Index: Makefile.inc1
===================================================================
--- Makefile.inc1
+++ Makefile.inc1
@@ -2787,8 +2787,8 @@
 # static libgcc.a prerequisite for shared libc
 #
 _prereq_libs= lib/libcompiler_rt
-.if ${MK_SSP} != "no"
-_prereq_libs+= gnu/lib/libssp/libssp_nonshared
+.if ${MK_SSP_SUPPORT} != "no"
+_prereq_libs+= lib/libssp_nonshared
 .endif
 
 # These dependencies are not automatically generated:
Index: ObsoleteFiles.inc
===================================================================
--- ObsoleteFiles.inc
+++ ObsoleteFiles.inc
@@ -36,6 +36,15 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 20191228: gcc libssp removed
+OLD_LIBS+=lib/libssp.so.0
+OLD_FILES+=usr/include/ssp/ssp.h
+OLD_FILES+=usr/include/ssp/stdio.h
+OLD_FILES+=usr/include/ssp/string.h
+OLD_FILES+=usr/include/ssp/unistd.h
+OLD_DIRS+=usr/include/ssp
+OLD_LIBS+=usr/lib32/libssp.so.0
+
 # 20191222: new clang import which bumps version from 9.0.0 to 9.0.1.
 OLD_FILES+=usr/lib/clang/9.0.0/include/cuda_wrappers/algorithm
 OLD_FILES+=usr/lib/clang/9.0.0/include/cuda_wrappers/complex
Index: gnu/lib/Makefile
===================================================================
--- gnu/lib/Makefile
+++ gnu/lib/Makefile
@@ -8,7 +8,6 @@
 .if ${MK_GCC} != "no" && ${MK_OPENMP} == "no"
 SUBDIR+=		libgomp
 .endif
-SUBDIR.${MK_SSP}+=	libssp
 SUBDIR.${MK_TESTS}+=	tests
 
 .if ${MK_BSD_CRTBEGIN} == "no"
Index: lib/Makefile
===================================================================
--- lib/Makefile
+++ lib/Makefile
@@ -11,6 +11,7 @@
 SUBDIR_BOOTSTRAP= \
 	csu \
 	.WAIT \
+	${_libssp} \
 	libc \
 	libc_nonshared \
 	libcompiler_rt \
@@ -212,6 +213,13 @@
 SUBDIR.${MK_VERIEXEC}+=	libveriexec
 SUBDIR.${MK_ZFS}+=	libbe
 
+.if ${MK_SSP_SUPPORT} != "no"
+_libssp= \
+	libssp \
+	libssp_nonshared \
+	.WAIT
+.endif
+
 .if !make(install)
 SUBDIR_PARALLEL=
 .endif
Index: lib/libc/Makefile
===================================================================
--- lib/libc/Makefile
+++ lib/libc/Makefile
@@ -31,7 +31,7 @@
 
 LIB=c
 SHLIB_MAJOR= 7
-.if ${MK_SSP} != "no"
+.if ${MK_SSP_SUPPORT} != "no"
 SHLIB_LDSCRIPT=libc.ldscript
 .else
 SHLIB_LDSCRIPT=libc_nossp.ldscript
@@ -59,7 +59,7 @@
 LDFLAGS+= -nodefaultlibs
 LIBADD+=	compiler_rt
 
-.if ${MK_SSP} != "no"
+.if ${MK_SSP_SUPPORT} != "no"
 LIBADD+=	ssp_nonshared
 .endif
 
Index: lib/libc/secure/stack_protector.c
===================================================================
--- lib/libc/secure/stack_protector.c
+++ lib/libc/secure/stack_protector.c
@@ -58,6 +58,7 @@
     __attribute__((__constructor__, __used__));
 #endif
 
+extern long __stack_chk_guard[8];
 extern int __sysctl(const int *name, u_int namelen, void *oldp,
     size_t *oldlenp, void *newp, size_t newlen);
 
@@ -73,8 +74,8 @@
 {
 	static const int mib[2] = { CTL_KERN, KERN_ARND };
 	volatile long tmp_stack_chk_guard[nitems(__stack_chk_guard)];
-	size_t len;
-	int error, idx;
+	size_t idx, len;
+	int error;
 
 	if (__stack_chk_guard[0] != 0)
 		return;
@@ -84,7 +85,8 @@
 	 * data into a temporal array, then do manual volatile copy to
 	 * not allow optimizer to call memcpy() behind us.
 	 */
-	error = _elf_aux_info(AT_CANARY, (void *)tmp_stack_chk_guard,
+	error = _elf_aux_info(AT_CANARY,
+	    __DEQUALIFY(void *, tmp_stack_chk_guard),
 	    sizeof(tmp_stack_chk_guard));
 	if (error == 0 && tmp_stack_chk_guard[0] != 0) {
 		for (idx = 0; idx < nitems(__stack_chk_guard); idx++) {
Index: lib/libc/tests/Makefile
===================================================================
--- lib/libc/tests/Makefile
+++ lib/libc/tests/Makefile
@@ -34,7 +34,7 @@
 TESTS_SUBDIRS+=	locale
 .endif
 
-.if ${MK_SSP} != "no"
+.if ${MK_SSP_SUPPORT} != "no"
 TESTS_SUBDIRS+=	ssp
 .endif
 
Index: lib/libssp/Makefile
===================================================================
--- /dev/null
+++ lib/libssp/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+PACKAGE=	clibs
+SHLIBDIR?=	/lib
+SHLIB=		ssp
+SHLIB_MAJOR=	1
+
+VERSION_DEF=	${.CURDIR}/Versions.def
+SYMBOL_MAPS=	${.CURDIR}/Symbol.map
+
+.PATH: ${SRCTOP}/lib/libc/secure
+CFLAGS+=	-I${SRCTOP}/lib/libc/include -DIN_LIBSSP
+SRCS=		stack_protector.c fortify_stubs.c
+
+CFLAGS.fortify_stubs.c=	-Wno-unused-parameter
+
+.include <bsd.lib.mk>
Index: lib/libssp/Symbol.map
===================================================================
--- /dev/null
+++ lib/libssp/Symbol.map
@@ -0,0 +1,22 @@
+/*
+ * $FreeBSD$
+ */
+
+LIBSSP_1.0 {
+	__chk_fail;
+	__stack_chk_fail;
+	__stack_chk_guard;
+
+	/* Currently unsupported: _FORTIFY_SOURCE symbols. */
+	__memcpy_chk;
+	__memset_chk;
+	__snprintf_chk;
+	__sprintf_chk;
+	__stpcpy_chk;
+	__strcat_chk;
+	__strcpy_chk;
+	__strncat_chk;
+	__strncpy_chk;
+	__vsnprintf_chk;
+	__vsprintf_chk;
+};
Index: lib/libssp/Versions.def
===================================================================
--- /dev/null
+++ lib/libssp/Versions.def
@@ -0,0 +1,4 @@
+# $FreeBSD$
+
+LIBSSP_1.0 {
+};
Index: lib/libssp/fortify_stubs.c
===================================================================
--- /dev/null
+++ lib/libssp/fortify_stubs.c
@@ -0,0 +1,134 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2019 Kyle Evans <kevans@FreeBSD.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdlib.h>
+
+/* Signatures grabbed from LSB Core Specification 4.1 */
+void	*__memcpy_chk(void *dst, const void *src, size_t len,
+    size_t dstlen);
+void	*__memset_chk(void *dst, int c, size_t len, size_t dstlen);
+int	__snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen,
+    const char *fmt);
+int	__sprintf_chk(char *str, int flag, size_t strlen, const char *fmt);
+char	*__stpcpy_chk(char *dst, const char *src, size_t dstlen);
+char	*__strcat_chk(char *dst, const char *src, size_t dstlen);
+char	*__strcpy_chk(char *dst, const char *src, size_t dstlen);
+char	*__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen);
+char	*__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen);
+int	__vsnprintf_chk(char *str, size_t size, const char *format,
+    va_list ap);
+int	__vsprintf_chk(char *str, int flag, size_t slen, const char *format,
+    va_list ap);
+
+#define	ABORT()	abort2("_FORTIFY_SOURCE not supported", 0, NULL)
+
+void *
+__memcpy_chk(void *dst, const void *src, size_t len,
+    size_t dstlen)
+{
+
+	ABORT();
+}
+
+void *
+__memset_chk(void *dst, int c, size_t len, size_t dstlen)
+{
+
+	ABORT();
+}
+
+int
+__snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen,
+    const char *fmt)
+{
+
+	ABORT();
+}
+
+int
+__sprintf_chk(char *str, int flag, size_t strlen, const char *fmt)
+{
+
+	ABORT();
+}
+
+char *
+__stpcpy_chk(char *dst, const char *src, size_t dstlen)
+{
+
+	ABORT();
+}
+
+char *
+__strcat_chk(char *dst, const char *src, size_t dstlen)
+{
+
+	ABORT();
+}
+
+char *
+__strcpy_chk(char *dst, const char *src, size_t dstlen)
+{
+
+	ABORT();
+}
+
+char *
+__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen)
+{
+
+	ABORT();
+}
+
+char *
+__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen)
+{
+
+	ABORT();
+}
+
+int
+__vsnprintf_chk(char *str, size_t size, const char *format,
+    va_list ap)
+{
+
+	ABORT();
+}
+
+int
+__vsprintf_chk(char *str, int flag, size_t slen, const char *format,
+    va_list ap)
+{
+
+	ABORT();
+}
Index: lib/libssp_nonshared/Makefile
===================================================================
--- /dev/null
+++ lib/libssp_nonshared/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+PACKAGE=	clibs
+LIB=		ssp_nonshared
+NO_PIC=
+MK_PROFILE=	no
+
+SRCS=		libssp_nonshared.c
+
+.include <bsd.lib.mk>
Index: lib/libssp_nonshared/libssp_nonshared.c
===================================================================
--- /dev/null
+++ lib/libssp_nonshared/libssp_nonshared.c
@@ -0,0 +1,17 @@
+/*
+ * Written by Alexander Kabaev <kan@FreeBSD.org>
+ * The file is in public domain.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+void __stack_chk_fail(void);
+void __stack_chk_fail_local(void);
+
+void __hidden
+__stack_chk_fail_local(void)
+{
+
+	__stack_chk_fail();
+}
Index: share/mk/local.dirdeps.mk
===================================================================
--- share/mk/local.dirdeps.mk
+++ share/mk/local.dirdeps.mk
@@ -74,8 +74,8 @@
 # this is how we can handle optional dependencies
 .if ${DEP_RELDIR} == "lib/libc"
 DIRDEPS += lib/libc_nonshared
-.if ${MK_SSP:Uno} != "no" 
-DIRDEPS += gnu/lib/libssp/libssp_nonshared
+.if ${MK_SSP_SUPPORT:Uno} != "no"
+DIRDEPS += lib/libssp_nonshared
 .endif
 .else
 DIRDEPS_FILTER.xtras+= Nlib/libc_nonshared
Index: share/mk/local.gendirdeps.mk
===================================================================
--- share/mk/local.gendirdeps.mk
+++ share/mk/local.gendirdeps.mk
@@ -7,7 +7,7 @@
 # local.dirdeps.mk will put them in if necessary
 GENDIRDEPS_FILTER+= \
 	Nbin/cat.host \
-	Ngnu/lib/libssp/libssp_nonshared \
+	Nlib/libssp_nonshared \
 	Ncddl/usr.bin/ctf* \
 	Nlib/libc_nonshared \
 	Ngnu/lib/csu \
Index: share/mk/src.libnames.mk
===================================================================
--- share/mk/src.libnames.mk
+++ share/mk/src.libnames.mk
@@ -344,7 +344,7 @@
 # The libc dependencies are not strictly needed but are defined to make the
 # assert happy.
 _DP_c=		compiler_rt
-.if ${MK_SSP} != "no"
+.if ${MK_SSP_SUPPORT} != "no"
 _DP_c+=		ssp_nonshared
 .endif
 _DP_stats=	sbuf pthread
@@ -566,8 +566,8 @@
 LIBGCOVDIR=	${OBJTOP}/gnu/lib/libgcov
 LIBGOMPDIR=	${OBJTOP}/gnu/lib/libgomp
 LIBGNUREGEXDIR=	${OBJTOP}/gnu/lib/libregex
-LIBSSPDIR=	${OBJTOP}/gnu/lib/libssp
-LIBSSP_NONSHAREDDIR=	${OBJTOP}/gnu/lib/libssp/libssp_nonshared
+LIBSSPDIR=	${OBJTOP}/lib/libssp
+LIBSSP_NONSHAREDDIR=	${OBJTOP}/lib/libssp_nonshared
 LIBSUPCPLUSPLUSDIR=	${OBJTOP}/gnu/lib/libsupc++
 LIBASN1DIR=	${OBJTOP}/kerberos5/lib/libasn1
 LIBGSSAPI_KRB5DIR=	${OBJTOP}/kerberos5/lib/libgssapi_krb5
Index: share/mk/src.opts.mk
===================================================================
--- share/mk/src.opts.mk
+++ share/mk/src.opts.mk
@@ -170,6 +170,7 @@
     SOURCELESS \
     SOURCELESS_HOST \
     SOURCELESS_UCODE \
+    SSP_SUPPORT \
     STATS \
     SVNLITE \
     SYSCONS \
@@ -358,7 +359,7 @@
 BROKEN_OPTIONS+=LIBSOFT
 .endif
 .if ${__T:Mmips*}
-BROKEN_OPTIONS+=SSP
+BROKEN_OPTIONS+=SSP_SUPPORT
 .endif
 # EFI doesn't exist on mips, powerpc, sparc or riscv.
 .if ${__T:Mmips*} || ${__T:Mpowerpc*} || ${__T:Msparc64} || ${__T:Mriscv*}
@@ -527,6 +528,10 @@
 MK_FREEBSD_UPDATE:=	no
 .endif
 
+.if ${MK_SSP_SUPPORT} == "no"
+MK_SSP:=	no
+.endif
+
 .if ${MK_TESTS} == "no"
 MK_DTRACE_TESTS:= no
 .endif
Index: tools/build/mk/OptionalObsoleteFiles.inc
===================================================================
--- tools/build/mk/OptionalObsoleteFiles.inc
+++ tools/build/mk/OptionalObsoleteFiles.inc
@@ -8646,18 +8646,14 @@
 OLD_DIRS+=usr/share/doc/pjdfstest
 .endif
 
-.if ${MK_SSP} == no
-OLD_LIBS+=lib/libssp.so.0
-OLD_FILES+=usr/include/ssp/ssp.h
-OLD_FILES+=usr/include/ssp/stdio.h
-OLD_FILES+=usr/include/ssp/string.h
-OLD_FILES+=usr/include/ssp/unistd.h
+.if ${MK_SSP_SUPPORT} == no
+OLD_LIBS+=lib/libssp.so.1
 OLD_FILES+=usr/lib/libssp.a
 OLD_FILES+=usr/lib/libssp.so
 OLD_FILES+=usr/lib/libssp_nonshared.a
 OLD_FILES+=usr/lib32/libssp.a
 OLD_FILES+=usr/lib32/libssp.so
-OLD_LIBS+=usr/lib32/libssp.so.0
+OLD_LIBS+=usr/lib32/libssp.so.1
 OLD_FILES+=usr/lib32/libssp_nonshared.a
 OLD_FILES+=usr/tests/lib/libc/ssp/Kyuafile
 OLD_FILES+=usr/tests/lib/libc/ssp/h_fgets
Index: tools/build/options/WITHOUT_SSP_SUPPORT
===================================================================
--- /dev/null
+++ tools/build/options/WITHOUT_SSP_SUPPORT
@@ -0,0 +1,2 @@
+.\" $FreeBSD$
+Set to build neither libssp nor libssp_nonshared.
Index: tools/build/options/WITH_SSP_SUPPORT
===================================================================
--- /dev/null
+++ tools/build/options/WITH_SSP_SUPPORT
@@ -0,0 +1,2 @@
+.\" $FreeBSD$
+Set to build libssp and libssp_nonshared.