Since specifying the provider wasn't working properly, I had to skip the JCE API and call out to BouncyCastle directly. Following the 1.34 javadoc, I wrote some code like this:
byte clearBytes = myString.getBytes("UTF8");
org.bouncycastle.crypto.digests.MD5Digest md5Digest = new MD5Digest();
byte hashedBytes = new byte;
That's pretty much it. You can then use something like Jakarta Commons Codec's Base64 to encode into a printable String.
byte base64Bytes = org.apache.commons.codec.binary.Base64.encodeBase64(hashedBytes);
String displayableHashValue = new String(base64Bytes, "UTF8");
Of course this method has its drawbacks: specifically that if you ever want to use a provider other than BouncyCastle, it involves code changes. But this was the fasted way to get the system running without error. And the likelihood of us ever replacing BouncyCastle is small enough that I can live with code changes.