (DES-CBC + invalid iv)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:""
 
 PEM read (unknown encryption algorithm)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG:""
 
 PEM read (malformed PEM DES-CBC)
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:""
 
 PEM read (malformed PEM DES-EDE3-CBC)
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:""
 
 PEM read (malformed PEM AES-128-CBC)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
-mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:""
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 947f1fb25..bf5ac738a 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -34,18 +34,26 @@ exit:
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */
 void mbedtls_pem_read_buffer( char *header, char *footer, char *data,
-                              char *pwd, int res )
+                              char *pwd, int res, data_t *out )
 {
     mbedtls_pem_context ctx;
     int ret;
     size_t use_len = 0;
     size_t pwd_len = strlen( pwd );
+    const unsigned char *buf;
 
     mbedtls_pem_init( &ctx );
 
     ret = mbedtls_pem_read_buffer( &ctx, header, footer, (unsigned char *)data,
                 (unsigned char *)pwd, pwd_len, &use_len );
     TEST_ASSERT( ret == res );
+    if( ret != 0 )
+        goto exit;
+
+    use_len = 0;
+    buf = mbedtls_pem_get_buffer( &ctx, &use_len );
+    TEST_EQUAL( use_len, out->len );
+    TEST_ASSERT( memcmp( out->x, buf, out->len ) == 0 );
 
 exit:
     mbedtls_pem_free( &ctx );