Usually you do not want (or are technically blocked) to retrieve the private key from the smart card. Since this is a kind of smart card point, it is a bit cryptographic memory and a connected processor that never disclose your private key.
So, instead, you need to ask the chip card to make a nice signing for you.
OpenSSL can do this, but you need to know how to talk to the chip card. This is usually done using the "engine". Most often, pkcs # 11 # 15 is used for this - along with a driver for chip cards (readers).
Usually you need to get the slot and key identifiers:
# Extracting slot, auth ids and key id for later use/reference
Then you can do "things" on the map:
/usr/bin/openssl << EOM engine dynamic -pre SO_PATH:/Library/OpenSC/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so XXX -engine pkcs11 -b-key slot_$SLOT-id_$KID -keyform engine .... EOM
One such thing might be signing pkcs7. From the code - pretty much do the same thing. I usually use the app / util stuf application from the openssl it apps directory to make life a little easier.